News

Security awareness tips, industry news, and product updates.

A professional using an AI assistant on a laptop in an office
Threat Intelligence

Prompt Injection: The Hidden Risk in AI Assistants

Hidden instructions in a web page, email, or document can hijack an AI assistant into leaking data or taking actions on your behalf. It's OWASP's #1 LLM risk - and it grows as AI agents gain access.

Daniel Okafor·6/25/2026·6 min read
An employee reading an urgent text message on a smartphone at work
Phishing & Social Engineering

Gift Card Scams: The "Are You Available?" CEO Fraud

"Are you available? I need a quick favor." It's the opening line of a gift card scam impersonating your CEO - low-tech, high-volume, and aimed at new and junior staff. Here's the pattern and the one rule that stops it.

Thomas Eriksson·6/25/2026·7 min read
Managing training assignments and due dates
Security Awareness TipsProduct Updates

Training Courses, Due Dates, Escalation and Renewals

empowsec lets you bundle modules into courses, assign them to users or departments with due dates, automate reminders and manager escalations, and set up annual renewals - so compliance training runs itself rather than requiring manual follow-up.

Natalie Hoffmann·6/25/2026·9 min read
Finance team member reviewing an invoice on a desk in an office
Phishing & Social Engineering

Invoice Fraud & Vendor Email Compromise: How to Stop It

A trusted supplier emails to say their bank details have changed. Pay the new account and the money is gone. Here is how vendor email compromise drives invoice fraud — and the verification controls that stop it.

Sarah Mitchell·6/24/2026·6 min read
Employee reviewing an application permission request on a laptop screen
Phishing & Social EngineeringThreat Intelligence

Consent Phishing: Malicious OAuth Apps That Bypass MFA

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

Marcus Chen·6/23/2026·6 min read
Delivering security training in multiple languages
Security Awareness TipsProduct Updates

Multi-Language Security Training with empowsec Translations

empowsec delivers training in each employee's own language: modules, courses, interactive lessons, and phishing templates all support per-language translations, with bulk import tooling and hreflang SEO for public pages.

Elena Vasquez·6/23/2026·7 min read
Close inspection of a web address on a laptop screen with a magnifying glass
Phishing & Social EngineeringThreat Intelligence

Lookalike Domains & Typosquatting: A Defense Guide

An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.

David Kowalski·6/22/2026·7 min read
Employee looking at a concerning email on their phone in a calm office setting
Phishing & Social EngineeringSecurity Awareness Tips

Sextortion Emails: It Is Almost Always an Empty Bluff

A threatening email claims to have webcam footage and demands Bitcoin — and it even quotes one of your old passwords. Here is why these extortion scams are almost always empty bluffs, and how to help employees respond calmly.

Rachel Andersen·6/21/2026·7 min read
Listening to narrated security training
Security Awareness TipsProduct Updates

Text-to-Speech Narration for Security Awareness Training

empowsec training pages can include spoken narration generated by text-to-speech, available in both English and German, with multiple natural-sounding voice choices per page. Narration improves accessibility and supports learners who absorb information better by listening.

Elena Vasquez·6/21/2026·7 min read
Abstract visualization of connected cloud applications and integrations
Compliance & RegulationsThreat Intelligence

When the Vendor Is the Breach: The Salesloft Drift Lesson

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

Rachel Andersen·6/20/2026·4 min read
Finance team reviewing payment documents around a conference table
Security Awareness TipsThreat Intelligence

FBI IC3 2025: $20.9B Lost — and What Your Team Can Do

The FBI's 2025 Internet Crime Report tallies a record $20.9 billion in losses, with business email compromise close to the top. Here's what the numbers mean and the controls that actually help.

Sarah Mitchell·6/19/2026·4 min read
Hands-on interactive security exercises
Security Awareness TipsProduct Updates

Interactive Training Page Types in empowsec: Part 2

Part 2 of empowsec's interactive page types covers the hands-on practice formats: click-to-match, ordering, fill in the blanks, email red-flag finder, and chat simulation - each designed to make learners practice the skill, not just read about it.

Sarah Mitchell·6/19/2026·9 min read