Tag: Vishing
-
The 48-Hour Window: Google’s H1 2026 Report Warns of “Spectrally Stealthy” Cloud Breaches
According to a nascent dossier promulgated by Google Cloud, digital malefactors have commenced breaching cloud architectures almost instantaneously following the public disclosure of vulnerabilities. Whereas the interlude between a flaw’s revelation and the inaugural kinetic strikes historically spanned weeks, contemporary adversaries now require a mere matter of days. The Cloud Threat Horizons Report H1 2026…
-
The Taxman’s Shadow: How a $2M Fraud Syndicate Impersonated Indonesia’s Official Coretax Service
In Indonesia, a sophisticated fraudulent enterprise has been unmasked, masquerading as the official Coretax fiscal service. Adversaries orchestrated a clandestine infrastructure utilizing counterfeit mobile applications, facilitating offensives not only against taxpayers but also across dozens of disparate digital ecosystems. According to evaluations by Group-IB, the cumulative financial depredation within the nation is estimated to be…
-
The Browser Puppeteer: New Vishing Kits Hijack Sessions in Real-Time
Social engineering offensives are undergoing a sophisticated metamorphosis—adversaries now amalgamate telephonic directives with dynamic phishing kits that facilitate the real-time manipulation of a victim’s web session. According to an expose by Okta Threat Intelligence, these emerging “Phishing-as-a-Service” instruments are being aggressively deployed against users of Google, Microsoft, Okta, and various cryptocurrency ecosystems. The hallmark of…
-
The Invisible Predator: How “Scattered Spider” Weaponizes Familiarity to Vanish Inside Corporate Networks
Until recently, cyber offensives were synonymous with “exotic” malicious servers and conspicuously suspicious IP addresses. Today, that paradigm has shifted entirely. A comprehensive report by Team Cymru elucidates the sophisticated maneuvers of Scattered Spider, a collective that has mastered the art of vanishing within legitimate digital frameworks, camouflaging their incursions as routine employee activity, VPN…
-
The Identity Epidemic: eSentire Reports a 389% Surge in Account Takeovers
To infiltrate a corporate network, adversaries are increasingly eschewing the search for server vulnerabilities or the deployment of intricate exploits. It has proven far more lucrative to adopt a simpler, more clandestine approach: usurping an individual’s digital credentials to merely walk through the front door. According to the eSentire TRU report, digital identity emerged as…
-
Autonomous AI Cybercrime: Google Cloud Forecasts Agentic Systems Will Orchestrate Attacks in 2026
Artificial intelligence, once regarded merely as an auxiliary tool in the field of cybersecurity, is now moving to the forefront and becoming the very engine of digital threats. A new Google Cloud forecast for 2026 indicates that, in the coming months, the balance of power between attackers and defenders will shift dramatically: AI will not…
-
LastPass ‘Death Hoax’ Phishing Targets Crypto: New CryptoChameleon Scam
A large-scale phishing campaign targeting LastPass users and clients of major cryptocurrency exchanges began in mid-October, spreading under the guise of official service notifications. LastPass has warned that the attack is orchestrated by the group CryptoChameleon (UNC5356), notorious for cryptocurrency thefts through social engineering and fake account recovery sites. The fraudulent emails are sent from…
-
BTS Hackers Nabbed: South Korea Extradites Alleged Leader of a Vishing Ring
The Ministry of Justice of South Korea has announced the extradition of a suspected leader of a transnational hacking group — a 34-year-old Chinese national wanted for a series of high-profile thefts targeting wealthy and prominent South Korean citizens, including BTS member Jeon Jungkook. According to officials, the suspect was flown out of Bangkok in…
-
Hackers Breach Google’s Salesforce Database, Exfiltrating Client Data
Google has officially confirmed that hackers gained unauthorized access to one of its corporate Salesforce databases and exfiltrated data related to small and medium-sized business clients. The disclosure appears in an updated June bulletin from Google Threat Intelligence, which states that the compromised system stored contact information and work notes associated with these clients. The…
-
The AI Cyberwar Is Here: CrowdStrike Report Exposes How Attackers Use AI to Automate Vishing, Phishing, & Espionage
Generative AI models are rapidly evolving into fully-fledged instruments within the arsenals of cyber adversaries. This trend is underscored in CrowdStrike’s 2025 annual report, which highlights a sharp increase in the use of artificial intelligence not merely for boilerplate phishing, but as a foundational element in scalable, sophisticated, and increasingly covert operations. Attackers have moved…
-
Chanel Client Data Breached in Widespread ShinyHunters Campaign Targeting Salesforce
The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States. The incident was discovered on July 25, when threat actors gained unauthorized access to a database hosted by a third-party service provider…
-
The ShinyHunters Salesforce Attack: Vishing & OAuth Abuse Blamed for Qantas, Allianz, LVMH Breaches
Threat actors operating under the name ShinyHunters have orchestrated a series of cyberattacks targeting major corporations, including Qantas, Allianz Life, LVMH, and Adidas. Each incident centers around attempts to infiltrate client Salesforce environments through sophisticated social engineering tactics—most notably, voice phishing (vishing). According to Google’s Threat Intelligence Group (GTIG), the cybercriminals—tracked as UNC6040—posed as IT…