Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg...
Phishing
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
Robotic surgery firm Intuitive reports data breach after targeted phishing attack Pierluigi Paganini March 18, 2026 Intuitive suffered a phishing...
Fake Pudgy World site steals your crypto passwords
A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes...
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious...
Your Signal account is safe – unless you fall for this trick
Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover...
Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them....
Global coalition dismantles Tycoon 2FA phishing kit
Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle...
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners one of the world's most prolific phishing-as-a-service...
3 Reasons to Visit IRONSCALES at RSA Conference 2026
The countdown to RSA Conference 2026 in San Francisco is officially on, and we cannot wait to connect with...
LastPass warns of spoofed alerts aimed at stealing master passwords
LastPass warns of spoofed alerts aimed at stealing master passwords Pierluigi Paganini March 04, 2026 LastPass warns of a phishing...
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook Pierluigi Paganini March 04, 2026 APT group Silver Dragon,...
Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement
This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as...
Phishing campaign exploits OAuth redirection to bypass defenses
Phishing campaign exploits OAuth redirection to bypass defenses Pierluigi Paganini March 03, 2026 Microsoft researchers warn that threat actors abuse...
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor...
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Ravie LakshmananMar 03, 2026Phishing / Malware Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL...
