social engineering

Inside the New Wave of Cyberattacks Exploiting Microsoft Teams to Infect Windows PCs Microsoft Teams has become indispensable in modern workplaces, a hub for collaboration and communication. Yet, this very platform trusted by millions has transformed into a battleground where hackers wage...

As Tax Day nears, threat actors are pulling out all the stops by deploying tax-themed phishing campaigns that combine age-old social engineering tricks with modern redirection techniques and sophisticated malware. In recent months, Microsoft’s threat intelligence team has observed several...

Phishing Attacks Using Legitimate Microsoft Channels: A Sophisticated Threat Unveiled The cybersecurity landscape continues to evolve, and the latest threat from cybercriminals underscores that evolution in a particularly insidious way. A recent campaign, detailed by KnowBe4’s Threat Labs...

Cybercriminals are back at it – this time using fake Microsoft 365 apps as a Trojan horse to deliver malware, compromise user credentials, and potentially open the door to larger network breaches. In an age when cloud productivity platforms like Microsoft 365 are the lifeblood for enterprises...

Phishing attacks continue to evolve in sophistication, and the latest reports reveal that threat actors are now abusing Microsoft 365’s built-in features to bypass traditional security filters. In a clever twist on the classic business email compromise (BEC), attackers are compromising multiple...

A recent research report—cited by Computing as highlighting a “massive spike” in phishing-as-a-service (PhaaS) attacks in 2025—paints a stark picture of the evolving cybersecurity landscape. Although the original Computing article page may be unavailable, the implications are clear...

The growing trend of business email compromise (BEC) attacks lurking deep within Microsoft 365 environments is leaving IT security professionals both impressed by the technical acumen of the attackers and frustrated by the evolving threat landscape. In recent developments, attackers have learned...

A fresh wave of OAuth abuse is making headlines, as cybercriminals continue to exploit trusted service brands like Microsoft 365 and GitHub for their nefarious purposes. Recently reported campaigns reveal the evolving tactics of threat actors, who are using sophisticated social engineering...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

Unmasking the Latest Microsoft 365 Phishing Scam: Fake Support Numbers and Social Engineering at Play Cybercriminals have upped their game with a phishing scam that leverages Microsoft 365’s trusted infrastructure to fool users into dialing counterfeit support numbers. This isn’t your typical...

Phantom Goblin: A New Wave of Stealer Malware Leveraging Social Engineering Tactics Cybersecurity researchers from Cyble Research and Intelligence Labs (CRIL) have recently uncovered a sophisticated malware operation dubbed Phantom Goblin. This threat campaign harnesses deceptive social...

Cybercriminals continue to evolve their tactics, and the latest intelligence from KnowBe4 reveals yet another level of sophistication in spear-phishing campaigns. In a detailed blog update from KnowBe4, Russian threat actors—including groups linked to the SVR’s notorious Cozy Bear—are leveraging...

A recent Forbes report by Zak Doffman has sounded an urgent alarm for Microsoft Windows users. A new wave of cyberattacks is exploiting fake browser update alerts to infiltrate systems and install dangerous malware. In this article, we break down the mechanics behind this scam, explain its...

In today's digital landscape, even legitimate features designed to enhance usability can turn into liabilities in the wrong hands. Recent intelligence indicates that threat actors—likely with connections to Russian cyber groups—are abusing Microsoft’s Device Code Authentication feature to...

In a stunning demonstration of the evolving cyber threat landscape, multiple Russian nation-state actors are now leveraging a novel phishing technique against Microsoft 365 accounts. This device code authentication phishing campaign, dissected in detail by cybersecurity firm Volexity...

In a twist that plays on the duality of trust and technology, threat actors are now leveraging a legitimate Microsoft feature to infiltrate Microsoft 365 (M365) accounts. This isn't your everyday phishing scam—with no suspicious attachments or shady links—but a sophisticated manipulation of the...

In an era where cybersecurity threats are as commonplace as coffee breaks, a recently uncovered phishing campaign targeting Microsoft 365 (M365) accounts demands your attention. Cybersecurity experts have identified Russian hackers impersonating U.S. and Ukrainian officials, weaving an intricate...

The ongoing saga of cybersecurity breaches has just added another eyebrow-raising chapter as Sophos reports a sophisticated cyberattack campaign targeting Microsoft 365 Copilot (formerly known as Office 365). In what can only be described as a diabolical twist on traditional social engineering...

Cybersecurity alarms are ringing loudly this week as cybercriminals have been identified leveraging misconfigurations and default settings in Microsoft Office 365 and Teams to carry out highly coordinated cyberattacks. Their objectives? Data theft, unauthorised system access, and even deploying...

Phishing scams are like the flu of the cybersecurity world—constant, evolving, and always finding new ways to surprise you. But the latest intel from Fortinet’s FortiGuard Labs warns us of a phishing campaign that adds a layer of sophistication, blending technological savvy with psychological...