Phishing
CISA, NSA, FBI, and MS-ISAC have released guidance and prevention recommendations on common phishing techniques.
Hi, what are you looking for?
SecurityWeek
Data Breaches
Microsoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks.
Data Breaches
A mandatory filing to the Maine Attorney General says 69,461 customers nationwide were affected and dates the breach back to last December.
Artificial Intelligence
Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates.
Email Security
A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.
Email Security
A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses.
Phishing
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks.
Cybercrime
A recently introduced Google account sync feature has been blamed after sophisticated hackers attacked 27 cryptocurrency firms via Retool.
Phishing
Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks.
Phishing
Check Point has observed a wave of phishing attacks launched via Google Looker Studio to steal credentials and funds from intended victims.
Cybercrime
A widespread phishing campaign utilizing malicious QR codes has hit organizations in various industries, including a major energy company in the US.
Email Security
Threat actors have exploited a Salesforce email service zero-day vulnerability and abused Meta features in a sophisticated phishing campaign.
Phishing
Menlo Security introduced anti-phishing solutions that analyze what users see on a landing page rather than just analyzing the content of an email.
Phishing
Threat actors are using Google AMP URLs in phishing campaigns as a new detection evasion tactic.
Phishing
While traditional security awareness teaches users how to recognize social engineering, new behavior changing trains the brain on the correct recognition and response to...
Fraud & Identity Theft
Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer. At the time of his death, he was Chief Hacking Officer at...
Phishing
Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how...
Phishing
A new phishing-as-a-service (PaaS) tool has been observed targeting businesses, mainly in the manufacturing, healthcare, technology, and real estate sectors.
Cybercrime
Reddit says its systems were hacked following a sophisticated phishing attack aimed at employees.
Cyberwarfare
The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.
Nation-State
The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...
Application Security
Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...
Application Security
Hack The Box Raises $55 Million in Funding Round Led by Carlyle
Application Security
Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.
(Etay Maor)
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.
(Joshua Goldfarb)
AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind.
(Trevin Edgeworth)
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.
(Marc Solomon)
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
(Torsten George)