#social-engineering
44 articles
Over the past five weeks, ZCyberNews has tracked 57 articles tagged social-engineering, with 43 rated high severity and one critical. Lazarus Group, UNC6692, and APT37 (ScarCruft, InkySquid) were the top threat actors observed, while CVE-2023-36036 appeared as the leading vulnerability. The cryptocurrency, financial services, technology, financial-services, and enterprise sectors were most affected, with global impact concentrated in North America, Europe, the United States, and Canada.
CRITICALModeloRAT Campaign Abuses Microsoft Teams for Enterprise Intrusion
Rapid7 dissects an April 2026 intrusion where a fake IT Support Teams message delivered ModeloRAT via Dropbox, leading to privilege escalation, credential theft, and lateral...
HIGHSignal Adds In-App Warnings to Block Russian-Linked Phishing Attacks
Signal introduced new in-app confirmations and warnings to counter phishing attacks linked to Russian state hackers who abused the Linked Device feature to hijack high-profile...
INFORMATIONALUSB Drop Attack That Defined Social Engineering Turns 20
Steve Stasiukonis's 2006 USB drop test at a credit union — 15 of 20 drives plugged in by employees — became the blueprint for physical social engineering assessments still used…
HIGHTelegram Mini Apps Fuel Crypto Scams, Android Malware Campaign
Researchers uncovered a fraud network abusing Telegram Mini Apps to impersonate brands, steal crypto wallets, and push Android malware like SpyNote and ERMAC.
HIGHFake Roblox Enhancements Steal Hundreds of Thousands of Accounts
Malwarebytes reports hackers used fake Roblox game enhancements to steal login credentials from hundreds of thousands of players, reselling accounts for profit.
HIGHBlueNoroff Fakes Zoom Calls to Lure Crypto Execs
BlueNoroff uses stolen video, AI avatars, and fake Zoom invites to turn crypto executives into attack lures.
HIGHDeepfake Voice Attacks Outpace Defenses, Bypass MFA
Adaptive Security finds 3 seconds of audio enough to clone a voice for fraud; deepfake calls tricked employees into wiring $243K in one case. No detection tool caught the attack.
HIGHMandiant: Fake Teams Help Desk Deploys Info-Stealing Malware
Mandiant details a social engineering campaign where attackers pose as Microsoft Teams help desk staff to trick victims into installing malware that steals credentials and session…
HIGHUNC6692 Email Bombing Delivers Snow Malware for Persistent Access
UNC6692 bombards victims with thousands of emails, then poses as IT support to deploy Snowbelt, Snowglaze, and Snowbasin malware for persistent backdoor access. No CVEs involved.
HIGHAI-Powered Phishing Surges as Attackers Personalize Lures at Scale
Enterprises report a sharp rise in AI-generated phishing campaigns that craft personalized lures at scale, moving from broad sprays to 1-to-1 targeting in the last six months.
HIGHBlackFile Extortion Group Targets Retail, Hospitality via Vishing
BlackFile extortion group has hit at least 12 retail and hospitality organizations since Feb 2026, using vishing to steal VPN credentials and exfiltrate data before demanding…
HIGHLazarus Hijacks macOS via ClickFix to Target Executives
Lazarus APT uses ClickFix social engineering to deliver macOS malware — fake browser update prompts trick executives into running AppleScript payloads that steal credentials and…
HIGHUNC6692 Hijacks Microsoft Teams to Deploy SNOW Malware Suite
UNC6692 impersonates IT helpdesk staff via Microsoft Teams chats to trick victims into installing SNOW malware — a custom backdoor with credential theft and lateral movement…
MEDIUMCaller-as-a-Service Fraud Operations Mimic Corporate Call Centers
Flare researchers detail 'Caller-as-a-Service' fraud, where criminal operations use hiring, training, and KPIs to manage scam callers targeting victims in North America and Europe.
HIGHNorth Korean Fake Job Scams Spread Malware via 'Contagious Interview'
North Korean operatives use a 'contagious interview' tactic, where a compromised developer's GitHub repo spreads RATs to other job seekers.
HIGHNorth Korean Operatives Use AI and Fake Identities to Infiltrate Companies via
North Korean operatives are using AI tools and forged documents to pass remote job interviews, according to Flare research. The tactic aims to place threat actors inside target companies for long-term espionage and network access.
HIGHThreat Actors Impersonate IT Helpdesk via Microsoft Teams to Deploy Quick Assist
Threat actors are using Microsoft Teams to impersonate IT helpdesk staff, tricking employees into installing Microsoft's own Quick Assist tool to grant attackers full remote control of corporate systems.
HIGHUNC1069 Targets Crypto Professionals with Fake Zoom and Teams Meetings
North Korean threat actor UNC1069 lures Web3 professionals with fake Zoom and Microsoft Teams meetings to deploy malware that steals cryptocurrency, according to new research.
HIGHApple Account Change Alerts Hijacked for Phishing Scams
Threat actors are abusing Apple's legitimate notification system to send iPhone purchase phishing emails from Apple's own servers, bypassing spam filters and targeting millions of Apple ID users.
HIGHObsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Attacks
Threat actors are abusing the Obsidian note-taking app to deliver the novel PHANTOMPULSE RAT via malicious plugins, targeting individuals in finance and cryptocurrency sectors in a campaign tracked as REF6598.
MEDIUMBusiness Impersonation Fraud Evolves with AI-Powered Shopping Scams
Recorded Future details how threat actors exploit corporate identity verification gaps, pivoting from cashing stolen checks to orchestrating AI-powered shopping scams that impersonate legitimate businesses to steal goods.
