At least one organization in North America
January 13, 2026
•[ SEO poisoning, backdoored installers, vulnerabilities ]
It summarizes NCC Group findings about activity linked to a threat group called Silver Fox (including SEO poisoning used to distribute backdoored installers for widely used software and infections observed dating back to July 2025) and separately describes four vulnerabilities in the Johnson Controls PowerG building security radio protocol that could enable interception, impersonation, message replay, and broader compromise within radio range if unpatched or poorly mitigated.
Anne Helen Petersen's Substack account
October 1, 2025
•[ phishing, account takeover, impersonation ]
Former Buzzfeed journalist Anne Helen Petersen received a phishing email that imitated a security alert from Substack, warning that her ability to send emails would be frozen unless she verified her account. After she responded, attackers captured her credentials and gained unauthorized access to her Culture Study Substack newsletter and podcast account, which has more than 25,000 followers. The intruders changed the newsletters name to impersonate cryptocurrency wallet company Trezor and added thousands of new email addresses to the mailing list, hijacking her distribution channel to push a crypto-related scam through her audience.
Cities of Palo Alto, Redwood City, and Menlo Park (Crosswalk systems)
April 21, 2025
•[ Hacktivism, Unauthorized Access, Deepfake ]
Hacktivists hijacked Bay Area pedestrian crosswalk systems in Palo Alto, Redwood City, and Menlo Park to broadcast deepfake audio messages impersonating Elon Musk and Mark Zuckerberg mocking billionaire culture; no data theft or operational outage beyond altered messages reported.
Ionic Money
February 3, 2025
•[ DeFi exploit, impersonation, protocol manipulation ]
On February 3 2025, attackers exploited Ionic Money on the Mode Network by impersonating members of Lombard Finance and convincing the project to list a fake token (LBTC). They minted counterfeit collateral, borrowed legitimate assets, and drained about $8.6 million in funds, later laundering part of it through Tornado Cash. The incident was a decentralized finance exploit involving protocol manipulation, with no system encryption or service disruption.
At least one individual tricked by scam network impersonating CNN, BBC, CNBC
January 1, 2025
•[ phishing, scam, impersonation ]
Global phishing and investment scam campaign impersonating CNN, BBC, and CNBC; CTM360 identified over 17,000 fake sites used to steal identity and financial data through bogus crypto platforms like Eclipse Earn, Solara, and Vynex
