Security awareness tips, industry news, and product updates.
Device code phishing is spreading through criminal toolkits and phishing-as-a-service offerings. Here is how the Microsoft 365 attack works and what teams should do next.
Bitdefender's Operation Road Trap research shows how toll, parking, and traffic-fine smishing has scaled across countries. Here is what employees and security teams should watch for.
Microsoft is warning US organizations about a sophisticated code-of-conduct phishing campaign using PDFs, CAPTCHA gates, and AiTM token theft. Here is what security teams should watch for next.
A new campaign abused Google AppSheet emails to steal Facebook business accounts at scale. Here is what your team should watch for and how empowsec helps build the right response habits.
A Chinese national posed as U.S.-based researchers for years, using spear-phishing emails to trick NASA employees and military personnel into handing over restricted aerospace software. The case is a masterclass in why identity verification matters.
QR code phishing has evolved far beyond a simple scan-and-steal. Split codes, Unicode fakes, CAPTCHA gates, and state-sponsored campaigns are rewriting the rulebook — and most security stacks still can't read a QR code.
A three-day intrusion at North Texas Behavioral Health Authority exposed 285,086 patient records. Here's what went wrong and how healthcare teams can harden their HIPAA defenses.
A new criminal toolkit called ATHR bundles AI voice agents, phishing emails, and real-time credential harvesting into a single browser-based platform. Here's how vishing-as-a-service is reshaping social engineering and what your organization can do about it.
Hackers breached Booking.com and are already using stolen reservation data to launch hyper-targeted phishing attacks via email, WhatsApp, and phone. Here's what organizations need to know and how to prepare employees for these real-world social engineering tactics.
The FBI just took down a global phishing-as-a-service platform responsible for $20 million in fraud. Here's what this operation reveals about modern phishing threats and why workforce education is the most effective countermeasure.
A cyberattack left Foster City, California in a state of emergency for over a week. Here's how it likely happened, why small governments are prime targets, and what municipalities can do to prevent becoming the next headline.
QR code phishing attacks increased 587% in 2025. Unlike traditional phishing links, QR codes bypass most email security filters entirely. Here's how quishing works and what your organization can do about it.