Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“The problem is much, much worse than most people acknowledge.” One of the biggest enduring mysteries for me in cybersecurity is why most cybersecurity curricula don’t teach secure coding to programmers. I have no real answers, only speculation.

Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across North America and Europe, according to researchers at ANYRUN. The phishing attacks are delivered via email and primarily attempt to steal Microsoft 365 credentials. Like many popular commodity phishing kits, Salty 2FA is designed to bypass a variety of multifactor authentication measures.

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after. “Among the most in-demand skills is English-speaking social engineering, with job posts more than doubling from 2024 to 2025,” the researchers write.

You've probably seen them: enticing online offers for free products from brands you trust, like a Yeti beach chair from Costco or an emergency car kit from AAA. All you have to do is fill out a quick survey and pay a small "shipping fee" of a couple of dollars. But what seems like a harmless transaction is actually a sophisticated scam with a high price tag. The KnowBe4 Threat Lab team has been tracking a phishing campaign where scammers use these fake surveys to steal financial data.

Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial Data”. As discussed in our previous blog, the human element is a critical part of the fake survey scam. However, the campaign's success is largely due to its advanced technical infrastructure.

Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42. In many cases, even when these services have safeguards in place to prevent abuse, criminals are able to bypass these measures in order to create phishing pages. Unit 42 tested a popular website generator to see how easy it was to spin up a spoofed website.

In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the hood to answer the critical question: How do these attacks technically bypass security defenses?

Attackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports. The attacks impersonate Booking.com with phony emails that inform users of a new login to their account. “The attack, first spotted by security researcher JAMESWT, abuses the Japanese hiragana character “ん” (Unicode U+3093), which closely resembles the Latin letter sequence '/n' or '/~', at a quick glance in some fonts,” BleepingComputer explains.

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” to profit from the scheme. “With ramp and dump, the scammers do not need to rely on ginning up interest in the targeted stock on social media,” Krebs explains.