Roman Dedenok

The patch that fixes CVE-2024-49040 in Microsoft Exchange is temporarily unavailable. We’ve implemented heuristics that detect attempts to exploit it.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

This phishing campaign incorporates ghost spoofing, embedded text in images, a PDF file, a QR code, DocuSign imitation, and Cloudflare verification — yet it still completely misses the mark.

An Office 365 security alert as bait in a phishing email.

A simple technology that significantly improves email protection.

Cybercriminals prey on corporate credentials by sending phishing links through Dropbox after priming the victim.

Cybercriminals prey on access to mailing tools by sending phishing emails through these same tools.

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.

Examples of how QR codes in emails are used for phishing.

Attackers invite employees to complete fake self-evaluations to steal corporate credentials.

How did scammers pull off a MitM attack and 2FA bypass in… 1915?!

Cybercriminals prey on corporate credentials by sending fake HR emails.

Cybercriminals can access the e-mails of folks you’re in correspondence with and then try to hijack your conversations.

Cybercriminals are using hijacked SharePoint servers to send dangerous notifications.

Korean filmmakers have made a film about cybercrime that deserves a look — if only as a training tool.

Why might a business email contain a link to Google Translate?

Cybercriminals are sending to companies high-quality imitations of business letters with a spy trojan in the attachment.

Work e-mails stamped “verified” should set alarm bells ringing.

How cybercriminals extract bank card details pretending to be DHL.

Here’s how phishers extract phone numbers and credentials from users of Wise.

We explain how scammers steal cryptowallets through phishing.