Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1204 — User Execution (Execution)
Clear filter41 articles found
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git ...
Australian organizations warned of Vidar Stealer malware campaign using ClickFix technique
Bleeping Computer reports that the Australian Cyber Security Center (ACSC) has issued a warning to organizations about an ongoing campaign that utilizes the ...
California man sentenced to over 6 years for role in $250 million cryptocurrency heist
The criminal ring targeted individuals believed to hold significant cryptocurrency between late 2023 and early 2025, using social engineering to gain access ...
New Infostealer Campaign Abuses GitHub Releases to Hide Malware Payloads
A new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation com...
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distri...
Fake Disk Cleanup Apps Fuel New macOS ClickFix Attack
A wave of ClickFix-style social engineering attacks that specifically target macOS users, using fake disk cleanup and system utility tips hosted on popular c...
Iranian state-backed spies pose as ransomware slingers in false flag attacks
An Iranian state-sponsored espionage group is pretending to be a regular ransomware gang in a new wave of ransomware attacks targeting enterprises. APT group...
MuddyWater hackers use Chaos ransomware as a decoy in attacks
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and esta...
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack i...
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft. The post Iranian APT Intrusion ...
Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
Written by: JP Glab, Tufail Ahmed, Josh Kelley, Muhammad Umair Introduction Google Threat Intelligence Group (GTIG) identified a multistage intrusion campaig...
ClickFix Phishing Campaign Masquerading as a Claude Installer
Overview It is no secret that phishing campaigns utilizing various ClickFix techniques have been a commonly used method of social engineering. One of the mai...
Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT
Elastic Security Labs uncovers a novel social engineering campaign that abuses the popular note-taking application, Obsidian's legitimate community plugin ec...
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration
ClickFix Campaigns Targeting Windows and macOS
Insikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS.
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use
Introduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (A...
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentr...
How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)
Think you could never fall for an online scam? Think again.