Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A friend of mine got a call on his phone and he regrettably picked it up. The number was 267-332-3644. The area code is from Bucks County, PA, where he used to live many years ago. But since his multiple anti-scam phone filter apps did not flag the number as a scam, and it was from a place he used to live, he picked it up.

Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. This post will tell you what device code phishing is and how to defend against it. Here are some other related reports involving the recently reported device code phishing attacks.

Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point. The researchers note that threat actors often take advantage of high-profile tragedies and crises to exploit victims’ emotions. “They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI,” the researchers write.

A social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to researchers at security firm Trail of Bits. The operation targeted Trail of Bits’ CEO, who recognized it as malicious and didn’t fall for the attack. The researchers have attributed the campaign to the ELUSIVE COMET threat actor.

Recently, I received an email at work from a company with whom I've had previous interactions. The email lacked context and contained an attachment, immediately raising suspicion. I reported it to our infosec team using the Phish Alert Button (PAB). A short while later, our team confirmed it was indeed a malicious email. Subsequently, the sender organization informed us that they had been compromised, and phishing emails had been distributed from their account.

A new report from Valimail has found that 50% of organizations lack effective protection against email spoofing. Specifically, many organizations have lenient DMARC policies that don’t actually prevent spoofing. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps prevent attackers from spoofing organizations that have the protocol in place.

According to our independent survey of individuals across the UK, USA, Netherlands, France, Denmark, Sweden, the DACH region, and Africa who use a laptop as part of their work, 90.1% find simulated phishing tests relevant. What’s more, 90.7% agreed that these simulations improve their awareness of real phishing attacks.

A new report from Sophos found that ransomware attacks accounted for over 90% of incident response cases involving medium-sized businesses in 2024, as well as 70% of cases involving small businesses. “While the overall number of incidents in 2024 was slightly down—in part because of better defenses and the disruption of some major ransomware-as-a-service operators—ransomware-related crime is not fading away,” Sophos says.

Cybercriminals are increasingly using AI tools to assist in malicious activities, according to Microsoft’s latest Cyber Signals report. “AI has started to lower the technical bar for fraud and cybercrime actors looking for their own productivity tools, making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate,” the report says.

Have you ever walked down a street with broken windows, burnt out cars, graffiti and felt a bit uneasy? There's a reason for that, and it's not just about aesthetics. The Broken Windows Theory, introduced by social scientists James Q. Wilson and George L. Kelling in 1982, suggests that visible signs of crime and antisocial behavior encourage further crime and disorder. But what does this have to do with cybersecurity? More than you might think.

The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential. However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulnerabilities, particularly within its supply chain. The Interconnected Web of Energy The energy sector is a complex web of systems, stretching far beyond power plants and wind farms.

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the answer is no. As long as these attack tactics remain effective, cybercriminals will continue to use them, which likely explains the spike in the exploitation of Google Services for phishing attacks observed in the first month of 2025.

Most organizations cite low security awareness among employees as the biggest barrier to defending against cyberattacks, according to a new survey by CyberEdge Group. “This result reinforces the idea that in cybersecurity, as in so many other areas of business and life, people challenges trump technology issues every time,” the researchers write. “Without doubt, although computers speed up every year, people don’t (and some days we suspect they are getting slower).

Right now, today, thousands of people are being tricked into going to their banks or credit unions to withdraw large sums of cash and will give or send it to a complete stranger, never to see it again. Many of the victims are in the prime of their lives, intelligent, and consider themselves to be of above-average ability in spotting scams and scammers.

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns. The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.

In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents. Multiple industry studies and research reports consistently show that between 70% and 90% of data breaches involve some form of human related cause - whether through social engineering, errors or misuse.

Phishing was the most prevalent and disruptive type of attack experienced by UK organizations over the past twelve months, according to the British government’s Cyber Security Breaches Survey 2025. 85% of businesses and 86% of charities in the UK reported sustaining phishing attacks last year. “The qualitative interviews highlighted that phishing attacks were often cited as time-consuming to address due to their volume and the need for investigation and staff training,” the report says.

