Social Engineering | Breaking Cybersecurity News | The Hacker News

As anticipation builds for the FIFA World Cup 2026, cybercriminals are rapidly scaling fraud operations designed to exploit global fan excitement, urgency, and trust in tournament-related content. CTM360 researchers identified more than 7,000 FIFA World Cup 2026-themed domains, including over 4,500 newly registered domains observed within the last five months alone . More than 1,000 malicious or fraudulent websites have already been activated, alongside over 1,000 social media impersonation accounts operating across major platforms. The activity highlights how threat actors increasingly treat major global sporting events as large-scale monetization opportunities, combining fake ticket sales, fraudulent streaming platforms, betting scams, malware delivery, and social engineering into coordinated fraud ecosystems. Unlike isolated phishing attempts, these campaigns operate through repeatable fraud lifecycles that mirror organized cybercrime operations. CTM360's Fraud Navigator ...

BEC accounted for over $3 billion in reported losses last year alone. Most organizations don't realize they're exposed until it's too late. Here's how to tell if your defenses have gaps. Business email compromise doesn't announce itself. There's no ransomware splash screen, no locked files, no dramatic system outage. Instead, a finance team member processes what looks like a routine vendor payment update. A controller wires funds based on what appears to be a CFO's direct request. By the time anyone notices, the money is gone. The FBI IC3's 2024 Internet Crime Report documented $55 billion in cumulative BEC losses over the past decade, with $3 billion in 2024 alone — making it the most financially destructive enterprise-targeted cyber threat in the country. The challenge with BEC is that it exploits trust, not technology. These attacks carry no malicious payload for a gateway to catch — just carefully crafted messages designed to manipulate human judgment. That makes traditional de...

Government impersonation scams have evolved into a large, highly coordinated fraud ecosystem targeting citizens across the globe. CTM360 's latest threat intelligence research analyzes a widespread campaign, referred to as GovTrap, that demonstrates how attackers systematically exploit public trust in government institutions through thousands of fraudulent digital platforms. Unlike traditional phishing attacks that rely on simple deceptions, GovTrap campaigns replicate entire government service environments. These fraudulent platforms mimic official portals with high accuracy, including branding, language, workflows, and service structures. From tax portals and licensing systems to fine payment services, each fake site is designed to appear legitimate while functioning as part of a broader, scalable fraud operation. Read the full report here:  https://www.ctm360.com/reports/government-impersonation-phishing-govtrap-scams Scale and Targeting Patterns CTM360 identified mo...

For security leaders, the inbox remains the front door for attackers. Here's why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI's Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don't carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a "routine" invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

Security teams have never had more telemetry. They have also never been more behind. In 2025, organizations faced an average of 1,968 cyber attacks per week , an 18% YoY increase, and nearly a 70% increase since 2023 . That's not just "more noise." It's a signal that attacker throughput is scaling faster than human response models can. At the same time, the attacker playbook shifted in ways that punish slow cycles. Social engineering moved beyond email into multi-channel, cross-platform operations, including new interaction-led techniques like ClickFix, which manipulates users into executing the attack themselves. ClickFix activity increased by roughly 500% and appeared in nearly half of documented malware campaigns. And while humans remain a primary target, attackers are finding even easier traction in unpatched, unmanaged, and inherited exposures. These gaps give adversaries durable footholds long before exposure remediation is implemented. Couple that with automation, and expo...

The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...

The browser has quietly become the most critical application in the enterprise — and the most targeted. With SaaS, cloud, and hybrid work redefining IT boundaries, browsers now handle proprietary data, credentials, and business workflows. Yet legacy security tools like firewalls, antivirus, and EDR were never designed to defend this new digital front line. The shift from being an ancillary tool to becoming the main location of work means legacy security solutions, such as firewalls, antivirus, VDI, etc., are not equipped to provide the necessary level of protection needed to secure today's organizations. The browser, once an afterthought, is now the weak link that legacy defenses simply can't secure.  This article examines the modern browser exploitation playbook and details why legacy tools alone are no match for today's cybercriminals. By adopting a Secure Enterprise Browser (SEB), enterprises can complement their existing security tools, shore up their weak link, and future-p...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they've shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms' Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco's) could have...

Imagine joining a video call with your CEO, only to find out later the CEO participant was actually an AI-generated fake. Welcome to the new digital battlefield.  Adversarial AI and deepfakes have created an identity attack surface that is not just digital, but is also based on reality itself . These technologies are no longer science fiction or theoretical. They are actively being used to spoof identities, manipulate political perceptions, and circumvent even the best cybersecurity training initiatives. , and circumvent even the best cybersecurity training initiatives.  If your cybersecurity defenses rely solely on human perception, voice recognition, or even visual evidence, you are vulnerable to an attack.  From Cat and Mouse to Machine vs. Machine Cybersecurity has always been a game of cat and mouse. As defenders (mice), we have historically been able to adapt our defenses for phishing, malware , ransomware, and insider threats . Today, we're also strategizing ...