Booking.com travellers are being targeted by highly convincing phishing scams that use real reservation details to steal payments and personal data. Following a recent data exposure, cybercriminals are exploiting booking information to impersonate hotels and pressure victims into urgent payments. Learn how these scams work and why travellers are now prime targets.

Cybercriminals are exploiting World Cup hype by creating fake FIFA websites designed to steal personal and financial information. This emerging wave of phishing attacks highlights how easily users can be tricked by convincing domain spoofing. Learn how these attacks work and what organisations can do to stay protected.

Hotel booking scams are evolving, with cybercriminals hijacking legitimate reservations to trick travellers into handing over sensitive data. This new wave of targeted phishing attacks uses real booking details to appear completely authentic. Learn how these scams work.

Discover how phishing-resistant MFA and passkeys help protect Microsoft 365 accounts from modern cyber threats in this fun Little Red Riding Hood-inspired cybersecurity story.

Mobile phishing attacks are rapidly overtaking traditional email scams, with cybercriminals targeting users through SMS, QR codes, Teams, and mobile apps. Learn why businesses must rethink cybersecurity strategies to protect staff, devices, and Microsoft 365 identities from modern phishing threats.

Cybercriminals are now abusing Microsoft Self-Service Password Reset workflows to compromise Microsoft 365 and Azure environments through social engineering and MFA manipulation. Learn how attackers are targeting privileged accounts, stealing cloud data, and what Australian businesses can do to strengthen Entra ID and Azure security.

Tycoon2FA is evolving again, now abusing Microsoft’s legitimate device login process to hijack Microsoft 365 accounts while bypassing traditional phishing protections. Learn how device-code phishing works, why MFA alone may not be enough, and what organisations can do to better secure Entra ID and Microsoft 365 environments.

Multi-stage “code of conduct” phishing used PDF lures and CAPTCHA gating to drive victims into an AiTM proxy that stole session tokens and bypassed MFA at scale.