AI chatbots are changing how users discover software; but attackers are exploiting that trust. Learn how malicious links, fake downloads, and AI-driven recommendations are increasing the risk of malware and remote compromise for businesses.

Discover how phishing-resistant MFA and passkeys help protect Microsoft 365 accounts from modern cyber threats in this fun Little Red Riding Hood-inspired cybersecurity story.

Tycoon2FA is evolving again, now abusing Microsoft’s legitimate device login process to hijack Microsoft 365 accounts while bypassing traditional phishing protections. Learn how device-code phishing works, why MFA alone may not be enough, and what organisations can do to better secure Entra ID and Microsoft 365 environments.

Hackers are now using Microsoft Teams chats to impersonate IT support and trick employees into running malicious PowerShell commands. The KongTuke campaign shows why collaboration platforms need the same scrutiny as email when defending against social engineering and malware attacks.

A new proof-of-concept exploit called YellowKey reportedly shows how BitLocker-protected Windows drives could be accessed using crafted files on a USB stick and Windows Recovery Environment. The issue requires physical access, but it raises serious questions about laptop theft risk, recovery-mode trust, and whether BitLocker alone is enough.

Multi-stage “code of conduct” phishing used PDF lures and CAPTCHA gating to drive victims into an AiTM proxy that stole session tokens and bypassed MFA at scale.