C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
Social engineering manipulates people into revealing access or approving actions, causing compromise; verify requests and enforce least privilege.
Search across headline titles and summaries.
Background for this topic.
Social engineering is the deliberate manipulation of people into disclosing information, bypassing a control, or performing an action for an attacker. It commonly uses phishing, voice or text messages, impersonation, pretexting, and physical access attempts. In a threat model, the attacker targets trust, urgency, authority, or helpfulness rather than exploiting software directly. Successful deception can expose credentials or personal data, authorize fraudulent payments, enable malware delivery, or provide an initial foothold for account or network compromise.
Effective defenses make sensitive requests independently verifiable and limit the damage of a mistake. Use phishing-resistant multi-factor authentication where practical, least-privilege access, and approval or call-back procedures for payments, password resets, and changes to account or banking details. Staff should have a simple way to report suspected messages without penalty; security teams can then investigate related accounts, messages, and login activity, revoke exposed credentials, and contain follow-on access. Awareness training helps people recognize pretexts, but should reinforce these technical and procedural controls rather than rely on vigilance alone.
Weekly headline count for the current query.
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico.
Attackers used social engineering to access third-party business apps and steal patient information
AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]
WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...]
As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI hype in social engineering appeared first on Microsoft Security Blog.
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
Bayer’s security awareness training now focuses on psychological approaches rather than technical methods for detecting social engineering
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026
Carnival disclosed a data breach affecting nearly 6 million people after hackers used social engineering to access employee accounts. Carnival Corporation is notifying nearly 6 million people after a data breach exposed personal information. According to the notification shared with the Maine Attorney General’s Office, the total number of persons affected is 5,995,277. The company said […]
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware