Purchase order attachment isn’t a PDF. It’s phishing for your password
An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely...
Phishing
T.H.E. Journal | Why Web Security Has Become Core Infrastructure for K–12
This article was originally published in T.H.E. Journal on 02/11/26 by Charlie Sander. Learning is increasingly cloud-based and off-campus...
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often...
Job scam uses fake Google Forms site to harvest Google logins
As part of our investigation into a job-themed phishing campaign, we came across several suspicious URLs that all looked...
EdTech Magazine | What Minimum Viable Cybersecurity Looks Like for K–12 Districts
This article was originally published in EdTech Magazine on 02/11/26 by Didi Gluck. As ransomware and phishing attacks grow...
Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident
An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning...
Poorly crafted phishing campaign leverages bogus security incident report
Poorly crafted phishing campaign leverages bogus security incident report Pierluigi Paganini February 17, 2026 Attackers used a fake PDF incident...
Fintech firm Figure disclosed data breach after employee phishing attack
Fintech firm Figure disclosed data breach after employee phishing attack Pierluigi Paganini February 14, 2026 Fintech firm Figure confirmed a...
Outlook add-in goes rogue and steals 4,000 credentials and payment data
Researchers found a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft account credentials, credit card...
Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX
Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step...
Flickr moves to contain data exposure, warns users of phishing
Flickr moves to contain data exposure, warns users of phishing Pierluigi Paganini February 09, 2026 Flickr says a flaw at...
SoundCloud Data Breach Exposes Nearly 30M User Accounts
Image: appshunter.io (Unsplash) If you’ve ever had a SoundCloud account, now might be a good time to double-check your security...
W-2s Are Arriving. Here’s How to Spot and Avoid Tax Scams
W-2s are arriving, and tax season officially begins the moment they do. That timing makes this a prime window for...
Amnesia RAT deployed in multi-stage phishing attacks against Russian users
Amnesia RAT deployed in multi-stage phishing attacks against Russian users Pierluigi Paganini January 27, 2026 A multi-stage phishing campaign targets...
Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint
Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint Pierluigi Paganini January 26, 2026 Microsoft warns of a...
