Abnormal Blog

Explore insights from SOC leaders on the evolving landscape of social engineering threats, highlighting human vulnerabilities and strategies to enhance cybersecurity.

Discover how cybercriminals are using Evilginx to bypass multi-factor authentication (MFA) in attacks targeting Gmail, Outlook, Yahoo, and more.

Discover how AI is being used for bad as hackers leverage it to carry out their cybercrimes, in this recap of a white paper from hacker FC.

Microsoft, with its vast user base, is a prime target for cybercriminals. Discover the top 5 attack strategies used to compromise its users and systems.

Cyberattacks on schools have surged, exposing 650K+ records in the last 60 days. As the school year begins, phishing is a key threat to students, teachers, and staff.

Explore the ways in which corporate network access is valued by initial access brokers (IABs) according to access type, company revenue, and country tier.

Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.

Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.

Discover the top five ways hackers compromise accounts, from exploiting leaked API credentials to SIM swapping partnerships, and more. Learn how these techniques enable account takeover (ATO) and pose risks to enterprises.

Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.

Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.

Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.

Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.

Secure email gateways simply cannot block modern attacks. Here are the top eight cyber threats bypassing your SEG.

SendGrid and Mailtrap credentials are being sold on cybercrime forums for as little as $15, and they are used to send phishing emails and bypass spam filters. Learn how infostealers and checkers enable this underground market.

Learn about the techniques cybercriminals use to steal Zoom accounts, including phishing, information stealers, and credential stuffing.

This article examines the top five ChatGPT jailbreak prompts that cybercriminals use to generate illicit content, including DAN, Development Mode, Translator Bot, AIM, and BISH.

Discover key cybersecurity takeaways from last week’s email breach on federal agencies by a Chinese APT group.

Generative AI tools like ChatGPT and Google Bard are already being used by cybercriminals for BEC attacks, phishing, and malware. Here's how to combat email-based attacks.

Discover how two BEC threat groups are using automated translation tools to execute payment fraud and payroll diversion attacks in several languages simultaneously.

Discover how Firebrick Ostrich uses open-source intelligence to run their BEC scams in these supply chain compromise examples.

Threat actors are capitalizing on the new year, posing as human resources officials to send credential phishing attacks.

As spammers become more sophisticated across cloud services, Abnormal is addressing new attacks including this recent malicious calendar invite.

Discover how ChatGPT can be used by threat actors to run business email compromise schemes and other email attacks.