All CosmicBytez Labs articles tagged #Social Engineering, across news, security advisories, how-to guides, and projects.
Five phishing patterns we're seeing specifically targeting small businesses across Alberta, Saskatchewan, and BC in 2026 — including invoice fraud, MFA-bombing, and the Calgary-pretext scam that's costing rural operations real money.
Iran-linked hackers exploited Meta's AI support assistant to reset account credentials, briefly defacing the Instagram accounts of the Obama White House and the Chief Master Sergeant of the U.S. Space Force with pro-Iranian content.
Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT desktop applications bundled with infostealer malware.
FBI warns the Silent Ransom Group is targeting law firms by physically arriving on-site and social-engineering access to sensitive client databases.
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
Initial access broker KongTuke has pivoted to Microsoft Teams for social engineering attacks, gaining persistent access to corporate networks in as little...
Fake identity fraud powered by generative AI is projected to cause $40 billion in losses annually. Security leaders are warned that static defenses are no...
AI-powered voice cloning requires just three seconds of audio to convincingly impersonate executives and employees. Adaptive Security's new research...
The U.S. Federal Trade Commission has released data showing staggering losses from social media fraud in 2025, representing a dramatic increase from...
UNC6692 employs email bombing and Teams impersonation to deliver a three-component Snow malware suite — SnowBelt, SnowGlaze, and SnowBasin — enabling full...
Threat actors are exploiting Apple's legitimate account change notification system to embed fake iPhone purchase scams inside genuine Apple emails,...
A post-mortem of the $280 million Drift Protocol crypto theft reveals a sophisticated six-month North Korean social engineering operation involving fake...
Cybercriminals are stealing millions from Russian companies by compromising accountants' computers and disguising fraudulent transfers as routine salary...
Drift Protocol has revealed that the $280 million hack it suffered was the culmination of a six-month long operation in which North Korean-linked threat...
Drift has confirmed the April 1, 2026, theft of $285 million resulted from a meticulously planned six-month North Korean social engineering operation that...
Scammers are sending fake "Notice of Default" traffic violation SMS messages impersonating state courts across the U.S., pressuring recipients to scan a...
The Axios HTTP client post-mortem reveals North Korean threat actors used a ClickFix-style fake Microsoft Teams error message to socially engineer a...
The North Korean threat actor UNC1069 used a sophisticated, targeted social engineering campaign against the Axios npm package maintainer Jason Saayman to...
Learn how to detect and prevent ClickFix social engineering attacks using EDR rules, network monitoring, YARA signatures, and endpoint hardening. Covers...
Blockchain-based lending platform Figure Technology Solutions confirms a data breach affecting nearly 1 million customers after ShinyHunters exploited an...
The French Economy Ministry confirmed that a hacker stole credentials from a government official and accessed France's FICOBA centralized bank account...
The SLSH alliance combining Scattered Spider, Lapsus$, and ShinyHunters has attacked over 100 organizations since the start of 2026, breaching 60 million...
Microsoft discloses a new ClickFix variant that uses DNS nslookup commands to retrieve and execute malicious PowerShell payloads, marking the first known...
Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver the MacSync infostealer to macOS users through ClickFix social...
Security researchers have uncovered a malicious Chrome extension called CL Suite that steals TOTP 2FA seeds, Meta Business Manager data, and analytics,...
A sophisticated phishing campaign dubbed PHALT#BLYX is targeting European hospitality organizations with fake Booking.com cancellation emails that display...
North Korean threat actors are running sophisticated campaigns using AI-generated deepfake videos and the ClickFix social engineering technique to target...
The FBI and CISA issue joint advisory on sophisticated AI-generated deepfake voice and video attacks targeting C-suite executives in financial...
UNC1069, a North Korean APT group, deployed a sophisticated ClickFix scam using a fake Zoom meeting to target a cryptocurrency executive in a social...
Microsoft reveals adversaries using AI for automated vulnerability discovery, phishing campaigns, and malware generation. AI-crafted phishing emails...