Cyware Social will be sunset on April 15, 2026. The service is being replaced by Cyware’s Daily Threat Intel Briefs,
offering curated security advisories on the latest threats. Enterprise users can contact us here → for more details.

Alerts Events DCR
Filter Alerts by
March 9, 2026

New Social Security Scam Emails Use Fake Tax Documents to Hijack PCs

A new phishing campaign is targeting individuals in the US by impersonating the Social Security Administration. The emails use urgent language such as "Important Disclosures" or "Important Regulatory Information" to prompt immediate action.
March 5, 2026

LastPass warns of spoofed alerts aimed at stealing master passwords

LastPass users are being targeted by a sophisticated phishing campaign that uses spoofed security alerts to steal master passwords. The campaign involves fake email threads and display name spoofing to deceive users into revealing their credentials.
March 4, 2026

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

A sophisticated campaign has been identified where threat actors impersonate IT support to deploy the Havoc C2 framework, leading to potential data exfiltration or ransomware attacks.
March 2, 2026

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The Scattered LAPSUS$ Hunters (SLH) are actively recruiting women for IT help desk vishing attacks, offering $500–$1,000 per call. Recruits are provided with pre-written scripts to enhance the success of these social engineering attacks.
February 20, 2026

Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

A fraud campaign exploiting Indonesia's Coretax tax platform has resulted in financial losses of $1.5m to $2m. The operation identified 228 new malware samples and 996 phishing URLs, targeting a potential pool of 67 million Indonesian taxpayers.
February 18, 2026

Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails

Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.
February 12, 2026

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

The "AgreeToSteal" attack marks the first known instance of a malicious Microsoft Outlook add-in in the wild, exploiting the abandoned "AgreeTo" add-in to steal over 4,000 Microsoft credentials.
February 11, 2026

Pride Month Phishing Targets Employees via Trusted Email Services

The phishing campaign began in December 2025, initially targeting 504 organizations primarily in the financial services and consulting sectors as part of a testing phase.
February 3, 2026

Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins

A sophisticated phishing campaign is targeting business users by exploiting clean emails, PDF attachments, and cloud storage to steal Dropbox credentials. This attack uses trusted services to bypass security filters and get sensitive information.
January 28, 2026

There’s a rash of scam spam coming from a real Microsoft address

A recent phishing scam has been identified, exploiting a legitimate Microsoft email address to deliver scam emails. This advisory provides details on the scam's operation and its implications.
Load More

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Learn More

Trending Tags
Popular Topics
See more