Security awareness tips, industry news, and product updates.
Device code phishing is spreading through criminal toolkits and phishing-as-a-service offerings. Here is how the Microsoft 365 attack works and what teams should do next.
Bitdefender's Operation Road Trap research shows how toll, parking, and traffic-fine smishing has scaled across countries. Here is what employees and security teams should watch for.
Microsoft is warning US organizations about a sophisticated code-of-conduct phishing campaign using PDFs, CAPTCHA gates, and AiTM token theft. Here is what security teams should watch for next.
A new campaign abused Google AppSheet emails to steal Facebook business accounts at scale. Here is what your team should watch for and how empowsec helps build the right response habits.
A Chinese national posed as U.S.-based researchers for years, using spear-phishing emails to trick NASA employees and military personnel into handing over restricted aerospace software. The case is a masterclass in why identity verification matters.
Cybercriminals are spoofing Paperless Post, Evite, and Punchbowl to send fake party invitations that exploit your fear of missing out. Here's how the scam works and how to protect yourself.
QR code phishing has evolved far beyond a simple scan-and-steal. Split codes, Unicode fakes, CAPTCHA gates, and state-sponsored campaigns are rewriting the rulebook — and most security stacks still can't read a QR code.
A new criminal toolkit called ATHR bundles AI voice agents, phishing emails, and real-time credential harvesting into a single browser-based platform. Here's how vishing-as-a-service is reshaping social engineering and what your organization can do about it.
Hackers breached Booking.com and are already using stolen reservation data to launch hyper-targeted phishing attacks via email, WhatsApp, and phone. Here's what organizations need to know and how to prepare employees for these real-world social engineering tactics.
The FBI just took down a global phishing-as-a-service platform responsible for $20 million in fraud. Here's what this operation reveals about modern phishing threats and why workforce education is the most effective countermeasure.
QR code phishing attacks increased 587% in 2025. Unlike traditional phishing links, QR codes bypass most email security filters entirely. Here's how quishing works and what your organization can do about it.
Your phishing simulation click rate dropped from 30% to 12%, but real breaches keep happening. Here's why most programs measure the wrong things — and how to build simulations that actually change behavior.