Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

LAPSUS$-linked breaches did not break multi-factor authentication (MFA) cryptographically. Attackers obtained valid authentication outcomes through techniques commonly described as MFA fatigue attacks or MFA bypass attacks, including push-prompt abuse, SIM swapping, social engineering, and session token replay. Understanding how these attacks succeed helps explain where modern identity defenses must evolve.

A friend posted this on Facebook and it came up on my feed. I know this person and I was so sorry to read. How horrific! I had no idea who was killed in the accident, so I clicked on the news story. It took me to a site that posted this: This is a real reCAPTCHA posted to filter out anti-malware and content filtering services. When I saw this I knew that this was a fake news story and that my friend’s Facebook account had been taken over by a scammer.

Physical discs have given way to streaming. You can make a purchase with a tap of your phone. But relying on documents to verify business and individual identities isn't going anywhere. In fact, the opposite is true. Some regulations require document checks during identity verification. Even when that’s not the case, documents are becoming popular and valuable components of identity checks because they provide information that isn’t available elsewhere.

Picture this: It’s 3pm on a busy Tuesday. Your phone rings, and the caller ID shows your company's main number. "Hi, this is Jake from IT," says a confident voice. "We're seeing some unusual activity on your account and need to verify your password to secure it. Can you help me out real quick?". Sound familiar? Well, this was the exact technique perfected by a teenager named Kevin Mitnick in 1983, long before the internet, smartphones, or even Windows or Linux existed.

Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope. The invites lead to convincingly spoofed landing pages for fake video meetings, complete with a list of coworkers who have supposedly already joined the call. The page instructs the user to install a software update in order to join the video meeting.

Typosquatting is a deceptive technique in which threat actors register misspelled or look-alike domains of legitimate organizations to trick users into visiting fraudulent sites. It remains one of the most effective and underestimated attack vectors in the modern cyber threat landscape. What appears to be a misspelled domain often conceals sophisticated campaigns designed to phish company employees or customers, harvest credentials, deliver malware, and damage organizational reputation.

Enterprise account takeover solutions often look strong during procurement. The real test begins after go-live. Integration completes. Alerts begin flowing. Fraud, SOC, and digital leaders see new data. Now the question shifts from deployment to operationalization. How do enterprises turn early ATO visibility into measurable fraud reduction, faster investigations, and stronger regulatory posture?

AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI to assist in every stage of the attack, from deploying bots to conduct reconnaissance to using deepfakes to trick humans. “According to Pindrop internal data, AI fraud (or non-live fraud) surged 1210% by December 2025,” the researchers write.