A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.

At first glance, it’s a normal and harmless webpage, but it’s able to transform into a phishing site after a user has already ...

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...

Tech firms are still the most impersonated in phishing campaigns ...

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks.

The FBI has warned about North Korean hackers Kimsuky leveraging QR codes in phishing attacks targeting U.S. and foreign government entities, academia, think tanks, and others.

Phishing attacks are everywhere, and most of us can spot the obvious ones. Even if someone falls for one and hands over their password, two-factor authentication (2FA) usually adds a crucial layer of ...

The cybersecurity refrain when encountering phishing emails invariably advises: “don’t click on that link” and “report that email” — but new research from Drexel University and Arizona State ...

So, when an attacker sends a fake UCPath payroll notification with a QR code linking to a credential harvesting site, a SEG will often wave it through. By the time an unsuspecting user scans it, their ...

Despite being a legacy communication tool, email isn’t going anywhere anytime soon—and as long as it continues to be used in business, it will continue to serve as a prime target for cybercriminals, ...

Cybercriminals are increasingly targeting online account credentials, with 88.5% of phishing scams focused on stealing login ...