Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code. I’ve written about phishing attacks targeting GitHub users previously.... Read more »

1 in 3 Employees Rarely or Never Think About Cybersecurity

Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture. It’s something we all know – employees that aren’t paying attention to corporate... Read more »

An Old Dog with Some New Tricks

The Emotet botnet is now including stolen attachments in its phishing emails to increase the appearance of authenticity, BleepingComputer reports. The botnet is well-known for targeting the contacts of compromised email accounts... Read more »

New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros. Security researchers at Avanan have discovered a new attack method... Read more »