Latest issue
30. März 2026
Russia's FSB expanded their spear-phishing playbook to include an iOS exploit kit. In the same week, Iran-linked hackers compromised the FBI Director's personal email through a recycled password. Different actors, different targets, same gap: high-value individuals reached through channels that enterprise security doesn't cover.
Read the latest issue
Archive
5 issues
30. März 2026
Russia's FSB expanded their spear-phishing playbook to include an iOS exploit kit. In the same week, Iran-linked hackers compromised the FBI Director's personal email through a recycled password. Different actors, different targets, same gap: high-value individuals reached through channels that enterprise security doesn't cover.
Read issue
23. März 2026
Email authentication passed. The phishing still landed. That's the uncomfortable headline from this week. It's about attackers using Microsoft's own infrastructure to send phishing emails that pass every authentication check you have.
Read issue
16. März 2026
Attackers keep moving credential theft onto infrastructure defenders are reluctant to block. This week that meant a phishing kit built as a React app, hosted on Cloudflare Workers, and exfiltrating passwords through EmailJS. At the same time, the market data is clear on the defender side too: post-delivery cleanup, analyst workload, and identity-layer controls are now where email security programs win or lose.
Read issue
9. März 2026
Microsoft blocked more than 30 million Tycoon 2FA phishing emails in a single month. This week, law enforcement took the platform down. Competing AitM services are already filling the gap.
Read issue
3. März 2026
APT28 spent five months beaconing victims through a developer tool nobody blocks. Meanwhile, the Sophos numbers confirm what most practitioners already sense: BEC is accelerating, and identity is still the primary attack surface.
Read issue