#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

social engineering | Breaking Cybersecurity News | The Hacker News

Category — social engineering
AI-Powered Social Engineering: Ancillary Tools and Techniques

AI-Powered Social Engineering: Ancillary Tools and Techniques

Feb 14, 2025 Cybercrime / Artificial Intelligence
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: 'As technology continues to evolve, so do cybercriminals' tactics.' This article explores some of the impacts of this GenAI-fueled acceleration. And examines what it means for IT leaders responsible for managing defenses and mitigating vulnerabilities. More realism, better pretexting, and multi-lingual attack scenarios Traditional social engineering methods usually involve impersonating someone the target knows. The attacker may hide behind email to communicate, adding some psychological triggers to boost the chances of a successful breach. Maybe a request to act urgently, so the target is less likely to pause and develop doubts. Or making the email come from an employee's CEO, hoping the employee's respect for authority means they won't question...
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

Feb 13, 2025 Web Security / Cloud Security
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to provide sensitive information," Netskope Threat Labs researcher Jan Michael Alcantara said . The activity, ongoing since the second half of 2024, entails users looking for book titles, documents, and charts on search engines like Google to redirect users to PDF files hosted on Webflow CDN. These PDF files come embedded with an image that mimics a CAPTCHA challenge, causing users who click on it to be taken to a phishing page that, this time, hosts a real Cloudflare Turnstile CAPTCHA. In doing so, the attackers aim to lend the process a veneer of legitimacy, fooling victims into think...
4 Ways to Keep MFA From Becoming too Much of a Good Thing

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Feb 11, 2025IT Security / Threat Protection
Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it's undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels like too much of a good thing. Here are a few reasons why MFA isn't implemented more universally. 1. Businesses see MFA as a cost center MFA for businesses isn't free, and the costs of MFA can add up over time. Third-party MFA solutions come with subscription costs, typically charged per user. Even built-in options like Microsoft 365's MFA features can cost extra depending on your Microsoft Entra license. Plus, there's the cost of training employees to use MFA and the time IT takes to enroll them. If MFA increases help desk calls, support costs go up too. While these expenses are far less t...
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

Feb 12, 2025 IT Security / Cybercrime
The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a spear-phishing email with an [sic] PDF attachment," the Microsoft Threat Intelligence team said in a series of posts shared on X. To read the purported PDF document, victims are persuaded to click a URL containing a list of steps to register their Windows system. The registration link urges them to launch PowerShell as an administrator and copy/paste the displayed code snippet into the terminal, and execute it. Should the victim follow through, the malicious code downloads and installs a browser-based remote desktop tool, along with a certificate file with a hardcoded PIN from a rem...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
AI-Powered Social Engineering: Reinvented Threats

AI-Powered Social Engineering: Reinvented Threats

Feb 07, 2025 Artificial Intelligence / Cybercrime
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It's the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks: using a trusted identity Traditional forms of defense were already struggling to solve social engineering, the 'cause of most data breaches' according to Thomson Reuters. The next generation of AI-powered cyber attacks and threat actors can now launch these attacks with unprecedented speed, scale, and realism.  The old way: Silicone masks By impersonating a French government minister, two fraudsters were able to extract over €55 million from multiple victims. During video calls, one would wear a silicone mask of Jean-Yves Le Drian. To add a layer of believability, they also sat in a rec...
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Feb 06, 2025 Cyber Attack / Malware
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles within organizations—particularly in finance, accounting, and sales department — highlighting a strategic focus on high-value positions with access to sensitive data and systems," Morphisec researcher Shmuel Uzan said in a report published earlier this week. Early attack chains have been observed delivering ValleyRAT alongside other malware families such as Purple Fox and Gh0st RAT, the latter of which has been extensively used by various Chinese hacking groups . As recently as last month, counterfeit installers for legitimate software have served as a distribution mechanism for t...
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

