Unangemeldete Kontrollen durch die Datenschutz-Aufsicht? Egal, ob früher in der Schule oder heute bei der Verkehrskontrolle, solche ungewollten Überraschungen sind uns meistens sehr unangenehm. Doch Vor-Ort-Kontrollen durch Aufsichtsbehörden sind in den letzten Jahren immer häufiger geworden. Dieser Beitrag beleuchtet die rechtlichen Grundlagen solcher Kontrollen und gibt praxisnahe Handlungsempfehlungen, damit Unternehmen Unsicherheiten abbauen und sich gezielt […]| Dr. Datenschutz
In this era, phishing scams are widespread. Every hour, someone is scamming someone in the world. Nothing is safe, from your inbox to your phone, and even social media. Below, we’ll explore 10 common phishing scams you have probably seen before, how they work, and what red flags to watch for. The government, banks, and [...]| Lipson Thomas
Unit 42 explores the similarities between the social engineering and reconnaissance tactics used by financially motivated criminals. The post Data Is the New Diamond: Heists in the Digital Age appeared first on Unit 42.| Unit 42
ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after.| KnowBe4 Security Awareness Training Blog
Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42.| KnowBe4 Security Awareness Training Blog
Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial Data”.| KnowBe4 Security Awareness Training Blog
You've probably seen them: enticing online offers for free products from brands you trust, like a Yeti beach chair from Costco or an emergency car kit from AAA.| KnowBe4 Security Awareness Training Blog
Social engineering attacks are a growing threat to operational technology (OT) environments, Industrial Cyber reports.| blog.knowbe4.com
Virus and malware threats are spreading daily; who knows where that will lead in 2023? Without protection, every user risks becoming a victim.| Gridinsoft Blogs
Gophish is an open-source framework that enables launching phishing campaigns. This framework helps organisations assess their employee's training| Lipson Thomas
Ransomware-Angriffe nehmen weltweit weiter zu – und in den meisten Fällen beginnt alles mit Social Engineering. Aktuelle Daten zeigen: Phishing ist nach wie| B2B Cyber Security
Pretexting is part of social engineering, in which an attacker provides a false script or pretext to gain access to information.| Gridinsoft Blogs
I hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a substantial...| blog.knowbe4.com
Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a new report....| blog.knowbe4.com
ClickFix attacks have been around for decades; only the name is new.| blog.knowbe4.com
The 2023 Verizon DBIR has confirmed FBI's findings: BEC scammers are ramping up their social engineering efforts to great success.| Help Net Security
Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site| Help Net Security
Phishing attacks using open redirect flaws have increased again, orgs should consider refreshing employees' knowledge on how to spot them.| Help Net Security
GenAI attacks make current security awareness training outdated. How can we train users to defend against evolving threats?| Help Net Security
Reverse proxy phishing with Evilginx is a technique where a phishing site acts as a proxy server, intercepting legitimate requests and forwarding them to the genuine website while capturing sensitive information from users. This approach allows us to create convincing phishing campaigns by seamlessly proxying the target site, making it [...]| Krptyk
The tastic RFID thief was created nearly ten years ago, and it only seemed fitting to bring this up again since, well, it still works today. Why does it still work? Well, replacing an entire buildings access control systems is extremely expensive so outdated technology is left since theoretically it [...]| Krptyk
Keir Giles, a prominent expert on Russia, was targeted with a new form of social-engineering attack that leverages App-Specific Passwords. Google links the operation to UNC6293, a Russian state-backed group.| The Citizen Lab
Identity theft is a severe cybercrime where an individual's personal information is stolen and used by someone else for fraudulent purposes.| Gridinsoft Blogs
Introduction to Phishing - Learn what phishing is, why it's dangerous, real-life examples, and powerful tips to protect yourself from online scams.| Lipson Thomas
Cybercriminals are using AI cloaking services to hide fake sites and malware from scanners. Learn how it works—and how defenders are adapting to fight back.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
How security consultant Troy Hunt got tricked by a clever phishing email and his Mailchimp account got compromised.| Help Net Security
Imagine if hackers could give their scam websites a cloak of invisibility. The tech world calls this trick cloaking – showing one web page to regular people and a harmless page to the guards. That’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites […] The post How Threat Actors Use AI to Hide Malicious Sites first appeared on SlashNext.| SlashNext
ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check. Disguised as something familiar, like a Cloudflare CAPTCHA, it convinces users to copy and paste dangerous code without realizing the risk. We’ll break down how ClickFix works, examine […] The post Decoding ‘ClickFix’: Lessons from the Latest Browser-Based Phish first appeared on SlashNext.| SlashNext
