A malicious Edge extension exploits the native messaging protocol to bypass browser sandbox and establish full remote access backdoor at operating system level.
A new ClickFix campaign automates malware downloads on macOS entirely through terminal commands, with Atomic macOS Stealer stealing passwords, browser data, and cryptocurrency wallet holdings.
Service desks are popular vectors for social engineering attacks because controls are weak and operational pressure on staff is high — a combination that demands training, process improvements, and technical controls.
ScarCruft uses fake Microsoft security alerts to distribute NarwhalRAT, a Python-based malware that operates in memory and communicates with command-and-control servers via compromised websites and pCloud APIs.
Three new malware loaders (BabaDeda, Lorem Ipsum, Potemkin) distribute via ClickFix social engineering and compromised WordPress sites to enable data theft, ransomware, and remote control.
Tailgating exploits human behavioral patterns and social conventions to gain unauthorized access to secured areas, thereby jeopardizing the entire IT infrastructure.
Cybercriminals compromised an account on Tchap and stole data from over 73,000 accounts and 650,000 messages; the attacker cited social engineering, exposed LDAP credentials, and missing token validation during file downloads as causes.