Security awareness tips, industry news, and product updates.
A new criminal toolkit called ATHR bundles AI voice agents, phishing emails, and real-time credential harvesting into a single browser-based platform. Here's how vishing-as-a-service is reshaping social engineering and what your organization can do about it.
Hackers breached Booking.com and are already using stolen reservation data to launch hyper-targeted phishing attacks via email, WhatsApp, and phone. Here's what organizations need to know and how to prepare employees for these real-world social engineering tactics.
The FBI just took down a global phishing-as-a-service platform responsible for $20 million in fraud. Here's what this operation reveals about modern phishing threats and why workforce education is the most effective countermeasure.
New academic research finds that training everyone after a phishing simulation — not just the employees who clicked — builds stronger, longer-lasting defences. Here's how empowsec's new Debrief and Teachable Moments features put that science into practice.
A cyberattack left Foster City, California in a state of emergency for over a week. Here's how it likely happened, why small governments are prime targets, and what municipalities can do to prevent becoming the next headline.
Annual compliance training doesn't create secure organizations — culture does. Here's a practical framework for embedding security into how your company thinks, communicates, and makes decisions every day.
Security awareness training is the fastest-growing managed service category in the MSP channel. Here's a practical playbook for packaging, pricing, and scaling SAT as a recurring revenue stream.
QR code phishing attacks increased 587% in 2025. Unlike traditional phishing links, QR codes bypass most email security filters entirely. Here's how quishing works and what your organization can do about it.
The NIS2 Directive requires organizations to implement cybersecurity awareness training. Here's exactly what the regulation demands, who it applies to, and how to build a compliant program.
Your phishing simulation click rate dropped from 30% to 12%, but real breaches keep happening. Here's why most programs measure the wrong things — and how to build simulations that actually change behavior.
Most successful phishing attacks exploit just a handful of psychological triggers. Here are the five red flags your team needs to spot before clicking.