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted […] The post Xanthorox AI – The Next Generation of Malicious AI Threats Emerges first appeared on SlashNext.| SlashNext
It’s no secret that cybercriminals love to exploit our trust in well-known brands. From big-name retailers to popular online services, attackers will latch onto anything that seems safe. In this post, we will explore a real-life example of this: the abuse of DocuSign’s actual application to deliver malicious links. Then, we’ll dive into how our […] The post How Attackers Abuse Trusted Cloud Apps—and Why URL Analysis Matters first appeared on SlashNext.| SlashNext
Phishing attacks have moved beyond simply sending emails with malicious links to incorporate more modern social engineering techniques, including the alarming trend of mixing in smishing (SMS phishing) and vishing (voice phishing). These techniques are a growing threat beyond email security and enhance cybercriminals’ capabilities to achieve their objectives using this new range of communication […] The post From Phishing to Vishing – Modern Social Engineering Attacks first appeared on ...| SlashNext
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception. Astaroth utilizes an evilginx-style reverse proxy to intercept and manipulate traffic between […] The post Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and ...| SlashNext
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud services. Today, cybercriminals are not just focusing on well-known platforms like DocuSign and Microsoft. They’re expanding their reach, exploiting a variety of cloud apps such […] The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting...| SlashNext
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
NimDoor is a sophisticated MacOS malware deployed by North Korea-linked threat actors, likely Stardust Chollima, targeting Web3 and cryptocurrency organizations.| blog.polyswarm.io
The importance of security awareness training in our classrooms is more important than ever. Here's what to consider for your districts and teachers.| FRSecure
In one of the most significant insider-assisted cyberattacks in Brazil’s financial history, a low-level IT operator working at C&M Software—a company that links smaller banks to Brazil’s PIX real-time paymentRead More → The post How a Low-Level IT Worker Helped Hack Brazil’s Banking System — Step by Step appeared first on Information Security Newspaper | Hacking News.| Information Security Newspaper | Hacking News
Black Basta affiliates are trying to trick employees into installing RMM tools by posing as help desk workers via Microsoft Teams.| Help Net Security
Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code...| blog.knowbe4.com
Aflac confirms a cyberattack exposed sensitive customer data, citing social engineering tactics amid a wave of breaches targeting US insurers.| eSecurity Planet
Dive into the Social Engineer Toolkit with our expert guide. Learn to harness its capabilities for ethical hacking and strengthening your skills| StationX
A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.| Quarkslab's blog
Vishing scams are rising. Learn how SMBs can spot voice phishing and defend against attacks with simulation-based training.| Inspired eLearning
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. In our field, LinkedIn is often used to gather a lot of information about a company during a red teaming assessment or social e...| blog.compass-security.com
Insbesondere beim sogenannten Social Engineering nutzen Täter das vermeintlich schwächste Glied in der Verteidigungskette von Organisationen gezielt aus. In seinem aktuellen Lagebericht zur IT-Sicherheit in Deutschland 2022 weist das BSI explizit auf den Faktor "Mensch" hin.| DID | Dresdner Institut für Datenschutz
Based on observations from our 2024 incident response cases, an MFA bypass technique called token theft attacks are gaining steam. Learn more here.| FRSecure
ClickFix Scams Target Computer Users Across Industries and Borders Fake CAPTCHA screens, document error alerts, and phony Facebook messages infect user PCs with data-stealing malware A clever new cyberscam is wreaking havoc among businesses, hospitality venues, healthcare providers, and other organizations. The scam uses the psychology of social engineering to exploit our human desire to fix little computer problems ourselves, rather than calling IT or opening a ticket. Instead, a pop-up scre...| 24By7Security Blog
Personally identifying information is of value and when not protected, it’s a fuel for data-hungry companies and cybercriminals. In wrong hands such as| IPBurger.com
Last year, KnowBe4's report Exponential Growth in Cyber Attacks Against Higher Education Institutions illustrated the growing cyber threats facing...| blog.knowbe4.com
Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more...| blog.knowbe4.com
A fake Cloudflare CAPTCHA? ClickFix cons users into pasting malicious commands. See how it works—and how SlashNext blocks it before damage is done.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
