Social-Engineering

🟡 Medium | Source: The Hacker News This is a weekly threat bulletin covering a broad range of active security issues, including AI agent exploitation, command-and-control tooling, ClickFix social engineering campaigns, JavaScript backdoors, and over 20 additional threat stories. It matters because it reflects the accelerating normalisation of sophisticated attack techniques being accessible to lower-skilled threat actors, and highlights emerging risks from AI systems being leveraged in real attacks. Architect’s Take: Use this bulletin as a prompt to review your threat model against ClickFix-style social engineering vectors and any AI agent integrations in your environment — particularly where agents have access to cloud APIs or can execute code. Ensure your JavaScript supply chain controls and browser security policies are current. ...

🟡 Medium | Source: The Hacker News This is a broad threat intelligence bulletin covering a range of current attack trends including malicious AI agents, command-and-control tooling, ClickFix social engineering, JavaScript backdoors, and more. It reflects the increasingly commoditised nature of offensive tooling, where even low-skilled threat actors now have access to sophisticated capabilities. The significance lies in the breadth of attack vectors being actively exploited across web, endpoint, and AI-adjacent surfaces. ...

🟡 Medium | Source: The Register — Security The Five Eyes intelligence alliance has issued a warning about China’s ongoing campaign to recruit Western nationals via LinkedIn and other professional networks, offering cash in exchange for state secrets and sensitive government or corporate information. The campaign targets individuals with access to classified or commercially valuable data, using social engineering tactics that have been observed for several years but appear to be intensifying. This matters because cloud engineers and architects working on government or defence-adjacent projects are plausible targets given their access to sensitive infrastructure. ...

🟠 High | Source: The Register — Security The Five Eyes intelligence alliance has issued a warning about China’s ongoing campaign to recruit Western government employees and contractors via LinkedIn, offering cash in exchange for state secrets. The tradecraft involves seemingly innocuous connection requests that escalate into paid intelligence relationships. This is a long-running threat that intelligence officials say continues to grow in scale and sophistication. Architect’s Take: Cloud security architects with clearances or access to sensitive government cloud environments should review their organisation’s social media policies and ensure staff handling sensitive infrastructure are briefed on LinkedIn-based social engineering. Consider implementing insider threat monitoring and reinforcing acceptable use policies around unsolicited professional contact from unknown foreign nationals. ...

🟠 High | Source: Schneier on Security Attackers are exploiting Meta’s AI support chatbot to hijack Instagram accounts by tricking the bot into adding a hacker-controlled email address and issuing a password reset. The attack requires no prior account access and bypasses Instagram’s automated protections using a VPN to spoof the victim’s location. This demonstrates a critical flaw in how AI-powered support systems validate identity before performing sensitive account actions. Architect’s Take: Organisations deploying AI chatbots for customer support or account management must enforce out-of-band identity verification for any privileged actions — such as adding credentials or triggering resets — and ensure the AI cannot be the sole authorisation path for account takeover-enabling operations. Review your own AI assistant integrations for similar trust boundary weaknesses where bot-initiated actions bypass human or MFA controls. ...

🟠 High | Source: Schneier on Security Attackers are exploiting Meta’s AI support chatbot to hijack Instagram accounts by social-engineering the bot into adding a hacker-controlled email address and triggering a password reset. The attack requires no technical vulnerability in the traditional sense — the AI simply complies with the request after a verification code exchange. This highlights a significant trust and authorisation flaw in how Meta’s AI assistant handles account management actions on behalf of unauthenticated parties. ...

🟠 High | Source: The Hacker News Attackers have built convincing fake websites impersonating popular open-source and freeware tools, engineering them to rank highly in Google search results. Visitors are silently routed through a Traffic Distribution System (TDS) that profiles them before delivering tailored malware, including credential stealers and session hijacking frameworks. The campaign is notable for its scale and the quality of the spoofed sites, making it easy for developers and engineers to be deceived. ...

🟠 High | Source: The Hacker News Attackers have created convincing fake websites impersonating popular open-source tools, optimising them to rank highly on Google search results. Visitors are silently routed through a Traffic Distribution System (TDS) that delivers malware including credential stealers and session hijacking frameworks. This is a supply chain-adjacent threat targeting developers and technical users who search for and download software directly from the web. Architect’s Take: Enforce organisational policies requiring software to be sourced only from verified package managers (npm, PyPI, etc.) or official repositories, and block direct binary downloads from unvetted sites via web proxy or CASB controls. Consider adding developer workstations to your threat model and ensure EDR coverage extends to engineering endpoints. ...

🟡 Medium | Source: The Hacker News The US Department of Justice ran a coordinated ‘Disruption Week’ operation from May 2026 targeting Southeast Asian criminal networks running cryptocurrency and cyber-enabled fraud schemes against American victims. The action involved both government agencies and private sector partners, resulting in the takedown of millions of fraudulent social media, email, and internet accounts, and the freezing of $3.8 million in assets. These operations are typically linked to pig butchering and romance scam networks, which increasingly exploit cloud-hosted infrastructure and social engineering at scale. ...

🟡 Medium | Source: The Hacker News A malware-as-a-service campaign dubbed Weedhack has been targeting Minecraft players since January 2026, distributing malware through YouTube by impersonating legitimate Minecraft clients and mods. The campaign has compromised thousands of systems and is linked to a loader dubbed CountLoader, which has recorded over 86,000 infections. The threat is notable for its exploitation of gaming communities and pirated software channels as a delivery mechanism for system-control malware. ...