Social-Engineering - 1

2026 (2)

April (1)

security: Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

Microsoft Security Blog

2026-04-16

Microsoft reports a macOS intrusion campaign attributed to Sapphire Sleet that uses social engineering and user-driven execution to bypass macOS protections. The activity is described as targeting credentials, cryptocurrency assets, and sensitive data.

March (1)

security: When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

Microsoft Security Blog

2026-03-19

Microsoft says threat actors are using tax-season urgency to deliver phishing and malware via refund notices, payroll forms, filing reminders, and fake tax-professional requests. The lures can include malicious attachments, links, and QR codes.

2025 (1)

December (1)

security: Imposter for hire: How fake people can gain very real access

Microsoft Security Blog

2025-12-11

The Microsoft Security Blog post warns that 'fake employees'—synthetic or forged identities created to look like legitimate workers—are an emerging threat that can infiltrate organizations and obtain real access. It outlines common ways these imposters gain entry through onboarding gaps, stolen or fabricated credentials, and social engineering, and recommends operational and technical controls to reduce risk.