social engineering

Fake macOS help sites push Shamos infostealer via ClickFix technique
Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers …

The new battleground for CISOs is human behavior
This article is no longer available. Check out our news from this week here: Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

How Brandolini’s law informs our everyday infosec reality
Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude …

From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends
Cybercriminals are getting better at lying. That’s the takeaway from a new LevelBlue report, which outlines how attackers are using social engineering and legitimate tools to …

Why behavioral intelligence is becoming the bank fraud team’s best friend
In this Help Net Security interview, Seth Ruden, Senior Director of Global Advisory at BioCatch, discusses how financial institutions are addressing fraud. He explains how …

Four arrested in connection with M&S, Co-op ransomware attacks
Four individuals suspected of having been involved in the ransomware attacks that hit UK-based retailers earlier this year have been arrested by the UK National Crime Agency. …

Qantas data breach could affect 6 million customers
Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a …

Microsoft introduces protection against email bombing
By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is …

Attackers fake IT support calls to steal Salesforce data
Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat …

TikTok videos + ClickFix tactic = Malware infection
Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. …

Fake AI platforms deliver malware diguised as video content
A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an …

The many variants of the ClickFix social engineering tactic
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are …
Featured news
Resources
Don't miss
- NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775)
- Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
- Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO
- LLMs at the edge: Rethinking how IoT devices talk and act
- How to build a secure AI culture without shutting people down