Skip to content
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Category Archive

Social Engineering

13 reports · All intelligence

Bulwark Black cyber threat intelligence filed under Social Engineering.

Cyber Security Blog
Ghost Phishing Shows Why Email Security Must Follow the Browser
Cyber Security Blog·

Ghost Phishing Shows Why Email Security Must Follow the Browser

Ghost phishing hides the real lure until the browser renders it. Here is what SMBs and government contractors should do to defend Microsoft 365 identities.

Cyber Security Blog
ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane
Cyber Security Blog·

ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Cisco Talos uncovered ARToken, an EvilTokens-linked phishing-as-a-service panel built around Microsoft 365 token theft, device-code phishing, mailbox access, SharePoint operations, and BEC automation. The practical lesson: treat identity tokens, inbox rules, and cloud collaborati

Cyber Security Blog
SmartApeSG Okendo Compromise Shows Third-Party Widgets Are Supply-Chain Risk
Cyber Security Blog·

SmartApeSG Okendo Compromise Shows Third-Party Widgets Are Supply-Chain Risk

Zscaler ThreatLabz reported that SmartApeSG injected malicious JavaScript into the Okendo Reviews widget, creating downstream exposure across e-commerce sites. Here is what SMBs and government contractors should do about third-party browser code risk.

Cyber Security Blog
Maine Breach Portal Hoax Shows Disclosure Systems Need Verification Controls
Cyber Security Blog·

Maine Breach Portal Hoax Shows Disclosure Systems Need Verification Controls

Maine took its public breach notification database offline after fake disclosures were published. The lesson for SMBs and government contractors: public trust workflows need verification, moderation, and correction controls.

Cyber Security Blog
Pink Extortion Shows Microsoft 365 Defense Starts With Vishing Controls
Cyber Security Blog·

Pink Extortion Shows Microsoft 365 Defense Starts With Vishing Controls

Unit 42 is tracking Pink / CL-CRI-1147, a Com-affiliated extortion brand using vishing, credential theft, and Microsoft 365 data exfiltration. Here is what SMBs and government contractors should lock down now.

Cyber Security Blog
Error 524 Smishing Shows Why Fraud Infrastructure Needs CTI
Cyber Security Blog·

Error 524 Smishing Shows Why Fraud Infrastructure Needs CTI

Group-IB documented a global smishing operation using fake error pages, geofencing, and encrypted WebSocket exfiltration. Here is what SMBs and government contractors should take from it.

Cyber Security Blog
Chinese-Language PhaaS Shows MFA Bypass Is Becoming Real-Time Fraud
Cyber Security Blog·

Chinese-Language PhaaS Shows MFA Bypass Is Becoming Real-Time Fraud

Google’s reporting on Chinese-language phishing-as-a-service shows why MFA bypass, real-time OTP interception, and digital wallet fraud require phishing-resistant authentication and session monitoring.

AI (General)
Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here
AI (General)·

Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here

A fake OpenAI Privacy Filter repository on Hugging Face delivered Windows infostealer malware. Here is what SMB and gov-contractor defenders should take from it.

AI (General)
DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign
AI (General)·

DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign

A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat af

Malware
LeakNet Ransomware Scales Operations with ClickFix Lures and Stealthy Deno-Based Fileless Loader
Malware·

LeakNet Ransomware Scales Operations with ClickFix Lures and Stealthy Deno-Based Fileless Loader

The LeakNet ransomware group is rapidly scaling its operations with two dangerous innovations: a social engineering technique called ClickFix and a previously unreported fileless loader built on the legitimate Deno JavaScript runtime. According to ReliaQuest research, LeakNet has

Social Engineering
Physical Mail Phishing Targets Trezor and Ledger Users: Attackers Use QR Codes to Steal Recovery Phrases
Social Engineering·

Physical Mail Phishing Targets Trezor and Ledger Users: Attackers Use QR Codes to Steal Recovery Phrases

A new phishing campaign is targeting cryptocurrency hardware wallet users through an unusual vector: physical mail. Threat actors are sending fake letters impersonating Trezor and Ledger security teams, attempting to trick users into surrendering their wallet recovery phrases. Th

Social Engineering
Betterment Data Breach Exposes 1.4 Million Customers Following Sophisticated Social Engineering Attack
Social Engineering·

Betterment Data Breach Exposes 1.4 Million Customers Following Sophisticated Social Engineering Attack

Automated investment platform Betterment has disclosed a significant data breach affecting approximately 1.4 million customers, following a sophisticated social engineering campaign that targeted company employees in January 2026. Attack Overview According to Betterment’s officia

Red Teaming
I Got In Without A Badge Easy!? Social Engineering Strategies.
Red Teaming·

I Got In Without A Badge Easy!? Social Engineering Strategies.

People assume social engineering is all charm and quick thinking. But real operators know the truth:Preparation is the payload.Execution is just the final click. This is how I walked into a secured corporate building twice without a badge, without clearance, and without triggerin