ClickFix campaign delivers Mac malware via fake Apple page
Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1204 — User Execution (Execution)
Clear filter42 articles found
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensiti...
Actor tied to Raccoon targets 'several dozen' companies by exploiting BPOs and helpdesks
Google says UNC6783 leverages social engineering and phishing campaigns to gain entry to the BPOs.
ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer
A refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing ...
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren mailing list, a pu...
Nascent extortion campaign underpinned by social engineering
Dozens of organizations across several industries have been extorted by the financially motivated hacking operation UNC6783, which is suspected to be linked ...
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microso...
Charming Kitten: Iran-linked group increasingly employs social engineering in cyber espionage
Charming Kitten, associated with Iran's security apparatus, targets officials, researchers, and corporate employees by impersonating trusted contacts.
Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns
Threat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that b...
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift
North Korean hackers (UNC4736) posed as a trading firm for six months to infiltrate Drift Protocol, using social engineering tactics to steal $285M without s...
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers ...
Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users
Threat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat...
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planne...
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineer...
Hackers Launch Social Engineering Offensive Against Key Node.js Maintainers
Following the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targ...
Axios maintainer’s post mortem confirms social engineering by UNC1069
Jason Saayman says he installed a remote access trojan disguised as a Teams update.
Hims & Hers data breach exposes customer support data
The breach was a result of a social engineering attack, where hackers tricked employees into granting system access.
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orches...
Axios npm compromise traced to targeted social engineering attack
The recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which brie...
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took plac...