CVE-2026-SCAM: A Post-Mortem on a Social Engineering Exploit Using Incremental Payments
This wasn’t a bug in software. It was a bug in human state management.
Executive Summary
On a single evening, 6,724 KES was exfiltrated from my M-Pesa wallet through a broadcast-based social engineering attack that required no phishing links, no mal...
cve-2026-scam.hashnode.dev5 min read