Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks…
Tag: fake
AI, Global Security News
Poorly crafted phishing campaign leverages bogus security incident report
Attackers used a fake PDF incident report hosted on AWS to scare victims into enabling 2FA, though a poorly crafted phishing campaign. Freelance security consultant Xavier Mertens reported a phishing campaign using a fake PDF security incident report hosted on AWS to scare victims into enabling 2FA. The researchers pointed out that the campaign appears poorly…
AI, Global Security News
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails
Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations.
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows
A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware. The attack relies on compromised websites that display convincing Cloudflare-style security checks, prompting victims to manually execute malicious PowerShell commands under the guise of routine verification. “StealC exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook…
AI, Cybersecurity, Global Security News, malware, Risk Management
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…
AI, Global Security News
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. […]
AI, Global Security News, malware
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
Global Security News, Security
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. […]
cyber crime, Cybersecurity, Europe, Global Security News, Scams and Fraud, Security
Hackers Use Signal QR Codes to Spy on Military and Political Leaders
Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn.
cyber crime, Cybersecurity, Europe, Global Security News, Scams and Fraud, Security
Hackers Use Signal QR Codes to Spy on Military and Political Leaders
Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn.
cyber crime, Cybersecurity, Europe, Global Security News, Scams and Fraud, Security
Hackers Use Signal QR Codes to Spy on Military and Political Leaders
Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn.
AI, Global Security News, Guest blog, Law & order, Nigeria, romance scam, Scam
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
When a Romanian businesswoman fell for a fake Dubai Crown Prince in a $2.5 million romance scam, investigators tracked the fraudster to his Nigerian mansion – only to discover he was masquerading as a campaigning philanthropist. Read more in my article on the Hot for Security blog.
AI, Crypto, Cybersecurity, fraud, Global Security News, Scams and Fraud
Common Crypto Scams and How to Protect Your Funds in 2026
Crypto scams are surging worldwide, from pig butchering to fake trading platforms and deepfakes, draining victims while fraud teams struggle to keep up.
AI, cyber attack, Cybersecurity, Global Security News, malware, Security
macOS Users Hit by Python Infostealers Posing as AI Installers
Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, International, malware, Network Security, News, Risk Management, Threats
Fake Dating App Delivers Android Spyware in Targeted Campaign
ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware. The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…