Explore how Xanthorox AI’s modular, self-hosted design empowers cybercriminals—and learn how SlashNext defends against these advanced, AI-driven threats.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
This video talks about social engineering (also known as human hacking), how can it be performed, and how can you fight against it.| Help Net Security
Devil-Traff is a new bulk SMS platform enabling phishing campaigns with features like sender ID spoofing, API automation, and support for spam, facilitating large-scale cyberattacks at low cost.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024.| Help Net Security
FRSecure's annual infosec report is changing this year, focusing on 125+ incident response engagements and the key findings. Read the first of the series here.| FRSecure
Learn how attackers exploit trusted cloud apps like DocuSign and how advanced URL analysis unveils hidden phishing and malware threats before damage occurs.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Learn how phishing, smishing, and vishing, key components of modern social engineering and business email compromise (BEC), leverage bots and voice cloning to bypass traditional defenses and capture credentials today.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
The internet has experienced a lot of breaches since its inception, and almost all of them can be attributed to one vulnerability, human error. That’s right;| IPBurger.com
PhishWP creates fake payment pages that look like trusted services. It's used as a phishing trap to steal sensitive information such as credit card numbers, personal data, and browser metadata.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Analysis of 7B emails reveals surge in clean links, 10x more malicious EML attachments in Q4, and record-high social engineering attacks.| Help Net Security
Explore emerging credential harvesting threats targeting cloud apps like ProtonMail, Gravatar, and telecoms. Learn tactics, risks, and how to stay secure.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
ESET has published its Threat Report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users...| blog.knowbe4.com
North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process| blog.knowbe4.com
The US FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme...| blog.knowbe4.com
Understanding why phishing is dangerous is the first step to protecting your business from cyber-attacks. The next step? Read this article to find out now!| www.ezcomputersolutions.com
Erfahren Sie, wie Social Engineering funktioniert, erkennen Sie Angriffe und schützen Sie Ihre Daten durch gezielte Sensibilisierung und Schulungen.| DSN train
Explore the impact of generative AI on deepfakes, the escalating threats in cybersecurity, and mitigation tactics to combat AI-driven fraud.| zvelo
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.| securelist.com
A closer look at 5 most common variants of holiday cyber attacks.| Vonahi Security's Blog
From phishing and BEC to evasive spear phishing and VEC + tips on what you can do to defend against these sophisticated attacks.| Vonahi Security's Blog
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an u...| Schneier on Security
To combat Generative AI phishing attacks, phishing training programs must prioritize technical aspects of detection over grammatical errors.| zvelo
Learn about the differences between SIEM, SOAR, Managed SOC, MDR, EDR, NDR and XDR to make a smart choice about what's right for you.| ID Agent
Like many other offensive IT security companies, we also offer social engineering assessments. And like in other areas of our portfolio, we try to steer client needs in a way that they order something that actually matters. This blog post summarizes what we experienced and how we see things in this field. While many things work the same way around the globe, the starting point is our feeling here in Hungary, where many people in the local IT security scene think social engineering means walki...| Silent Signal Techblog
I’ve always wanted to take a look at the security of 3G modem sticks but as a more “high-level” guy, I basically procrastinated the task of messing with kernel drivers and such, and settled to installing these devices into disposable virtual machines for security.| Silent Signal Techblog
Explore the role of Digital Risk Protection in defending against any unauthorized exploitation of brand assets in the digital realm.| zvelo
See why schools are the top target of ransomware attacks, the possible consequences for them and how to mitigate their risk.| ID Agent
From chatbots mimicking humans to voice synthesis and deepfakes that disorient and deceive, learn about AI's role in Social Engineering.| zvelo
AI-fueled social engineering tactics are a potent initial infection vector for ransomware as well as a myriad of other cyber threats.| zvelo
October is National Cybersecurity Awareness Month. While cybersecurity matters every day of the year, this month, the industry collaborates to spread awareness to all stakeholders.| CISO Global (formerly Alpine Security)
This post explores Defense-in-Depth, a comprehensive strategy with a multi-layered approach to modern threat protection.| zvelo