social engineering

The compromise of Axios, one of the JavaScript ecosystem’s most widely used HTTP clients, is a reminder that the biggest software supply-chain threats often begin with the smallest human mistake. In this case, the malicious packages were not slipped in through a novel exploit in npm itself, but...

The “Windows Update” screen you trust has been weaponized: attackers are using a high-fidelity fake update pop-up to trick Windows users into pasting and executing a malicious command that boots a fileless, in‑memory infostealer — a fresh and dangerous iteration of the ClickFix...

A single, almost‑throwaway prompt to an AI coding assistant appears to have stopped a full compromise in its tracks — and the episode should be a wake‑up call for developers, hiring teams, and security pros about how social engineering has evolved into a high‑precision, blockchain‑backed attack...

A terse, blurry fax promising imminent Windows destruction set off a chain reaction of fear, analog hysteria, and a fatal Reply‑All that reportedly cost a consultant their job — a small, vivid episode that exposes how legacy communications, social engineering, and poor workplace etiquette can...

Microsoft’s deadline is now unavoidable: Windows 10 will stop receiving regular security updates on October 14, 2025, and the immediate fallout in India—where millions of machines still run Windows 10—has forced consumers, small businesses, and large organisations into a compressed set of...

Microsoft’s free Windows 10 upgrade became a vehicle for a crop of convincing phishing emails that delivered file‑encrypting ransomware disguised as a legitimate installer, according to security researchers — a reminder that major platform announcements instantly become social‑engineering boons...

Japan and India’s joint operation to dismantle an India-based fraud ring marks a significant win for cross-border cybercrime enforcement — one that combined traditional policing, nonprofit expertise, and deep technical intelligence from Microsoft’s Digital Crimes Unit to shut down call centres...

Three persistent beliefs about Windows security still shape decisions in 2025 — that you must pay for antivirus, that Microsoft Defender is a catch‑all shield, and that staying on Windows 10 is safe for years to come — and each is misleading in ways that matter for risk, cost, and practical...

Windows 11 ships with a far stronger security baseline than its predecessors, but real-world attackers and configuration gaps still find workarounds—meaning Defender and Windows Security are necessary, not sufficient, for modern threat defense. Background Windows 11’s built-in...

Windows Security is a strong baseline for protecting Windows 11 devices, but it was never designed to be a human-proof, one-stop solution — there are modern threats that built-in tools cannot fully mitigate, and relying on default protection alone leaves significant gaps in phishing...

A new wave of highly sophisticated phishing scams has placed millions of Microsoft 365 users at increased risk, with recent campaigns focusing on colleges and universities such as Seton Hall. These scams exploit a deepening trust in digital communications and modern security tools, employing...

A surge of cyber threats and security debates this week highlights both the escalating sophistication of digital attacks and the evolving strategies defenders employ to stay ahead. From researchers demonstrating how Google’s Gemini AI can be hijacked via innocent-looking calendar invites to...

A new wave of targeted phishing attacks is sweeping through organizations, exploiting a legitimate Microsoft 365 feature to wreak havoc from inside the trusted walls of enterprise email. Security researchers have recently uncovered threat actors using the Microsoft 365 “Direct Send” capability...

Cloudflare has issued a stark warning about a new and highly sophisticated wave of phishing attacks targeting Microsoft 365 users, drawing attention to a dangerous exploitation of a trusted email security feature: link wrapping. In recent weeks, both enterprise and consumer accounts have come...

A sophisticated phishing campaign exploiting trusted email security tools has rattled the cybersecurity landscape, exposing a dismally clever strategy that turns protective mechanisms into attack vectors. Between June and July 2025, researchers at Cloudflare uncovered an operation wherein...

Cybercriminals have once again proven their adaptability by leveraging trusted technology—from cybersecurity companies themselves—to bypass email defenses and target Microsoft 365 users. In a revealing discovery, threat actors have been exploiting link-wrapping services from well-known vendors...

In a rapidly evolving cybersecurity landscape, defenders continually play catch-up as threat actors devise innovative ways to evade detection, exploit trust, and steal sensitive information. A recent revelation by cybersecurity researchers highlights a sophisticated phishing campaign targeting...

In a rapidly evolving threat landscape marked by sophisticated digital deception, the Scattered Spider hacking group has carved out a notorious reputation for exploiting trust—both technological and human—to compromise some of the world’s most widely used platforms. Recent advisories from...

In a development commanding the attention of cybersecurity professionals worldwide, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with multiple international law enforcement and cybersecurity entities, has released an updated advisory on the Scattered Spider...

The npm JavaScript ecosystem has once again been rocked by a coordinated malware campaign, this time targeting both cross-platform and Windows-specific environments through widely trusted packages. The incident, centered around the highly popular "is" package and several linting tools associated...