News

Security awareness tips, industry news, and product updates.

Reporting a phishing email from Outlook
Phishing & Social EngineeringProduct Updates

Report Phishing from Outlook: The empowsec Add-In Guide

empowsec's Outlook add-in gives employees a one-click 'Report phishing' button in their inbox - capturing email headers and content for review while instantly rewarding employees who correctly identify a simulation.

Marcus Chen·7/3/2026·8 min read
Clinical staff working in a hospital corridor where IT system outages directly affect patient care
Compliance & RegulationsThreat Intelligence

Healthcare Phishing and Ransomware: 2026 Sector Trends

Ransomware is hitting healthcare harder than ever in 2026, and the stakes are measured in patient safety. Here are the trends, HIPAA duties, and human-layer defenses that matter.

Marcus Chen·7/2/2026·7 min read
An employee carefully reading an email thread on an office computer
Phishing & Social EngineeringThreat Intelligence

Thread Hijacking: Phishing From Inside Trusted Emails

Thread hijacking lets attackers reply inside a real email conversation, with a familiar subject, history, and trusted sender. It defeats the 'unknown sender' instinct. Here is how to spot it.

Elena Vasquez·7/1/2026·7 min read
University students working on laptops on a busy campus
Security Awareness TipsThreat Intelligence

Education Under Siege: Lessons From the Canvas Breach

ShinyHunters' May 2026 breach of the Canvas LMS exposed data tied to thousands of schools and hundreds of millions of users. Here is why education is a prime target and how awareness training reduces the risk.

James Thornton·7/1/2026·6 min read
Security awareness reporting dashboards
Compliance & RegulationsProduct Updates

empowsec Reporting Dashboards: Metrics That Drive Action

empowsec reporting dashboards consolidate training completion, phishing simulation results, and risk scores into a single view - filterable by user, department, or company - with the same data available via API for your existing BI tools.

David Kowalski·7/1/2026·7 min read
Security analysts monitoring threat dashboards in an operations center
Threat Intelligence

Ransomware in 2026: Data Extortion Is the New Normal

Qilin led ransomware activity in early 2026 as groups shift from encryption to pure data extortion. The constant across nearly every attack is the human layer. Here is what CISOs should do.

Marcus Chen·6/30/2026·6 min read
A web browser open on a laptop screen in a workplace setting
Threat Intelligence

Malicious Browser Extensions and Session Theft Risk

Compromised browser extensions are quietly stealing session cookies and tokens - and stolen sessions sail right past passwords and MFA. Here's why attackers are living in the browser, and how to govern extensions.

Rachel Andersen·6/29/2026·7 min read
An employee risk score profile
Security Awareness TipsProduct Updates

How the empowsec Employee Risk Scoring Engine Works

empowsec's risk scoring engine assigns weighted points to every phishing and training event, applies time decay so recent behavior matters most, and rolls scores up to department and company level so you can target help where it is actually needed.

Marcus Chen·6/29/2026·8 min read
Employee searching for a software download on a laptop in an office
Phishing & Social EngineeringThreat Intelligence

Malvertising & SEO Poisoning: The Fake Download Trap

Attackers are buying ads and gaming search results so the top hit for popular software is a trojanized download. Here's how malvertising and SEO poisoning infect employees - and how to train against it.

David Kowalski·6/28/2026·7 min read
An HR professional reviewing payroll documents at a desk
Phishing & Social Engineering

Payroll Diversion: The BEC Scam That Targets HR Teams

Attackers are phishing payroll portal logins and impersonating staff to reroute direct-deposit paychecks into accounts they control. The FBI has warned about it for years - here's how HR can stop it.

Lisa Brennan·6/27/2026·7 min read
A security training completion certificate
Compliance & RegulationsProduct Updates

Training Completion Certificates: Proof for Audits

empowsec issues verifiable completion certificates every time a learner finishes an assignment or course, giving compliance teams clean, downloadable PDF evidence they can present to auditors without any extra effort.

Natalie Hoffmann·6/27/2026·7 min read
Office worker on a laptop video call reviewing a chat message in a collaboration app
Phishing & Social EngineeringThreat Intelligence

Teams & Slack Phishing: The Threat Beyond the Inbox

Phishing has moved out of the inbox and into Microsoft Teams, Slack, and calendar invites — platforms employees trust by default. Here is how the attacks work and how to extend your defenses to cover them.

Elena Vasquez·6/26/2026·7 min read