From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook Pierluigi Paganini March 04, 2026 APT group Silver Dragon,...
Phishing
Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement
This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as...
Phishing campaign exploits OAuth redirection to bypass defenses
Phishing campaign exploits OAuth redirection to bypass defenses Pierluigi Paganini March 03, 2026 Microsoft researchers warn that threat actors abuse...
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor...
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Ravie LakshmananMar 03, 2026Phishing / Malware Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL...
Purchase order attachment isn’t a PDF. It’s phishing for your password
An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely...
T.H.E. Journal | Why Web Security Has Become Core Infrastructure for K–12
This article was originally published in T.H.E. Journal on 02/11/26 by Charlie Sander. Learning is increasingly cloud-based and off-campus...
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often...
Job scam uses fake Google Forms site to harvest Google logins
As part of our investigation into a job-themed phishing campaign, we came across several suspicious URLs that all looked...
EdTech Magazine | What Minimum Viable Cybersecurity Looks Like for K–12 Districts
This article was originally published in EdTech Magazine on 02/11/26 by Didi Gluck. As ransomware and phishing attacks grow...
Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident
An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning...
Poorly crafted phishing campaign leverages bogus security incident report
Poorly crafted phishing campaign leverages bogus security incident report Pierluigi Paganini February 17, 2026 Attackers used a fake PDF incident...
Fintech firm Figure disclosed data breach after employee phishing attack
Fintech firm Figure disclosed data breach after employee phishing attack Pierluigi Paganini February 14, 2026 Fintech firm Figure confirmed a...
Outlook add-in goes rogue and steals 4,000 credentials and payment data
Researchers found a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft account credentials, credit card...
Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX
Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step...
