The Cofense Phishing Defense Center has identified an Amazon-themed malware delivery campaign that abuses the ClickFix self-infection technique to deliver a custom monitoring RAT known as HarborWatch Agent. This campaign highlights a ...

This blog explains how threat actors are evolving beyond traditional credential phishing by using convincing Zoom-themed social engineering attacks to trick users into installing ConnectWise ScreenConnect, a legitimate remote monitoring tool that ...

In this blog, Josh Bartolomie argues that many security awareness programs rely on predictable phishing simulations that inflate success metrics without improving real-world defense. They highlight that modern phishing attacks, increasingly powered ...

Meta, the parent company of platforms such as Facebook and Instagram, plays a major role in both personal communication and business operations worldwide. A new phishing campaign is emerging that abuses Meta’s ...

The blog describes a phishing campaign identified by Cofense that impersonates Interactive Brokers using a fake IRS W-8BEN renewal email to trick users into clicking a malicious link. The email appears legitimate ...

The blog describes a phishing campaign identified by Cofense that impersonates Interactive Brokers using a fake IRS W-8BEN renewal email to trick users into clicking a malicious link. The email appears legitimate ...

An Iran conflict-related phishing email titled “Public Safety Advisory – Action Recommended,” sent from “@qualitycollection.com.au,” is impersonating official government and civil defense organizations. The message uses urgent, fear-inducing language about air-raid threats, ...

This article explains how a phishing campaign impersonates LinkedIn notifications to trick users into clicking malicious links and entering their login credentials on spoofed websites. It highlights how attackers use realistic branding, ...

The blog describes a phishing campaign targeting Xiaomi users, where attackers send realistic emails posing as official communications to trick recipients into clicking malicious links and entering credentials on a fake login ...

The blog describes a phishing campaign targeting Xiaomi users, where attackers send realistic emails posing as official communications to trick recipients into clicking malicious links and entering credentials on a fake login ...