Account takeover is one of the most common ways organizations get breached and one of the hardest to train users on. Not because users don’t care, but because usually training happens in unrealistic scenarios, long before or long after the moment it would actually matter.
An extortion gang tracked as “Silent Ransom Group” is targeting US law firms with voice phishing and in-person social engineering attacks, according to researchers at Mandiant and Google’s Threat Intelligence Group (GTIG).
Cloud email security has become pretty good. Not perfect, obviously, because the attack landscape is forever changing. But good enough that the old tactics do not land with the same success rate they once did. Filters are sharper. Detection is better. Users are smarter.
A newly surfaced extortion brand called “Pink” is using voice phishing and fake IT support calls to breach organizations, the Register reports. The threat actor may be a rebrand of prior extortion groups, including BlackFile and Redact, though its tactics remain the same.
Threat actors are increasingly abusing workplace collaboration tools like Microsoft Teams to launch social engineering attacks, according to researchers at Palo Alto Networks’s Unit 42. Attackers are sending Teams messages that impersonate IT personnel, asking users to approve a multifactor authentication prompt. Both criminal and nation-state threat actors are using this social engineering technique to compromise organizations’ environments. While Microsoft Teams has measures to warn users about potential attacks, the user can still be tricked into accepting the message.
Phishing scams surged across social media platforms during the first quarter of 2026, according to a new report from the Anti-Phishing Working Group (APWG).
As employees increasingly rely on AI tools and AI agents in daily workflows, organizations are facing a new workforce security challenge: how to reduce risk without slowing productivity.
.jpg)
The US Federal Bureau of Investigation (FBI) warns that Americans lost just under $900 million to AI-powered scams in 2025, Malwarebytes reports. Total reported losses to scams last year reached nearly $21 billion, a 26% increase from 2024. The researchers note that the true losses are likely much higher, since many attacks go unreported.
