spear phishing

Pawn Storm’s latest campaign is a reminder that the most dangerous intrusions are often the ones that look repetitive on the surface. Trend Micro’s analysis describes a threat actor better known as APT28 or Forest Blizzard using a mix of loud brute-force activity, long-running phishing, and...

Microsoft has quietly closed a years‑old hole in Windows shortcut handling that security researchers say was being steadily abused by nation‑state espionage groups and cybercriminals to hide malicious commands in plain sight. The issue, tracked as CVE‑2025‑9491 (also published earlier as...

A new wave of highly sophisticated phishing scams has placed millions of Microsoft 365 users at increased risk, with recent campaigns focusing on colleges and universities such as Seton Hall. These scams exploit a deepening trust in digital communications and modern security tools, employing...

Cybercriminals are once again redefining the threat landscape, this time by exploiting trusted email security mechanisms to compromise Microsoft 365 accounts. In a sophisticated new campaign, threat actors have weaponized link-wrapping services—previously considered pillars of safe email...

Sophisticated cyber adversaries have shifted tactics in recent months, exploiting fake Microsoft OAuth applications in tandem with advanced phishing toolkits such as Tycoon and ODx to compromise Microsoft 365 accounts worldwide. These attacks, tracked by researchers and security vendors...

Phishing remains one of the most persistent and rapidly evolving threats within the digital landscape, and recent findings from Check Point Research (CPR) underscore how attackers are constantly updating their strategies to take advantage of shifting user habits and the immense popularity of...

Phishing attacks have evolved far beyond suspicious links in emails or obvious malware-laden attachments; today’s cybercriminals are engineering schemes that bypass even the most robust inbox filters, preying on the everyday habits and default settings trusted by countless Microsoft 365 and...

There’s a growing threat in the digital landscape that preys on trust rather than technical vulnerability. It slips quietly into our daily lives, masquerading not as suspicious spam, but as the kind of corporate communication we expect: a calendar invite. For millions of Microsoft 365 and...

In recent years, cybercriminals have increasingly exploited digital calendars to orchestrate sophisticated phishing attacks, particularly targeting Microsoft 365 users. These scams often involve deceptive calendar invitations that appear legitimate but are designed to steal sensitive information...

Phishing attacks continue to challenge organizations worldwide, evolving in sophistication and leveraging the very tools designed to enhance digital communication. An alarming new campaign has emerged wherein cybercriminals exploit Microsoft 365’s Direct Send feature—traditionally trusted for...

Microsoft 365 has long positioned itself as a secure, enterprise-grade communication and productivity suite, trusted by thousands of organizations worldwide. Yet, as threat actors grow in sophistication, even the most well-intentioned features can be cleverly subverted to bypass traditional...

In recent months, a sophisticated phishing campaign has exploited Microsoft 365's Direct Send feature, targeting over 70 organizations across the United States. This attack method allows cybercriminals to impersonate internal users and deliver phishing emails that bypass traditional security...

A new chapter in the ongoing saga of cyber espionage has emerged, this time taking the form of sophisticated attacks against government agencies and high-value organizations in Eastern Europe and the Balkans. At the center of these attacks is XDigo, a newly discovered Go-based malware, which...

Phishing attacks continue to evolve, leveraging not only increasingly sophisticated social engineering techniques but also the legitimate tools and platforms users trust every day. The most recent wave of attacks, as publicized by cybersecurity researchers and industry reports, reveals that...

Phishing attacks are evolving at a rapid pace, becoming increasingly sophisticated, and exploiting trusted platforms in ways that challenge even tech-savvy users. Recently, cybersecurity researchers uncovered a troubling new scam leveraging Google Apps Script—a legitimate Google service—to...

The emergence of Void Blizzard—a newly identified, Russian-affiliated threat actor—has sent ripples of concern through cybersecurity communities, government agencies, and critical infrastructure operators worldwide. According to detailed findings published by Microsoft Threat Intelligence, Void...

In recent months, cybersecurity experts have observed a significant uptick in sophisticated phishing attacks targeting Microsoft 365 users. These attacks often employ malicious HTML attachments to bypass traditional email security measures, posing substantial risks to organizations worldwide...

The growing adoption of generative AI in the workplace has ushered in sweeping changes across industries, delivering newfound efficiencies and innovative capabilities. Yet, with each leap toward automation and intelligence, a parallel, shadowy world of cyber threats surges ahead. A recent...

Phishing attacks have entered a dangerous new phase—one defined by AI-powered precision, relentless innovation, and the exploitation of trust at every level of the digital experience. Gone are the days when phishing meant laughably obvious misspellings and dubious Nigerian princes; today...

Few threats in cybersecurity are as persistent and adaptable as phishing, and the hospitality sector has long been a lucrative target for cybercriminals driven by the promise of valuable credentials, financial data, and the prospect of high-impact fraud. One of the latest campaigns, meticulously...