Search Results for "social engineering"

Based Apparel May 21, 2026 • [ malware, infostealer, social engineering ] Based Apparel's merchandise website was compromised and used to present visitors with a fake Cloudflare-style verification prompt that attempted to trick macOS users into running commands that installed infostealer malware. Reporting described the malware as commodity infostealer/Trojan activity intended to steal credentials and passwords. The website was taken offline after the compromise was reported; no confirmed theft of Based Apparel data or visitor data was publicly reported.

Individual Filipino pensioner April 28, 2026 • [ vishing, phishing, malware ] A 68-year-old Filipino pensioner received a fraudulent call claiming to be from the Social Security System and was sent a Viber link to a fake app. After installation, malware hijacked his Android phone, froze the screen and power button, and allowed thieves to drain three bank accounts and two e-wallets, stealing more than 1 million.

ADT Inc. April 20, 2026 • [ vishing, social engineering, data breach ] ShinyHunters compromised an ADT employee Okta SSO account through vishing, used the account to access ADTs Salesforce instance, and stole personal information later assessed by Have I Been Pwned as affecting 5.5 million individuals.

Kemper April 15, 2026 • [ ransomware, social engineering, extortion ] In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.

DigiCert, Inc. April 2, 2026 • [ social engineering, malicious ZIP file, EV code-signing certificates ] A threat actor used DigiCert's customer support channel on April 2, 2026 to deliver a malicious ZIP file disguised as a customer screenshot, compromising two DigiCert support analyst systems. The attacker used analyst-level access to pivot into DigiCert's internal support portal and obtain initialization codes for approved EV code-signing certificate orders across specific customer accounts. DigiCert revoked 60 associated certificates by April 17, including 27 explicitly linked to the threat actor and 11 reported as used to sign Zhong Stealer malware; the specific perpetrator was not publicly identified.

At least one spyware-targeted WhatsApp user April 1, 2026 • [ spyware, malware, social engineering ] WhatsApp said about 200 users were tricked into installing a fake WhatsApp app containing spyware.

At least one individual March 18, 2026 • [ phishing, malware, social engineering ] Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.

Outpost24 March 16, 2026 • [ phishing, DKIM, social engineering ] SecurityWeek reported that a C-level executive at Outpost24 was targeted with a sophisticated phishing attempt that used a DKIM-signed email, trusted redirection infrastructure, compromised servers, and Cloudflare-protected phishing pages. Outpost24s subsidiary Specops Software said it detected and blocked the attack early before any systems were compromised or users impacted.

At least one KakaoTalk user March 16, 2026 • [ malware, account takeover, cyberattack ] Yonhap/The Korea Times reported a North Korea-linked group used stolen KakaoTalk accounts to distribute malware in recent cyberattacks, highlighting a new propagation tactic. Reporting said the threat actors compromise victims, gain access to KakaoTalk desktop accounts, and then use that trusted messaging channel to push malicious payloads to selected contacts.

An undislcosed organization March 12, 2026 • [ ransomware, social engineering, data theft ] IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.

Undisclosed cryptocurrency organization March 9, 2026 • [ cryptocurrency, social engineering, cloud compromise ] The Hacker News reported (citing Google Cloud) that North Korea-linked UNC4899 conducted a sophisticated 2025 cloud compromise targeting an unnamed cryptocurrency organization, stealing millions in cryptocurrency. The intrusion began with social engineering that tricked a developer into downloading a malicious archive for a supposed open-source collaboration; the developer then transferred the file to a work device via AirDrop. After malicious Python code executed and a binary masquerading as kubectl ran, the attackers pivoted into the cloud environment and abused legitimate DevOps workflows to harvest credentials, escape container confines, and tamper with Cloud SQL databases to modify financial logic enabling theft. This is coded as a confirmed successful intrusion with financial theft.

