Tag

#Social Engineering

35 stories taggedSocial Engineering · page 2 of 3.

Photoreal editorial image of an empty international airport departure gate at dawn, blue departure screens softly glowing, a lone rolling suitcase left near a s
Threat Intelligence

Alleged Scattered Spider member, 19, extradited to the US after airport arrest

Peter Stokes, a dual US-Estonian citizen picked up in Helsinki in April, is accused of helping the notorious hacking crew squeeze millions from big-name companies.

3 min
Full-frame photoreal editorial image of a laptop screen showing a generic web browser with a red warning icon in the address bar and a blurred popup dialog, dim
Threat Intelligence

Opera's new Paste Protect tries to stop the copy-paste scam that's been draining wallets

The browser will now block dodgy commands before they reach your clipboard, targeting the ClickFix trick that has become criminals' favourite way to trick people into infecting their own computers.

3 min
Close-up overhead view of several plain black USB thumb drives scattered across weathered asphalt in a parking lot, shallow depth of field, natural overcast day
Threat Intelligence

The USB Drop That Changed Pen Testing: Steve Stasiukonis's Credit Union Experiment, Revisited

Twenty years ago, a handful of booby-trapped thumb drives in a parking lot became one of the most-cited social-engineering case studies in security history. Here's what actually happened.

3 min
Threat Intelligence

Scattered Spider Suspect, 19, Extradited From Finland to Chicago

Peter Stokes, a dual U.S.-Estonian citizen, faces conspiracy, intrusion and fraud charges tied to the loose-knit crew behind a string of high-profile enterprise breaches.

2 min
Threat Intelligence

ClickFix Grows a Back Office: API-Served Payloads and a New AMSI Bypass

Researchers pulled roughly 3,000 live payloads from ClickFix infrastructure and found a polymorphic delivery pipeline built to defeat Windows script scanning.

2 min
Threat Intelligence

SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts

Ukrainian counterintelligence says GRU and FSB-linked operators ran fake tech-support flows against officials' messengers across Ukraine, Europe, and the U.S.

2 min
Identity & Access

The Service Desk Is the New Phishing Inbox

Help desks keep getting talked out of MFA resets. The fix is less about training and more about treating identity verification like an auth protocol.

3 min
Threat Intelligence

ClickFix Campaign Turns Google Ads, GitLab, and Claude Into a Six-Wave Trust Machine

Attackers chained legitimate infrastructure across seven weeks to push malicious PowerShell commands to developers. Session tokens, SSH keys, and cloud credentials were the prize.

3 min
Threat Intelligence

Three New Loaders Ride the ClickFix Wave: BabaDeda, Lorem Ipsum, and Potemkin

Separate research teams have pinned three distinct loader families on the same social-engineering pattern, with education and finance taking the brunt of the April 2026 activity.

3 min
Threat Intelligence

Facebook Impersonation Scams Sweep MENA, Pushing Fake Subsidies and 'Free Data' Lures

Group-IB ties the campaign to a broader fraud network using cloned political figures, fake government programs and browser-push alerts to harvest credentials and payment data.

2 min
Breaches

Tchap Account Takeover Exposes 73,000 French Government Users

France's sovereign messaging platform wasn't broken — a user was. Social engineering got an attacker inside, and unencrypted public rooms did the rest.

2 min
AI Security

Attackers Are Wrapping Old Phishing Tricks in AI Branding. It's Working.

Microsoft and Google both dropped advisories this week documenting how threat actors are dressing up familiar credential theft and malware campaigns as ChatGPT, Copilot, and DeepSeek experiences. The technique is not new. The success rate is.

2 min
Threat Intelligence

UNC3753 Hit U.S. Professional Services Firms With Vishing and Walk-In Intrusions

Dozens of legal, financial, and consulting firms were hit between January and May 2026 in a data-theft extortion run that blended phone-based social engineering with physical site visits.

3 min
Threat Intelligence

Five Eyes Warns: Chinese Intelligence Officers Posing as Recruiters to Harvest Government Secrets

A joint advisory flags a persistent social engineering campaign targeting personnel with access to classified material — fake job offers, real espionage.

2 min
AI Security

Meta's AI Support Bot Handed Out Password Resets to Anyone Who Asked Nicely

A pro-Iran Telegram channel published a walkthrough showing how Instagram's conversational recovery assistant could be talked into linking attacker-controlled email addresses to target accounts. The Obama White House and a senior U.S. Space Force account were briefly defaced.

3 min
© 2026 Threat Vectr