America's critical infrastructure faces an unprecedented threat, and it's already installed in hundreds of locations across the nation. Recent investigations confirm that Chinese-manufactured power transformers—essential components of our electrical grid—have been discovered with hidden capabilities allowing remote shutdown from overseas. In summer 2019, federal authorities seized a massive 500,000-pound Chinese transformer at the Port of Houston.

Reliable energy is the backbone of any modern society. It powers our homes, industries, and economies. But what happens when this essential infrastructure becomes a target for cyberattacks? In Europe, the energy sector is facing an escalating threat landscape, with potentially dire consequences.

Cybercriminals are capitalizing on tax season by launching phishing campaigns targeting QuickBooks users, Malwarebytes reports. The attack begins with a malicious Google ad that appears at the top of the page when a user searches for QuickBooks. The website’s domain, “quicckboorks-acccountingcom,” is designed to trick users who don’t closely examine the URL.

Illumio’s recent Global Cost of Ransomware Study found that 64% of Australian companies hit by ransomware had to shut down operations as a result. Additionally, 43% of these organizations reported a significant loss of revenue, and 39% lost customers as a result of an attack. Most respondents indicated that reputational damage has overtaken regulatory fees as the most costly effect of a ransomware attack.

Disclaimer: Don't get me wrong, I love using generative AI daily for research and writing. This is about how other users could be using it when they don't know what they don't know and are accidental in their actions to hurt the organization where they work. Shadow IT has always lived in the background of organizations' environments with unapproved apps, rogue cloud services, and forgotten BYOD systems. Like all technology, the Shadow IT ecology is evolving.

Steam was the most impersonated brand in phishing attacks during the first quarter of 2025, according to a new report from Guardio. The researchers note that the gaming platform’s surge to the top comes as “a bit of a shock.” “Historically, the spot has been dominated by the usual suspects - big tech companies like Meta, Microsoft, or even USPS,” Guardio says. “But this quarter, it’s Steam, and by a significant margin.

A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at Prodaft. The platform is operated by Chinese cybercriminals who offer access to the service under a subscription model. A Lucid subscription allows crooks to easily craft sophisticated, targeted phishing campaigns.

Internet memes and viral content have become a universal language of online culture. They're easily shareable, often humorous, and can spread rapidly across various platforms. However, this same virality and cultural resonance make memes an attractive vector for cybercriminals and threat actors. Anatomy of a meme Memes are nothing new, and have been around for decades. In fact, a comic published in 1921 followed one of today's most common meme themes: ‘Expectation vs.

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42. Quishing attacks hide phishing URLs within QR codes, allowing them to more easily evade security filters and trick the user into opening the link on their phone.

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA. In an article for TechRadar, Reilly explains that these scams have risen by 400% since 2022, and 50% of freight brokers name it as their top concern. “Here’s how they work: Scammers pose as legitimate freight brokers or create fake transportation companies,” Reilly writes.

It seems like only yesterday that we launched the Compliance Plus training library as a result of customers asking us to address their needs beyond security awareness training. The team and I were just looking at our first few months where we had just over 20,000 customer completions in June of 2021. We have since had millions of users complete our content and the library has grown from 115 pieces of content at launch to over 800 pieces of content.

99% of phishing emails that reached inboxes last year did not contain malware, according to a new report from Fortra. Attackers were much more successful using malicious links or purely response-based social engineering. Fortra explains, “Anti-malware scanning, sandboxing, and other pre-delivery security processes are increasingly common and make it more difficult for emails containing malware payloads to reach user inboxes.

As of January 17, 2025, the Digital Operational Resilience Act (DORA) came into force across all European Union member states, with the crucial aim of strengthening the IT security of financial entities such as banks, insurance companies and investment firms. To do this, the regulation looks to standardize how financial entities report cybersecurity incidents, test their operational resilience, and manage third-party risk.

The Network and Information Systems Directive 2022 (NIS2) was designed to strengthen the cybersecurity resilience of critical infrastructure across the European Union. However, while member states were required to transpose NIS2 into national law by October of 2024, many fell short of this deadline. As a result, on November 28, 2024, the European Commission launched infringement procedures against 23 member states for failing to meet their obligations.