HIGHFake Data Breach Notifications Deploy Malware, Steal Credentials
Threat actors are weaponizing data breach notifications, sending fake alerts that trick users into downloading malware or entering credentials on phishing sites, according to ESET research.
HIGHFake Proton VPN Sites and Gaming Mods Spread NWHStealer Malware
A new Windows information stealer dubbed NWHStealer is being distributed via fake Proton VPN websites, gaming modifications, and hardware utility downloads, targeting credentials and cryptocurrency wallets.
HIGHDHL-Themed Phishing Campaign Delivers Remote Access Software
A new phishing campaign impersonates DHL to trick recipients into installing legitimate remote access software, which attackers then use as a foothold to deploy additional malware, including ransomware.
HIGHSapphire Sleet Targets macOS Users with Fake Zoom SDK Update
North Korean threat actor Sapphire Sleet is distributing a new macOS malware via a fake Zoom SDK installer, stealing passwords, crypto wallets, and personal data through a multi-stage social engineering campaign.
HIGHFake Adobe Reader Downloads Deploy ScreenConnect via In-Memory Loader
A new campaign delivers ConnectWise ScreenConnect by masquerading malware as an Adobe Acrobat Reader installer, using advanced in-memory execution and defense evasion to avoid detection.
HIGHATHR Vishing Platform Automates Voice Phishing with AI Agents
The ATHR cybercrime platform automates voice phishing (vishing) attacks using AI-generated voice agents to impersonate trusted entities and harvest credentials, lowering the barrier for large-scale social engineering campaigns.
HIGHBooking.com Breach Fuels Sophisticated Hotel Impersonation Scams
A data breach at Booking.com is providing threat actors with detailed guest reservation data, enabling highly convincing scams where attackers impersonate hotels to steal payment details and credentials.
HIGHClickFix Phishing Campaign Masquerades as Claude AI Installer
A phishing campaign uses fake Claude AI installer lures and 'ClickFix' social engineering to trick users into granting remote access, enabling credential theft and financial fraud.
MEDIUMPushpaganda Campaign Exploits Google Discover to Hijack Browser Notifications
A threat operation dubbed Pushpaganda is abusing Google Discover with AI-generated clickbait to trick users into enabling malicious browser notifications, which then deliver phishing and scam content.
MEDIUMScammers Revive iCloud Storage Full Scam to Steal Payment Details
A phishing campaign impersonates Apple to pressure users with fake 'iCloud storage full' alerts, aiming to steal credit card information and Apple ID credentials.
MEDIUMCredit Resources Vault Scam Targets Financially Vulnerable with Deceptive Fees
A sophisticated email scam impersonating the 'Credit Resources Vault' uses urgency and official-looking documents to trick financially distressed individuals into paying recurring fees for worthless credit repair services.
HIGHFake YouTube Copyright Notices Steal Google Credentials via Phishing
YouTube creators are targeted by a sophisticated phishing campaign using fake copyright infringement notices to steal Google account credentials, enabling channel takeover and broader account compromise.
MEDIUMPushpaganda Campaign Uses AI-Generated Clickbait to Hijack Browser Notifications
A campaign dubbed Pushpaganda uses AI-generated clickbait to trick users into enabling malicious browser notifications, delivering a persistent stream of scams and fake alerts directly to the desktop.
HIGHAttackers Shift from Phishing to Social Engineering for Okta Compromise
Threat actors are bypassing email security by using phone-based social engineering to target IT help desks and compromise Okta identity systems, enabling initial access to corporate networks.
MEDIUMClickFix Mac Malware Campaign Uses Fake Apple Page to Deliver Payloads
A new ClickFix-style campaign targets macOS users with fake Apple instructions to run malicious commands.
HIGHObsidian Plugin Ecosystem Abused to Deliver PhantomPulse RAT in Targeted Campaign
REF6598 threat group weaponizes Obsidian notes plugins to drop the PhantomPulse RAT on fintech and crypto professionals — TTP breakdown, IOCs, and what security teams should look for.
HIGHAPT37 Targets Individuals via Facebook to Deploy RokRAT Malware
North Korea's APT37 group is conducting a social engineering campaign on Facebook, using fake profiles to build trust and deliver the RokRAT remote access trojan to targeted individuals.
MEDIUMBooking.com Confirms Data Breach via Social Engineering Attack
Booking.com confirms a data breach where attackers used social engineering to compromise employee accounts and access customer travel booking information. The company states the incident has been contained.
HIGHClickFix Malware Campaign Evades macOS Defenses via Script Editor
A ClickFix social engineering campaign bypasses macOS security warnings by using Script Editor to execute malicious commands, marking a significant evolution in Mac-targeting malware.
HIGHFake Claude AI Site Delivers PlugX Malware in Trojanized Installer
A sophisticated phishing campaign uses a counterfeit Claude AI website to distribute a trojanized installer, deploying the remote access trojan PlugX to establish persistent backdoor access.
HIGHAI-Powered Threat Actor Breaches Mexican Government, Exposes Citizen Data
A sophisticated attacker leveraged AI tools like Claude and ChatGPT to breach nine Mexican government agencies, exfiltrating hundreds of millions of citizen records in a multi-month campaign.
MEDIUMFake BTS World Tour Ticket Sites Target Fans in Multi-Country Scam
A widespread phishing campaign uses fraudulent BTS concert ticket websites to steal payment information from fans across at least nine countries.
HIGHGPT-5 Release: Security Implications for Enterprise Defenders
OpenAI's GPT-5 raises the bar for AI-assisted cyberattacks — spear-phishing at scale, automated exploit generation, and deepfake social engineering. Here's what security teams need to know and do.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.