Feb 03, 2025 Cybercrime / Cryptocurrency
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC , Atomic macOS Stealer (aka AMOS ), and Angel Drainer . "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a well-coordinated network of traffers — social engineering experts tasked with redirecting legitimate traffic to malicious phishing pages," Recorded Future's Insikt Group said in an analysis. The use of a diverse malware arsenal cryptoscam group is a sign that the threat actor is targeting users of both Windows and macOS systems, posing a risk to the decentralized finance ecosystem. Crazy Evil has been assessed to be active since at least 2021, functioning primarily as a traffer team tasked with redirecting legitimate traffic to malicious landing pages operated by other criminal cre...
Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Feb 01, 2025 Malvertising / Mobile Security
Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. "These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior director of research at Malwarebytes, said in a Thursday report. The findings came a few weeks after the cybersecurity company exposed a similar campaign that leveraged sponsored Google Ads to target individuals and businesses advertising via the search giant's advertising platform. The latest set of attacks targets users who search for terms like "Microsoft Ads" on Google Search, hoping to trick them into clicking on malicious links served in the form of sponsored ads in the search results pages. At the same time, the threat actors behind the campaign employ s...
Top 5 AI-Powered Social Engineering Attacks

Top 5 AI-Powered Social Engineering Attacks

Jan 31, 2025 Artificial Intelligence / Cybercrime
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There's no brute-force 'spray and pray' password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems. Traditionally that meant researching and manually engaging individual targets, which took up time and resources. However, the advent of AI has now made it possible to launch social engineering attacks in different ways, at scale, and often without psychological expertise. This article will cover five ways that AI is powering a new wave of social engineering attacks. The audio deepfake that may have influenced Slovakia elections Ahead of Slovakian parliamentary elections in 2023, a recording emerged that appeared to feature candidate Michal Simecka in conversation with a well-known journalist, M...
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Jan 29, 2025 Threat Intelligence / Malware
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's STRIKE team said in a new report shared with The Hacker News. "This administrative layer was consistent across all the C2 servers analyzed, even as the attackers varied their payloads and obfuscation techniques to evade detection." The hidden framework has been described as a comprehensive system and a hub that allows attackers to organize and manage exfiltrated data, maintain oversight of their compromised hosts, and handle payload delivery. The web-based admin panel has been identified in connection with a supply chain attack campaign dubbed Operation ...
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Jan 23, 2025 Phishing / Malware
Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at Netskope Threat Labs, said in a report shared with The Hacker News. "The campaign also spans multiple industries, including healthcare, banking, and marketing, with the telecom industry having the highest number of organizations targeted." The attack chain begins when a victim visits a compromised website, which directs them to a bogus CAPTCHA page that specifically instructs the site visitor to copy and paste a command into the Run prompt in Windows that uses the native mshta.exe binary to download and execute an HTA file from a remote server. It's worth noting...
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

Jan 21, 2025 Malware / Cyber Threat
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to exploit user trust. "It is important to note that CERT-UA may, under certain circumstances, use remote access software such as AnyDesk," CERT-UA said . "However, such actions are taken only after prior agreement with the owners of objects of cyber defense through officially approved communication channels." However, for this attack to succeed, it's necessary that the AnyDesk remote access software is installed and operational on the target's computer. It also requires the attacker to be in possession of the target's AnyDesk identifier , suggesting th...
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption

Jan 09, 2025
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer . "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to bypass antivirus systems, posing a significant risk to over 100 million macOS users globally." The cybersecurity company said it detected the new version in late September 2024, with the malware distributed using phishing websites and fake GitHub repositories under the guise of popular software such as Google Chrome, TradingView, Zegent, Parallels, Solara, CryptoNews, MediaKIT, and Telegram. Banshee Stealer was first documented in August 2024 by Elastic Security Labs. Offered under a malware-as-a-service (MaaS) model to other cybercriminals for $3,000 a month, it'...
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Jan 08, 2025 Email Security / Cybercrime
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) that can be used to prevent spammers from spoofing well-known domains, such measures have increasingly led them to leverage old, neglected domains in their operations. In doing so, the email messages are likely to bypass security checks that rely on the domain age as a means to identify spam. DNS threat intelligence firm Infoblox, in a new analysis shared with The Hacker News, discovered that threat actors, including Muddling Meerkat and others, have abused some of it...
Expert Insights / Articles Videos
Cybersecurity Resources