Marcus Chen

Articles by Marcus Chen

Employee entering a login code on a laptop at an office desk
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Kali365 Phishing Service Targets Microsoft 365 Accounts

The FBI is warning about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Here's how the attack works and how to defend your organization.

Marcus Chen·6/6/2026·9 min read
Security analyst reviewing a suspicious device login code on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Device Code Phishing Is Moving Into Criminal Toolkits

Device code phishing is spreading through criminal toolkits and phishing-as-a-service offerings. Here is how the Microsoft 365 attack works and what teams should do next.

Marcus Chen·5/15/2026·8 min read
Marketing employee reviewing a social media account alert on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Facebook Phishing Through Google: What Teams Should Do

A new campaign abused Google AppSheet emails to steal Facebook business accounts at scale. Here is what your team should watch for and how empowsec helps build the right response habits.

Marcus Chen·5/5/2026·7 min read
Aerospace technology and rocket engineering facility representing the defense software targeted in the spear-phishing campaign
Phishing & Social EngineeringThreat Intelligence

Chinese Spy Used Spear Phishing to Steal NASA Defense Software

A Chinese national posed as U.S.-based researchers for years, using spear-phishing emails to trick NASA employees and military personnel into handing over restricted aerospace software. The case is a masterclass in why identity verification matters.

Marcus Chen·4/30/2026·7 min read
Employee taking a suspicious phone call while working at a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

ATHR Vishing-as-a-Service: AI Voice Scams Go Plug and Play

A new criminal toolkit called ATHR bundles AI voice agents, phishing emails, and real-time credential harvesting into a single browser-based platform. Here's how vishing-as-a-service is reshaping social engineering and what your organization can do about it.

Marcus Chen·4/19/2026·10 min read
Team of employees in a bright office reviewing cybersecurity training materials together
Security Awareness TipsProduct Updates

Phishing Training Is Evolving: Debrief and Teachable Moments

New academic research finds that training everyone after a phishing simulation — not just the employees who clicked — builds stronger, longer-lasting defences. Here's how empowsec's new Debrief and Teachable Moments features put that science into practice.

Marcus Chen·4/10/2026·6 min read