social engineering

Microsoft 365 users—especially those with links to Ukraine or human rights circles—have recently been finding themselves the unwitting stars in an international cyber-thriller: Russian-linked hackers are back, and this time, they've upgraded from phishing Netflix logins to abusing Microsoft's...

We live in an era where simply clicking a video call link could lead to the digital equivalent of inviting a burglar in for tea—and hackers are getting increasingly creative with their invitations, especially when it comes to Microsoft 365 access. The Evolving Art of Social Engineering (or: Why...

Microsoft recently issued a stern warning to both Windows and Mac users that sounds more like a no-nonsense parent than a world-leading technology corporation: Don't use the Quick Assist app to let anyone “fix” your computer. It’s not because the app itself is suddenly crawling with bugs or...

One recent morning, Nick Johnson did what many of us do: scanned his inbox, eyes glazed, sifting spam from signal. Then he spotted what looked like a run-of-the-mill Google security alert—legit sender address, DKIM check passed, sorted neatly with his real security alerts. The message: Google...

They beckon seductively from restaurant tabletops, leap out at us from bus ads, and dangle from the bottom of suspicious emails like a worm on a fishing line—QR codes, those enigmatic square mazes of pixels, are now as much a fixture of daily life as the coffee-ring stains around them. Yet...

Security warnings can sometimes feel like the digital equivalent of that friend who’s always convinced they’ve forgotten to lock the front door. But this time, you’d be wise to double-check those bolts and deadlocks. As the world reels from a new spike in cyberattacks targeting the very tool we...

Inside the New Wave of Cyberattacks Exploiting Microsoft Teams to Infect Windows PCs Microsoft Teams has become indispensable in modern workplaces, a hub for collaboration and communication. Yet, this very platform trusted by millions has transformed into a battleground where hackers wage...

As Tax Day nears, threat actors are pulling out all the stops by deploying tax-themed phishing campaigns that combine age-old social engineering tricks with modern redirection techniques and sophisticated malware. In recent months, Microsoft’s threat intelligence team has observed several...

Phishing Attacks Using Legitimate Microsoft Channels: A Sophisticated Threat Unveiled The cybersecurity landscape continues to evolve, and the latest threat from cybercriminals underscores that evolution in a particularly insidious way. A recent campaign, detailed by KnowBe4’s Threat Labs...

Cybercriminals are back at it – this time using fake Microsoft 365 apps as a Trojan horse to deliver malware, compromise user credentials, and potentially open the door to larger network breaches. In an age when cloud productivity platforms like Microsoft 365 are the lifeblood for enterprises...

Phishing attacks continue to evolve in sophistication, and the latest reports reveal that threat actors are now abusing Microsoft 365’s built-in features to bypass traditional security filters. In a clever twist on the classic business email compromise (BEC), attackers are compromising multiple...

A recent research report—cited by Computing as highlighting a “massive spike” in phishing-as-a-service (PhaaS) attacks in 2025—paints a stark picture of the evolving cybersecurity landscape. Although the original Computing article page may be unavailable, the implications are clear...

The growing trend of business email compromise (BEC) attacks lurking deep within Microsoft 365 environments is leaving IT security professionals both impressed by the technical acumen of the attackers and frustrated by the evolving threat landscape. In recent developments, attackers have learned...

A fresh wave of OAuth abuse is making headlines, as cybercriminals continue to exploit trusted service brands like Microsoft 365 and GitHub for their nefarious purposes. Recently reported campaigns reveal the evolving tactics of threat actors, who are using sophisticated social engineering...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

Unmasking the Latest Microsoft 365 Phishing Scam: Fake Support Numbers and Social Engineering at Play Cybercriminals have upped their game with a phishing scam that leverages Microsoft 365’s trusted infrastructure to fool users into dialing counterfeit support numbers. This isn’t your typical...

Phantom Goblin: A New Wave of Stealer Malware Leveraging Social Engineering Tactics Cybersecurity researchers from Cyble Research and Intelligence Labs (CRIL) have recently uncovered a sophisticated malware operation dubbed Phantom Goblin. This threat campaign harnesses deceptive social...

Cybercriminals continue to evolve their tactics, and the latest intelligence from KnowBe4 reveals yet another level of sophistication in spear-phishing campaigns. In a detailed blog update from KnowBe4, Russian threat actors—including groups linked to the SVR’s notorious Cozy Bear—are leveraging...

A recent Forbes report by Zak Doffman has sounded an urgent alarm for Microsoft Windows users. A new wave of cyberattacks is exploiting fake browser update alerts to infiltrate systems and install dangerous malware. In this article, we break down the mechanics behind this scam, explain its...

In a stunning demonstration of the evolving cyber threat landscape, multiple Russian nation-state actors are now leveraging a novel phishing technique against Microsoft 365 accounts. This device code authentication phishing campaign, dissected in detail by cybersecurity firm Volexity...