Category Archive
Social Engineering
13 reports · All intelligence
Bulwark Black cyber threat intelligence filed under Social Engineering.
Ghost Phishing Shows Why Email Security Must Follow the Browser
Ghost phishing hides the real lure until the browser renders it. Here is what SMBs and government contractors should do to defend Microsoft 365 identities.
ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane
Cisco Talos uncovered ARToken, an EvilTokens-linked phishing-as-a-service panel built around Microsoft 365 token theft, device-code phishing, mailbox access, SharePoint operations, and BEC automation. The practical lesson: treat identity tokens, inbox rules, and cloud collaborati
SmartApeSG Okendo Compromise Shows Third-Party Widgets Are Supply-Chain Risk
Zscaler ThreatLabz reported that SmartApeSG injected malicious JavaScript into the Okendo Reviews widget, creating downstream exposure across e-commerce sites. Here is what SMBs and government contractors should do about third-party browser code risk.
Maine Breach Portal Hoax Shows Disclosure Systems Need Verification Controls
Maine took its public breach notification database offline after fake disclosures were published. The lesson for SMBs and government contractors: public trust workflows need verification, moderation, and correction controls.
Pink Extortion Shows Microsoft 365 Defense Starts With Vishing Controls
Unit 42 is tracking Pink / CL-CRI-1147, a Com-affiliated extortion brand using vishing, credential theft, and Microsoft 365 data exfiltration. Here is what SMBs and government contractors should lock down now.
Error 524 Smishing Shows Why Fraud Infrastructure Needs CTI
Group-IB documented a global smishing operation using fake error pages, geofencing, and encrypted WebSocket exfiltration. Here is what SMBs and government contractors should take from it.
Chinese-Language PhaaS Shows MFA Bypass Is Becoming Real-Time Fraud
Google’s reporting on Chinese-language phishing-as-a-service shows why MFA bypass, real-time OTP interception, and digital wallet fraud require phishing-resistant authentication and session monitoring.
Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here
A fake OpenAI Privacy Filter repository on Hugging Face delivered Windows infostealer malware. Here is what SMB and gov-contractor defenders should take from it.
DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign
A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat af
LeakNet Ransomware Scales Operations with ClickFix Lures and Stealthy Deno-Based Fileless Loader
The LeakNet ransomware group is rapidly scaling its operations with two dangerous innovations: a social engineering technique called ClickFix and a previously unreported fileless loader built on the legitimate Deno JavaScript runtime. According to ReliaQuest research, LeakNet has
Physical Mail Phishing Targets Trezor and Ledger Users: Attackers Use QR Codes to Steal Recovery Phrases
A new phishing campaign is targeting cryptocurrency hardware wallet users through an unusual vector: physical mail. Threat actors are sending fake letters impersonating Trezor and Ledger security teams, attempting to trick users into surrendering their wallet recovery phrases. Th
Betterment Data Breach Exposes 1.4 Million Customers Following Sophisticated Social Engineering Attack
Automated investment platform Betterment has disclosed a significant data breach affecting approximately 1.4 million customers, following a sophisticated social engineering campaign that targeted company employees in January 2026. Attack Overview According to Betterment’s officia
I Got In Without A Badge Easy!? Social Engineering Strategies.
People assume social engineering is all charm and quick thinking. But real operators know the truth:Preparation is the payload.Execution is just the final click. This is how I walked into a secured corporate building twice without a badge, without clearance, and without triggerin