ClickFix Now Cybercriminals' Favorite Malware Delivery Technique
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]
Ransomware and vendor breaches persist. The "2026 Data Breach Investigations Report" (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. [...]
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. [...]
Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks
ClickFix tricks Microsoft's security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.…
Voice Phishing Attacks on Salesforce Users Remains Repeat ShinyHunters TacticTechnology giants Google and Cisco separately said they've both suffered recent data breaches after attackers socially engineered their employees via voice phishing attacks, leading to a breach of their customer relationship management software, exposing customer data.
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector
Verizon's 2025 Data Breach Investigations Report highlighted dire — but not new — trends in the education sector. Without more help, faculty and staff continue to fall for social engineering campaigns and make simple security errors.
A Barracuda report found that 92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023
The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks
The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments
Money Meant for Poor Communities Stolen as Authorities Issued Phishing Scam AlertsHackers have reportedly stolen about $7.5 million from a Department of Health and Human Services grant payment system in a series of cyberattacks last year. The news comes in the midst of HHS and other authorities warnings about rising threats involving social engineering and payment scams.
The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019
Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.
The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems
Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank
The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023