social engineering

This past weekend, as Microsoft 365 users across the world experienced an unforeseen outage, the disruption sharply highlighted just how dependent our professional and personal lives have become on digital platforms. For those in the thick of Florida’s bustling political heart—where the...

A new and sophisticated species has entered the phishing ecosystem, and its name is Tycoon 2FA. At a time when digital security feels like a relentless arms race, this phishing-as-a-service (PhaaS) platform epitomizes just how quickly adversaries adapt to modern defenses—forging an unsettling...

Windows users and IT professionals need to take extra caution as attackers continuously refine their phishing playbook. Recent reports reveal that sophisticated adversaries are leveraging vulnerabilities in OAuth 2.0 redirection flows to target Microsoft 365 environments. In these OAuth-themed...

Russian threat actors have once again raised the bar for cyber espionage, turning attention toward OAuth 2.0 authentication flows in Microsoft 365, hijacking accounts connected to Ukraine and human rights organizations. Their tactics, as uncovered by cybersecurity firm Volexity, fit into a...

If you’ve already started mentally composing your next big idea in Outlook, you might want to hit “Save as Draft” for a moment—there’s a new cyberattack in town, and it’s got your Microsoft 365 credentials written all over it... possibly in Cyrillic. A New Breed of Phishing: Sophisticated Social...

Russian cybercriminals have added a new feather to their well-worn capes of mischief, now targeting Microsoft account holders by exploiting the trust we put into Signal and WhatsApp—apps once considered bastions of privacy. If you’re an IT professional, human rights advocate, or simply a...

Microsoft 365 account holders, it’s time to clutch your credentials like your last stick of office coffee—hackers have orchestrated another clever plot, this time through everyone’s favorite messaging apps. If you thought WhatsApp and Signal were just for family chats and cryptic office banter...

Russian hackers have figured out a way to weaponize OAuth 2.0 authentication—yes, that protocol you trusted implicitly last Tuesday when you breezed through another Microsoft 365 login screen—turning what should be a knight in shining armor into a digital Trojan horse galloping straight through...

There’s a certain poetic irony in the fact that OAuth 2.0—a framework specifically engineered to keep our digital lives safe from password theft—is now being bent and twisted by Russian hackers to hijack entire Microsoft 365 accounts. If that isn’t progress in the field of offensive...

The heart of modern cybersecurity drama doesn’t thump to the tune of hooded figures feverishly tapping in darkened basements, but to the rhythm of normal-seeming interactions—sometimes under the polite facade of tech support. Once considered a mere handy little utility for the digitally...

If you’re going to be phished, you might as well be courted by some of Russia’s digital finest—at least that’s what a fresh report from Volexity would lead you to believe, as Ukraine-linked NGOs have found themselves starring in an unexpected cyber-espionage romcom, with the Russian hacking...

Every time the cybersecurity community thinks they’re getting ahead of attackers, someone comes along and turns a trusted workflow into a digital bear trap. That’s exactly what’s unfolding in the latest campaign orchestrated by Russian threat actors who are gleefully exploiting legitimate...

In a recent development, Russian threat actors identified as UTA0352 and UTA0355 have been targeting Ukraine-linked nongovernmental organizations (NGOs) by exploiting the OAuth protocol to compromise Microsoft 365 accounts. The Mechanics of the Attack The attackers initiated their campaign with...

They say trust is the cornerstone of any relationship—especially if that relationship is between you, the internet, and a determined Russian adversary with a penchant for phishy invitations and suspicious requests for OAuth codes. Phishing in the OAuth Era: New Tricks for Old Hackers When we...

Microsoft 365 users—especially those with links to Ukraine or human rights circles—have recently been finding themselves the unwitting stars in an international cyber-thriller: Russian-linked hackers are back, and this time, they've upgraded from phishing Netflix logins to abusing Microsoft's...

We live in an era where simply clicking a video call link could lead to the digital equivalent of inviting a burglar in for tea—and hackers are getting increasingly creative with their invitations, especially when it comes to Microsoft 365 access. The Evolving Art of Social Engineering (or: Why...

Microsoft recently issued a stern warning to both Windows and Mac users that sounds more like a no-nonsense parent than a world-leading technology corporation: Don't use the Quick Assist app to let anyone “fix” your computer. It’s not because the app itself is suddenly crawling with bugs or...

One recent morning, Nick Johnson did what many of us do: scanned his inbox, eyes glazed, sifting spam from signal. Then he spotted what looked like a run-of-the-mill Google security alert—legit sender address, DKIM check passed, sorted neatly with his real security alerts. The message: Google...

They beckon seductively from restaurant tabletops, leap out at us from bus ads, and dangle from the bottom of suspicious emails like a worm on a fishing line—QR codes, those enigmatic square mazes of pixels, are now as much a fixture of daily life as the coffee-ring stains around them. Yet...

Security warnings can sometimes feel like the digital equivalent of that friend who’s always convinced they’ve forgotten to lock the front door. But this time, you’d be wise to double-check those bolts and deadlocks. As the world reels from a new spike in cyberattacks targeting the very tool we...