The 5 Best Practices for Secure Identity Verification
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down fiv...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
367 articles found
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down fiv...
Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path trav...
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser au...
WhatsApp has caught the NSO Group phishing its users, in violation of a court order.
AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers,...
Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detec...
Autonomous email agents can become high‑impact phishing victims, leaking cloud credentials and sensitive business data even when wrapped in explicit safety i...
An emerging phishing vector that weaponizes short-form social videos on TikTok and Instagram Reels to distribute malware and funnel victims to malicious down...
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise huma...
A new Browser-in-the-Browser (BitB) phishing campaign is abusing fake OAuth login windows to steal Microsoft 365 credentials, and its design is polished enou...
A sustained phishing campaign that leverages developer recruitment and code-review lures to deliver cross‑platform malware via attacker-controlled GitHub rep...
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing
A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking appli...
Threat actors are increasingly weaponizing the global fascination with large language models and generative AI by impersonating major AI brands ChatGPT, Anth...
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark ...
WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attack...
Meta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly vi...
The company said it spotted a spearphishing campaign linked to the Israeli spyware maker targeting WhatsApp users, despite a court order prohibiting it. The ...
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing ...
Pink avoids traditional malware, instead employing voice phishing (vishing) to trick employees into visiting credential-stealing domains.