HX Weekly by Hexagon Center
Posts
How did those scam messages get to you?

How did those scam messages get to you?

An escalating landscape of social engineering and automated cybercrime, specifically noting the Toronto Police's bust of an "SMS Blaster" operation and the staggering $2.1 billion lost by Americans to social media scams last year. The newsletter emphasizes a sophisticated campaign by North Korean hackers (BlueNoroff) using AI-generated Zoom meetings and "ClickFix" lures to drain Web3 crypto wallets, while also reporting on major data breaches at ADT and Carnival Corporation. Amidst record-breaking privacy fines and the rise of the BlackFile extortion group, the report concludes that while AI-driven threats are evolving, traditional methods like phishing and vishing remain highly effective, urging users to trust their instincts and maintain manual vigilance as the primary line of defense.

Daniel Masterson, Ai Courtrie Buson & Bard Gee
May 01, 2026

HX Weekly
^{by Hexagon Center}

^{for the week of April 26, 2026, 119th edition}

Subscribe at hexagoncenter.org

☝️ TWA

‘SMS Blaster’ Cybercrime Operation

Photo by Nathan Dumlao on Unsplash

It’s about another way you’re possibly getting those messages in Toronto Police Bust ‘SMS Blaster’ Cybercrime Operation

🤷‍♀️ What now?: Ignore those messages you are not familiar with.

Tools: You are the best cybersecurity in this case. Resist the temptation to respond.

Meanwhile … Hackers got data on 5.5 million ADT customers by phishing, report says

WATCH OUT ◉_◉ Social media scams cost Americans more than $2.1 billion last year, according to the FTC

MUST READ: Hackers earning millions from hijacked cargo, FBI says

Echos: Dragos: Despite AI use, new malware targeting water plants is ‘hype’

📰 Security Highlights

In other news, Greece to ban anonymity on social media

GOOD READ: Phishing the agent: Why AI guardrails aren’t enough

about this edition and Inside Hexagon

Scammers, hackers, cyber threat actors are working hard and they only need to get it right once to compromise our system and infiltrate our lives. As always, be vigilant and if you ever feel anything that’s not right, trust your gut feeling.

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

We can learn from the story above: BlueNoroff is targeting Web3 executives with a sophisticated "fake meeting" scam that uses AI-generated participants and typo-squatted Zoom links to trick victims into executing fileless PowerShell malware designed to steal cryptocurrency wallets and credentials.

Inside Hexagon

We are creating many programs to help people learn more about cybersecurity and technology. Our resources are scarce but we plans have been made to push them out into various platforms. Watch out for Hexagon Center wherever you are online and sometimes offline.

HOUSEKEEPING

Glossary/Legend:

Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources.
Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.
Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.
Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:

hexagoncenter.org

View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

_{Hexagon Center is formed as a nonprofit corporation in California for public benefit,}
_{and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.}

_DISCLAIMER

_{Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is}_not_{responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.}

Content of this newsletter is not an official representation of Hexagon Center.

_{SEE MORE DISCLAIMER HERE}

Reply

or to participate.