Social Engineering news

A long-running malware campaign is using illegal movie and TV show streaming websites to infect users. The attack tricks people into installing a fake video player plugin update, which then installs a cryptominer on their computers, consuming system resources without their knowledge.

A new phishing campaign is targeting Signal users with text messages pretending to be from Signal Support. The scam aims to trick users into revealing their backup recovery keys by creating a false sense of urgency about data loss due to a supposed "sync issue."

A new threat actor is targeting cryptocurrency firms using fake recruiter messages and custom macOS malware. The campaign uses sophisticated social engineering to trick employees, aiming to steal digital assets by compromising CI/CD infrastructure. This highlights a growing risk for developers and security teams in the crypto space.

Deepfakes are evolving from public misinformation tools into a significant corporate security risk. Attackers use synthetic media to impersonate executives and manipulate business processes like payment approvals. A Gartner report indicates that 62% of organizations have already been affected by this growing threat.

The FBI is warning that crypto scammers are now using physical couriers to collect cash from victims. This escalation of 'pig butchering' scams blends digital deception with real-world logistics, increasing the threat to individuals.

A North Korean hacking group is targeting developers with fake job offers and code review requests. The sophisticated phishing campaigns aim to trick technical staff into installing malware, posing a direct threat to company security.

A critical vulnerability in the Ghost CMS is being actively exploited to hijack over 700 websites. Attackers inject a fake Cloudflare verification page, tricking visitors into running a malicious Windows command. This social engineering tactic, dubbed "ClickFix," ultimately installs malware onto the user's system.