Tag: social-engineering

Developer Trust Under Fire: GitHub Scams, LinkedIn Phishing, and AI Code Exposure

Social engineering attacks are intensifying against developer communities through GitHub token giveaway scams and LinkedIn credential phishing. Meanwhile, Anthropic suffered a major code exposure incident and ransomware groups continue exploiting legitimate IT tools to evade detection.

Apr 2, 2026Hackread

githublinkedinphishing

🇺🇸LinkedIn

mediumMalware & Threats

Infinity Stealer Targets macOS Users Through ClickFix Social Engineering

Security researchers have identified Infinity Stealer, a new macOS-targeting info-stealing malware that uses ClickFix social engineering lures to trick users into executing Python payloads compiled with Nuitka. The malware harvests system information, browser data, and credentials from infected machines.

Mar 29, 2026BleepingComputer

macosinfo-stealersocial-engineering

🇺🇸Apple

highMalware & Threats

Supply Chain Strikes and Social Engineering: Five Active Threat Campaigns Targeting Critical Infrastructure

Supply chain attacks hit Python developers via compromised PyPI packages hiding malware in audio files, while GitHub users face fake VS Code security alerts distributing malware. The European Commission confirmed a breach of their AWS environment as criminals increasingly use virtual phone services to bypass banking security controls.

Mar 28, 2026BleepingComputer, Malwarebytes Labs

supply-chainpypigithub

🇺🇸Amazon

mediumData Breaches & Incidents

Ghost Campaign Targets Developers, QR Code Phishing Hits 1.6M Users

Researchers identified multiple sophisticated phishing campaigns this week, including a Ghost campaign using fake npm install logs to steal developer credentials and crypto wallets, plus a massive QR code campaign that bypassed email security controls to reach 1.6 million users.

Mar 27, 2026Hackread

phishingmalwarenpm

🇦🇪Telegram

highData Breaches & Incidents

DarkSword iPhone Exploit Leak, North Korean IT Infiltration, and CanisterWorm Iran Attacks

A leaked iPhone exploit threatens up to 270 million devices while a North Korean operative was caught infiltrating remote IT positions. Meanwhile, the CanisterWorm group launched targeted wiper attacks against Iranian systems through compromised cloud services.

Mar 24, 2026Hackread, Krebs on Security, Troy Hunt

mobile-exploitsnation-statesupply-chain

mediumMalware & Threats

Threat Actors Weaponize Azure Monitor Alerts for Callback Phishing Campaigns

Threat actors are abusing Microsoft Azure Monitor's legitimate alert system to send callback phishing emails that impersonate Microsoft Security Team notifications about unauthorized account charges. The campaign leverages Azure's trusted infrastructure to bypass email security filters and increase victim trust.

Mar 22, 2026BleepingComputer

azurephishingsocial-engineering

mediumDarknet & Underground

Age Verification Code Pushed to Major Linux Distributions in Social Engineering Campaign

A developer named Dylan managed to push age verification code into systemd, Ubuntu, and Arch Linux distributions by exploiting trust relationships with Microsoft employees who had commit access. Despite calling the effort 'hilariously pointless' in the pull request itself, systemd maintainer Lennart Poettering blocked attempts to revert the changes.

Mar 21, 2026Sam Bent

linuxsocial-engineeringsupply-chain

highData Breaches & Incidents

LAPSUS$ Claims AstraZeneca Breach While Zoom Phishing Campaign Spreads

The LAPSUS$ ransomware group claims to have breached pharmaceutical giant AstraZeneca, allegedly offering source code, credentials, and employee data for sale. Separately, Sublime Security researchers have identified a new phishing campaign using realistic JavaScript-based Zoom meeting invites to distribute malware on Windows systems.

Mar 21, 2026Hackread

lapsusastrazenecazoom-phishing

🏴Lapsus$

mediumData Breaches & Incidents

ClickFix Campaign Evolution: Drive Mapping, VPN Spoofing, and Developer-Targeted Attacks

Security researchers have identified an evolution in ClickFix social engineering attacks, with new variants mapping attacker-controlled network drives, Storm-2561 using fake Fortinet/Ivanti VPN sites to distribute Hyrax infostealer, and MacSync malware targeting developers via fraudulent Claude AI extensions.

Mar 18, 2026Hackread

clickfixsocial-engineeringinfostealer

🇺🇸Google

highIndustry & Policy

Credential Theft Surge, Ransomware Evolution, and AI Security Risks Shape Threat Landscape

Threat actors are increasingly relying on stolen credentials rather than traditional exploitation, while ransomware groups adapt to lower payment rates by changing tools and tactics. Meanwhile, new attack vectors targeting AI development environments and mobile payment systems highlight expanding attack surfaces.

Mar 18, 2026Dark Reading, Infosecurity Magazine

credential-theftransomwareinfostealer

🇷🇺Inception

🇺🇸Reddit

criticalMalware & Threats

CISA Flags Active Exploitation While New Ransomware Tactics and AI Shadow Operations Emerge

CISA added a Wing FTP Server vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation. Meanwhile, LeakNet ransomware has evolved to use ClickFix social engineering techniques, and security teams face growing challenges from unauthorized AI tools in enterprise environments.

Mar 17, 2026BleepingComputer, Graham Cluley, Checkpoint Research, Malwarebytes Labs

ransomwarecisa-kevmalware

🇺🇸Google

highNation-State & APT

Nation-State Activity Roundup: Iranian APT Evolution, Russian Backdoors, and Cross-Platform Social Engineering

Nation-state actors are diversifying their attack methods, with Iranian groups adopting AI-enhanced malware and identity weaponization, Russian APTs deploying the DRILLAPP backdoor against Ukrainian targets, and social engineering campaigns compromising German intelligence officials' encrypted communications.

Mar 17, 2026Security Affairs, Palo Alto Unit 42

aptnation-stateiran