At least one Dutch government official March 9, 2026 • [ social engineering, phishing, state-sponsored hackers ] Dutch intelligence services warned that Russian state hackers are attempting to gain access to large numbers of Signal and WhatsApp accounts belonging to senior officials, military personnel, and civil servants worldwide. The campaign uses social engineering to trick users into revealing verification and PIN codes, including posing as a Signal support chatbot. The report notes Dutch government employees have also been targeted and, in some cases, compromised. This is campaign/advisory reporting rather than a single discrete victim event.

The City of Arab March 9, 2026 • [ phishing, BEC, social engineering ] GovTech reported that the City of Arab, Alabama was hit by a socially engineered phishing/BEC-style fraud in which perpetrators impersonated a legitimate officer of the contractor (FITE Construction) and induced the city to issue a fraudulent payment of $432,739.21 to an unauthorized entity. City leaders stated the fraud was detected internally and triggered a broader investigation. The report focuses on financial loss via social engineering rather than system disruption or data theft.

Mercer Advisors February 16, 2026 • [ cybersecurity breach, ransomware, data leak ] Wealth Management reported a class action lawsuit alleging Mercer Advisors suffered a cybersecurity breach around Feb. 16, 2026 carried out by ShinyHunters. The complaint said ShinyHunters demanded ransom within 48 hours and threatened to leak roughly 5.7 million client records; after Mercer refused to pay, the group published the stolen information. The article states the leaked data includes names, Social Security numbers, and other personal information, raising risks of identity theft, fraud, and highly targeted phishing/social engineering. The report also mentions ShinyHunters targeting other wealth firms, but the primary record is the Mercer breach and alleged publication of client data.

At least one Bitcoin owner February 15, 2026 • [ cryptocurrency, phishing, malicious javascript ] BleepingComputer described a campaign where threat actors abused Pastebin comments to distribute a ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser. The technique enables attackers to hijack crypto swap transactions and redirect funds to attacker-controlled wallets.

CarGurus February 13, 2026 • [ data breach, social engineering, vishing ] TechRadar reported that ShinyHunters claimed to have breached CarGurus and stolen about 1.7 million corporate records, threatening to release the data by a stated deadline. The report linked the claim to a broader wave of social-engineering vishing attacks used to obtain employee credentials/MFA codes and then access SSO dashboards (Okta/Entra/Google) and downstream applications. At the time of reporting in the article, CarGurus had not publicly confirmed the breach details, the precise intrusion window, or exactly what categories of data were taken beyond the actors claim, so this record reflects an alleged data-theft event pending independent confirmation.

Figure February 12, 2026 • [ social engineering, data leak, extortion ] Figure Technology Solutions confirmed it suffered a data breach after an employee fell victim to a social engineering attack, with attackers obtaining a limited number of files. SecurityWeek reported that the ShinyHunters group took credit and posted archive files on its leak site; Have I Been Pwned analysis identified roughly 967,000 user records in the leaked data. The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers. The reporting frames the incident as data theft/extortion without describing service disruption to Figures lending operations.

Optimizely February 11, 2026 • [ voice-phishing, social engineering, data leak ] Attackers associated with the ShinyHunters cybercriminal group used a voice-phishing social engineering attack to gain access to Optimizelys internal systems and CRM environment. Approximately 10,000 client organizations were affected, with exposed data including business contact information such as names, email addresses, and phone numbers.

At least one European official February 9, 2026 • [ social engineering, scams, QR-code device linking ] Social engineering against Signal users using fake support scams and QR-code device linking to spy on targets.

Portland Public Schools February 3, 2026 • [ phishing, email compromise, unauthorized access ] A phishing email offering a fake part-time job opportunity was sent to students after a staff email account (reported as a teacher account) was compromised. Because the message originated from an internal staff account, it bypassed normal restrictions and reached many student inboxes across the district. The district technology department removed copies of the email from the school system and issued guidance for students who submitted information to the linked form. The confirmed effect is unauthorized use of an internal account to distribute phishing content; the report does not confirm broader system compromise or data exfiltration beyond what students may have submitted to the scam.

Search Results (social engineering)