The Tycoon 2FA phishing-as-a-service platform is now using OAuth device code phishing to compromise devices that are protected by multifactor authentication, according to eSentire’s ...
Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid password policy recommendations:
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and ...
Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, ...
Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is ...
In essence, that is the disclosure and notification message that the open-source developer "qix" sent to the world when he was social engineered to give up access credentials to his ...
Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across North America and Europe, according to ...
Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector.
A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish).
Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign ...
Commodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET.
Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors.
Just because you’re using a passkey doesn’t mean your password is gone.
Researchers at Cisco Talos warn that major phishing kits continue to incorporate features that allow them to bypass multi-factor authentication (MFA).
A friend of mine got a call on his phone and he regrettably picked it up. The number was 267-332-3644. The area code is from Bucks County, PA, where he used to live many years ago.
Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. ...
A new report from Sophos found that ransomware attacks accounted for over 90% of incident response cases involving medium-sized businesses in 2024, as well as 70% of cases involving small ...
With this week being Identity Management Day on April 8th, it's the perfect reminder for organizations to focus on protecting their employees' digital identities.
Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at Barracuda.
In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is ...
