Threat Intelligence

Security awareness tips, industry news, and product updates.

A hiring manager conducting a remote video interview on a laptop
Phishing & Social EngineeringThreat Intelligence

Deepfake Job Interviews: Hiring Is Now an Attack Surface

North Korean operatives are using deepfakes and synthetic identities to get hired at Western firms. Unit 42 built a convincing fake candidate in about 70 minutes. Here is how to vet remote hires.

Natalie Hoffmann·7/10/2026·6 min read
Managed service provider technician monitoring client systems from a network operations centre
Threat IntelligenceFor MSPs & Partners

Why MSPs Are Prime Ransomware Supply-Chain Targets

Compromise one MSP and you can reach every client behind it. Here is why managed service providers are prime ransomware targets, and how to harden against it.

Thomas Eriksson·7/5/2026·7 min read
Reviewing employee-reported emails
Threat IntelligenceProduct Updates

Reported Email Review: Turning Employees Into Sensors

When employees report suspicious emails through the empowsec Outlook or Gmail add-in, those reports land in an admin review queue where security teams can classify each one and build real threat intelligence from what is actually reaching inboxes.

Marcus Chen·7/5/2026·8 min read
Clinical staff working in a hospital corridor where IT system outages directly affect patient care
Compliance & RegulationsThreat Intelligence

Healthcare Phishing and Ransomware: 2026 Sector Trends

Ransomware is hitting healthcare harder than ever in 2026, and the stakes are measured in patient safety. Here are the trends, HIPAA duties, and human-layer defenses that matter.

Marcus Chen·7/2/2026·7 min read
University students working on laptops on a busy campus
Security Awareness TipsThreat Intelligence

Education Under Siege: Lessons From the Canvas Breach

ShinyHunters' May 2026 breach of the Canvas LMS exposed data tied to thousands of schools and hundreds of millions of users. Here is why education is a prime target and how awareness training reduces the risk.

James Thornton·7/1/2026·6 min read
An employee carefully reading an email thread on an office computer
Phishing & Social EngineeringThreat Intelligence

Thread Hijacking: Phishing From Inside Trusted Emails

Thread hijacking lets attackers reply inside a real email conversation, with a familiar subject, history, and trusted sender. It defeats the 'unknown sender' instinct. Here is how to spot it.

Elena Vasquez·7/1/2026·7 min read
Security analysts monitoring threat dashboards in an operations center
Threat Intelligence

Ransomware in 2026: Data Extortion Is the New Normal

Qilin led ransomware activity in early 2026 as groups shift from encryption to pure data extortion. The constant across nearly every attack is the human layer. Here is what CISOs should do.

Marcus Chen·6/30/2026·6 min read
A web browser open on a laptop screen in a workplace setting
Threat Intelligence

Malicious Browser Extensions and Session Theft Risk

Compromised browser extensions are quietly stealing session cookies and tokens - and stolen sessions sail right past passwords and MFA. Here's why attackers are living in the browser, and how to govern extensions.

Rachel Andersen·6/29/2026·7 min read
Employee searching for a software download on a laptop in an office
Phishing & Social EngineeringThreat Intelligence

Malvertising & SEO Poisoning: The Fake Download Trap

Attackers are buying ads and gaming search results so the top hit for popular software is a trojanized download. Here's how malvertising and SEO poisoning infect employees - and how to train against it.

David Kowalski·6/28/2026·7 min read
Office worker on a laptop video call reviewing a chat message in a collaboration app
Phishing & Social EngineeringThreat Intelligence

Teams & Slack Phishing: The Threat Beyond the Inbox

Phishing has moved out of the inbox and into Microsoft Teams, Slack, and calendar invites — platforms employees trust by default. Here is how the attacks work and how to extend your defenses to cover them.

Elena Vasquez·6/26/2026·7 min read
A professional using an AI assistant on a laptop in an office
Threat Intelligence

Prompt Injection: The Hidden Risk in AI Assistants

Hidden instructions in a web page, email, or document can hijack an AI assistant into leaking data or taking actions on your behalf. It's OWASP's #1 LLM risk - and it grows as AI agents gain access.

Daniel Okafor·6/25/2026·6 min read
Employee reviewing an application permission request on a laptop screen
Phishing & Social EngineeringThreat Intelligence

Consent Phishing: Malicious OAuth Apps That Bypass MFA

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

Marcus Chen·6/23/2026·6 min read
« Previous123Next »