<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Scattered Spider on CybersecurityOS</title><link>http://www.cybersecurityos.net/tags/scattered-spider/</link><description>Recent content in Scattered Spider on CybersecurityOS</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sat, 04 Jul 2026 03:05:06 -0500</lastBuildDate><atom:link href="http://www.cybersecurityos.net/tags/scattered-spider/index.xml" rel="self" type="application/rss+xml"/><item><title>Scattered Spider's Playbook Is Simple. Your Defense Needs to Be Simpler.</title><link>http://www.cybersecurityos.net/posts/os-weekly/scattered-spider-social-engineering-defense/</link><pubDate>Sat, 04 Jul 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/scattered-spider-social-engineering-defense/</guid><description>&lt;p&gt;On June 22, 2026, Thalha Jubair, 20, and Owen Flowers, 18 — both from the UK — walked into Woolwich Crown Court and pleaded guilty on day one of a trial that had been set to run six weeks. Their target: Transport for London. Their tool: a phone call.&lt;/p&gt;
&lt;p&gt;&lt;img src="http://www.cybersecurityos.net/posts/os-weekly/images/scattered-spider-defense-hero.svg" alt="Scattered Spider&amp;rsquo;s Playbook Is Simple. Your Defense Needs to Be Simpler."&gt;&lt;/p&gt;
&lt;p&gt;The attack, which ran August 31–September 3, 2024, exposed the personal data of an estimated 10 million people — names, email addresses, mobile numbers, and physical addresses — and forced all 28,000 TfL employees to travel to a TfL office in person to reset their passwords. Total losses and recovery costs: £29 million. Sentencing is scheduled for July 15, 2026.&lt;/p&gt;</description></item></channel></rss>