Abnormal Blog

CryptoGrab, a global cryptocurrency affiliate network, has been defrauding users of millions for more than 5 years using phishing emails and other tactics.

Explore the risks of open redirects and how they enable attackers to circumvent email security.

Explore new research on how AI is amplifying the impact of BEC and VEC attacks and learn how to defend against these evolving email security threats.

Cybercriminals misuse Google services for phishing, ad hijacking, and more. Learn five attack methods and how to protect your accounts.

Threat actors are exploiting Docusign to bypass traditional email security, but Abnormal Security’s AI-powered platform stops these attacks by detecting behavioral anomalies in real time.

A new phishing campaign targeting Microsoft ADFS bypasses MFA with social engineering and technical deception. Learn how attackers take over accounts—and how to stop them.

Discover how phishing-as-a-service (PhaaS) is transforming phishing attacks with cloud-based platforms, multi-factor authentication bypass, and session hijacking.

Cybercriminals use GhostGPT, an uncensored AI chatbot, for malware creation, BEC scams, and more. Learn about the risks and how AI fights back.

Explore how threat actors exploit Punycode in email attacks and learn how AI-driven solutions can protect against these threats.

Learn how attackers use Google Translate's URL redirection for phishing, exploiting Google’s trust to deceive users and bypass security.

Learn how phishing kits provide pre-packaged tools for stealing credentials, bypassing MFA, and targeting platforms like Gmail and Microsoft 365.

What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.

Explore insights from SOC leaders on the evolving landscape of social engineering threats, highlighting human vulnerabilities and strategies to enhance cybersecurity.

Discover how cybercriminals are using Evilginx to bypass multi-factor authentication (MFA) in attacks targeting Gmail, Outlook, Yahoo, and more.

Discover how AI is being used for bad as hackers leverage it to carry out their cybercrimes, in this recap of a white paper from hacker FC.

Microsoft, with its vast user base, is a prime target for cybercriminals. Discover the top 5 attack strategies used to compromise its users and systems.

Cyberattacks on schools have surged, exposing 650K+ records in the last 60 days. As the school year begins, phishing is a key threat to students, teachers, and staff.

Explore the ways in which corporate network access is valued by initial access brokers (IABs) according to access type, company revenue, and country tier.

Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.

Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.

Discover the top five ways hackers compromise accounts, from exploiting leaked API credentials to SIM swapping partnerships, and more. Learn how these techniques enable account takeover (ATO) and pose risks to enterprises.

Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.

Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.

Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.