Resources

Google Threat Intelligence Group recently released its latest report, “GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Us,” on how malicious adversaries are using AI to commit cybercrimes. ... Read more

Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope. ... Read more

... Read more

Social engineering remains the most reliable way into an organization—and attackers are getting better at it every day. ... Read more

Cybercriminals continually evolve their techniques, leading to more successful phishing attacks. Using techniques such as text-based attacks that utilize social engineering and highly targeted spear phishing, bad actors are able to bypass traditional email security and land in their target’s inbox. ... Read more

Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices. Phishing can result in cybercriminals gaining unauthorized access to organizations’ data, network systems, or applications. ... Read more

Independent research shows that 91% of organizations have experienced outbound email security incidents in their Microsoft 365 environments. Human error is the primary cause of these incidents, whether that's adding an incorrect recipient, attaching the wrong file, or forgetting to use the Bcc field.  ... Read more

There's a beautiful moment happening right now, and by "beautiful" I mean "horrifying in that can't-look-away-from-the-car-crash sense”. ... Read more

Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026. ... Read more

People accidentally send emails to the wrong recipients every day. The impact of these incidents can be relatively minor if there is no sensitive data included in the email body or attachments - it might be inefficient or slightly embarrassing, but it's not a security incident. However, a security incident... Read more

AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI to assist in every stage of the attack, from deploying bots to conduct reconnaissance to using deepfakes to trick humans. ... Read more

Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid password policy recommendations: ... Read more

Cybercriminals are abusing legitimate invoices and dispute notifications from popular services to send scam emails that bypass security filters, according to researchers at Kaseya’s INKY. The attackers have used this technique to impersonate PayPal, Apple, DocuSign, HelloSign, and others. ... Read more

There's a moment in every security professional's career when they realise the game has fundamentally changed. Mine came last Tuesday at 3:47 PM, watching my colleague Erich argue with an AI agent about expense policy while simultaneously being phished by what I'm 87% certain was another AI agent pretending to... Read more

CyberheistNews Vol 16 #07  |   February 17th, 2026 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow,... Read more