Social Engineering
The latest Social Engineering coverage — news, analysis, and updates from the WindowsNews.AI desk.
Sophisticated Microsoft 365 Phishing Attacks Exploit SVG Images and Trusted Tools to Steal Credentials
A new wave of phishing attacks targeting Microsoft 365 users is bypassing conventional email filters by weaponizing SVG image files and repurposing legitimate security tools as cloaking devices. The...
Google Gemini Exploit Can Control Smart Homes, as Nvidia Rejects Government Backdoor Demands
A simple "thank you" is all it takes for attackers to hijack Google's Gemini AI and control your smart home, researchers revealed at Black Hat this week. The demonstration, which showed how a...
Internal Phishing Threats Exploiting Microsoft 365 Direct Send: Understanding and Defending Against SMTP Relay Abuse
A silent crisis is unfolding within Microsoft 365 environments as attackers turn the platform’s own trusted features against its users. The rise of sophisticated phishing campaigns leveraging...
How Link Wrapping in Microsoft 365 Emails Became a Double-Edged Sword in Advanced Phishing Attacks
Cloudflare’s recent analysis of a wave of advanced phishing attacks targeting Microsoft 365 users has sent shockwaves across the cybersecurity community, exposing paradoxes at the heart of modern...
Phishing Attacks Weaponize Trusted Email Security Tools: A 2025 Cybersecurity Warning
The cybersecurity landscape has entered a new era, marked by an insidious twist: the very tools enterprises rely on to protect against phishing and credential theft are now being weaponized by...
How Link Wrapping Enables Sophisticated Phishing Attacks on Microsoft 365 and What Organizations Can Do
In an era where digital trust serves as both the scaffolding and the Achilles' heel of business productivity, the latest wave of phishing attacks on Microsoft 365 reveals just how brittle even our...
Understanding and Defending Against Multi-Layer Redirect Phishing Attacks on Microsoft 365
In a cybersecurity landscape that’s constantly evolving, Microsoft 365 stands at the epicenter of a digital tug-of-war, where innovation in collaboration tools is matched only by threat actors’...
Defending Against Scattered Spider: Securing Internal Messaging Platforms from Advanced Digital Deception
The threat landscape for enterprise IT has never been more volatile, with the emergence of groups like Scattered Spider redefining the boundaries of digital deception. Unlike many earlier...
Scattered Spider Cyber Threat: Tactics, Defense Strategies, and Community Insights
The story of Scattered Spider—a notorious cyber threat actor known for its innovative blend of technical exploitation and social engineering—unfolds against a rapidly shifting security landscape....
The Anatomy and Impact of the Latest npm Supply Chain Malware Attack
A new wave of targeted malware campaigns has once again put the software supply chain under the microscope, and at the epicenter lies npm—the world’s largest ecosystem for JavaScript packages. As...
Phishing in 2025: How AI and Microsoft Exploits Fuel a New Era of Cyber Threats
Phishing persists as a hydra-headed threat in 2025, evolving at a terrifying pace to outmaneuver the digital defenses of even the most sophisticated organizations. Fuelled by advances in artificial...
Interlock Ransomware 2025: Technical Evolution, Attack Strategies, and Defense Best Practices
Interlock ransomware, once a relatively obscure threat in the final months of 2024, has rapidly evolved into one of the most sophisticated and disruptive ransomware families impacting organizations...