All CosmicBytez Labs articles tagged #Social Engineering, across news, security advisories, how-to guides, and projects.
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court for their roles in the 2024 cyberattack on Transport for London that downed 148 systems and disrupted 27,000 employees.
A 3.5-month INTERPOL-led operation spanning 97 countries resulted in 5,811 arrests, $293 million seized, and 142,000 victims identified — targeting...
Deploy a self-hosted phishing simulation platform using Gophish in Docker. Build real-world phishing campaigns, track user engagement, and run security...
Phishing kits now fingerprint victims via user-agent headers to deliver OS-specific payloads automatically — device code phishing attacks spiked 1,380% in...
Peter Stokes, 19, has been extradited from Finland to face federal charges tied to Scattered Spider's hundred-million-dollar cybercrime spree — the latest...
A ransomware campaign is impersonating Interpol to pressure small and medium-sized businesses into paying extortion demands, using law enforcement...
Ukraine's SSU and the FBI have exposed a sustained Russian intelligence campaign using fake support SMS messages to steal Signal, WhatsApp, and Telegram...
The SSU and FBI jointly disclosed a sustained Russian intelligence operation targeting messaging credentials of government officials, military personnel,...
Ukraine's SBU and the FBI have jointly exposed a long-running Russian intelligence operation using fake tech-support workers to steal messaging app...
Attackers are abusing compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents, ultimately deploying a...
An active malware campaign is targeting WhatsApp users across multiple countries with deceptive messages pushing VBScript-based droppers disguised as...
The U.S. Federal Trade Commission warned that Americans lost $3.5 billion to imposter scams in 2025 — nearly tripling since 2020 — as AI-powered voice...
Cybersecurity researchers have uncovered a large-scale phishing campaign by the Sniper Dz threat group targeting Middle East and North Africa users...
Iran-linked hackers exploited Meta's AI support assistant to reset account credentials, briefly defacing the Instagram accounts of the Obama White House and…
Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT…
FBI warns the Silent Ransom Group is targeting law firms by physically arriving on-site and social-engineering access to sensitive client databases.
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
Initial access broker KongTuke has pivoted to Microsoft Teams for social engineering attacks, gaining persistent access to corporate networks in as little...
Fake identity fraud powered by generative AI is projected to cause $40 billion in losses annually. Security leaders are warned that static defenses are no...
AI-powered voice cloning requires just three seconds of audio to convincingly impersonate executives and employees. Adaptive Security's new research...
The U.S. Federal Trade Commission has released data showing staggering losses from social media fraud in 2025, representing a dramatic increase from...
UNC6692 employs email bombing and Teams impersonation to deliver a three-component Snow malware suite — SnowBelt, SnowGlaze, and SnowBasin — enabling full...
Five phishing patterns we're seeing specifically targeting small businesses across Alberta, Saskatchewan, and BC in 2026 — including invoice fraud…
Threat actors are exploiting Apple's legitimate account change notification system to embed fake iPhone purchase scams inside genuine Apple emails,...
A post-mortem of the $280 million Drift Protocol crypto theft reveals a sophisticated six-month North Korean social engineering operation involving fake...
Cybercriminals are stealing millions from Russian companies by compromising accountants' computers and disguising fraudulent transfers as routine salary...
Drift Protocol has revealed that the $280 million hack it suffered was the culmination of a six-month long operation in which North Korean-linked threat...
Drift has confirmed the April 1, 2026, theft of $285 million resulted from a meticulously planned six-month North Korean social engineering operation that...
Scammers are sending fake "Notice of Default" traffic violation SMS messages impersonating state courts across the U.S., pressuring recipients to scan a...
The Axios HTTP client post-mortem reveals North Korean threat actors used a ClickFix-style fake Microsoft Teams error message to socially engineer a...
The North Korean threat actor UNC1069 used a sophisticated, targeted social engineering campaign against the Axios npm package maintainer Jason Saayman to...
Learn how to detect and prevent ClickFix social engineering attacks using EDR rules, network monitoring, YARA signatures, and endpoint hardening. Covers...
Blockchain-based lending platform Figure Technology Solutions confirms a data breach affecting nearly 1 million customers after ShinyHunters exploited an...
The French Economy Ministry confirmed that a hacker stole credentials from a government official and accessed France's FICOBA centralized bank account...
The SLSH alliance combining Scattered Spider, Lapsus$, and ShinyHunters has attacked over 100 organizations since the start of 2026, breaching 60 million...
Microsoft discloses a new ClickFix variant that uses DNS nslookup commands to retrieve and execute malicious PowerShell payloads, marking the first known...
Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver the MacSync infostealer to macOS users through ClickFix social...
Security researchers have uncovered a malicious Chrome extension called CL Suite that steals TOTP 2FA seeds, Meta Business Manager data, and analytics,...
A sophisticated phishing campaign dubbed PHALT#BLYX is targeting European hospitality organizations with fake Booking.com cancellation emails that display...
North Korean threat actors are running sophisticated campaigns using AI-generated deepfake videos and the ClickFix social engineering technique to target...
The FBI and CISA issue joint advisory on sophisticated AI-generated deepfake voice and video attacks targeting C-suite executives in financial...
UNC1069, a North Korean APT group, deployed a sophisticated ClickFix scam using a fake Zoom meeting to target a cryptocurrency executive in a social...
Microsoft reveals adversaries using AI for automated vulnerability discovery, phishing campaigns, and malware generation. AI-crafted phishing emails...