phishing

Tam Nguyen will probably never forget the call from the Department of Homeland Security that cracked open his winter break in December 2023 like a sledgehammer to a snow globe. As the tech chief for Orange Unified School District in California, Nguyen’s first impulse was skepticism—after all...

If you thought the world’s cybercriminals were toiling away in dimly lit basements hunched over endless lines of code, it’s about time you met SessionShark—a phishing-as-a-service (PhaaS) toolkit that gleefully blurs the lines between black hat innovation and Saturday-morning infomercial...

If you’re going to be phished, you might as well be courted by some of Russia’s digital finest—at least that’s what a fresh report from Volexity would lead you to believe, as Ukraine-linked NGOs have found themselves starring in an unexpected cyber-espionage romcom, with the Russian hacking...

They say trust is the cornerstone of any relationship—especially if that relationship is between you, the internet, and a determined Russian adversary with a penchant for phishy invitations and suspicious requests for OAuth codes. Phishing in the OAuth Era: New Tricks for Old Hackers When we...

One recent morning, Nick Johnson did what many of us do: scanned his inbox, eyes glazed, sifting spam from signal. Then he spotted what looked like a run-of-the-mill Google security alert—legit sender address, DKIM check passed, sorted neatly with his real security alerts. The message: Google...

The best-laid plans of regulators and tech titans alike have gone pixel-shaped, and the digital world is barely hanging onto its cookies. Welcome to the wildest PSW episode yet—where government unraveling meets generative AI hijinx, bot chaos is the new business model, and cybercriminals treat...

They beckon seductively from restaurant tabletops, leap out at us from bus ads, and dangle from the bottom of suspicious emails like a worm on a fishing line—QR codes, those enigmatic square mazes of pixels, are now as much a fixture of daily life as the coffee-ring stains around them. Yet...

Security warnings can sometimes feel like the digital equivalent of that friend who’s always convinced they’ve forgotten to lock the front door. But this time, you’d be wise to double-check those bolts and deadlocks. As the world reels from a new spike in cyberattacks targeting the very tool we...

A New Phishing Frontier: Tycoon2FA Evolving to Outsmart Microsoft 365 Security Phishing attacks are evolving, and the latest twist comes from the Tycoon2FA phishing kit. Designed as a Phishing-as-a-service (PhaaS) platform, Tycoon2FA is notorious for bypassing multi-factor authentication (MFA)...

An Unseen Intrusion: How Atlas Lion Blended In and Struck at Big-Box Retailers In today’s digital battleground, even the most robust corporate networks are vulnerable to unexpected breaches that exploit the very rules designed to protect them. Recent findings by cybersecurity firm Expel and...

Innovative Phishing Tactics Threaten Critical Infrastructure Russian state-backed APT group Storm-2372 has triggered a new alarm in the cybersecurity community by leveraging an ingenious form of device code phishing to sidestep multi-factor authentication (MFA). This sophisticated attack...

As Tax Day nears, threat actors are pulling out all the stops by deploying tax-themed phishing campaigns that combine age-old social engineering tricks with modern redirection techniques and sophisticated malware. In recent months, Microsoft’s threat intelligence team has observed several...

The Changing Landscape of Cloud Email Security Cloud-based email solutions have revolutionized business communications, with Microsoft 365 (M365) emerging as the go-to platform for organizations around the world. However, as with any technological breakthrough, the very features that make M365...

Stealing user credentials is an ever-evolving cybersecurity threat, and few techniques capture the complexity of modern attacks like Evilginx does. At its core, Evilginx repurposes the legitimate, widely used nginx web server to launch man-in-the-middle attacks that can pilfer usernames...

Phishing Attacks Using Legitimate Microsoft Channels: A Sophisticated Threat Unveiled The cybersecurity landscape continues to evolve, and the latest threat from cybercriminals underscores that evolution in a particularly insidious way. A recent campaign, detailed by KnowBe4’s Threat Labs...

Barracuda’s detection systems recently blocked over a million phishing attacks—a staggering number that underscores a rapidly evolving threat landscape powered by sophisticated Phishing-as-a-Service (PhaaS) platforms. This development is especially critical for Windows users and organizations...

Microsoft is pushing the envelope on cybersecurity automation with the latest evolution of its Security Copilot. In a move that underscores the growing influence of agentic AI on digital defense, Microsoft has introduced 11 task-specific agents designed to interact with key security...

In today’s digital arena, where cybersecurity threats can feel as relentless as an inbox full of spam, Microsoft is stepping into the breach with an innovative suite of AI-powered security agents. As cybercriminals send more than 30 billion phishing emails in 2024 alone, it’s clear that...

Microsoft 365 Security is Evolving – Are You Ready for 2025 Threats? Microsoft 365 is the backbone of enterprise productivity, and as it becomes increasingly entwined with every business process, attackers are sharpening their tactics. A recent summit highlighted on Redmondmag.com titled...

Phishing attacks continue to evolve in sophistication, and the latest reports reveal that threat actors are now abusing Microsoft 365’s built-in features to bypass traditional security filters. In a clever twist on the classic business email compromise (BEC), attackers are compromising multiple...