How Deepfakes Are Being Used in Cyberattacks (And What to Do About It)

• Post author:Pocholo Legaspi
• Post published:February 11, 2026
• Post category:Blogs

Deepfake attacks use AI to impersonate executives and bypass security. Helpdesks and payment approvals are primary targets for these sophisticated frauds.

Continue ReadingHow Deepfakes Are Being Used in Cyberattacks (And What to Do About It)

ShinyHunters Targets 100+ Organizations Through Okta SSO Vishing Campaign

• Post author:Pocholo Legaspi
• Post published:January 28, 2026
• Post category:Blogs

ShinyHunters breached 100 organizations through voice phishing attacks targeting SSO credentials. The group has already leaked millions of user records online.

Continue ReadingShinyHunters Targets 100+ Organizations Through Okta SSO Vishing Campaign

Why Cyberattacks Spike During the Holidays (And How to Prepare)

• Post author:Pocholo Legaspi
• Post published:December 3, 2025
• Post category:Blogs

Holiday staffing gaps give attackers time to move quietly through networks. The pattern shows why year end security coverage matters more than most teams expect.

Continue ReadingWhy Cyberattacks Spike During the Holidays (And How to Prepare)

Understanding Attack Surface and What Makes You a Target

• Post author:Pocholo Legaspi
• Post published:November 27, 2025
• Post category:Blogs

Your attack surface grows as old accounts, unpatched systems, and persistent vendor access accumulate. The result is a larger set of entry points attackers can exploit.

Continue ReadingUnderstanding Attack Surface and What Makes You a Target

Phishing-as-a-Service: Why Training Alone Won’t Stop PhaaS Attacks

• Post author:Pocholo Legaspi
• Post published:November 18, 2025
• Post category:Blogs

Criminals now rent complete phishing platforms that mimic real login pages with precision. The real risk comes from accounts holding unnecessary administrative rights.

Continue ReadingPhishing-as-a-Service: Why Training Alone Won’t Stop PhaaS Attacks

PureRAT Malware Campaign Exploits Hotels to Steal Guest Banking Details

• Post author:Pocholo Legaspi
• Post published:November 13, 2025
• Post category:Blogs

Hotels worldwide face PureRAT infections via fake Booking.com emails. The result is stolen credentials and scams against real guests.

Continue ReadingPureRAT Malware Campaign Exploits Hotels to Steal Guest Banking Details

Scattered LAPSUS$ Hunters Threatens to Leak 1 Billion Records From 39 Companies

• Post author:Pocholo Legaspi
• Post published:October 8, 2025
• Post category:Blogs

A cybercriminal group targets Salesforce via OAuth abuse and vishing, claiming to have stolen data from 39 major firms, including Qantas and UPS.

Continue ReadingScattered LAPSUS$ Hunters Threatens to Leak 1 Billion Records From 39 Companies

Execs Oversharing? Why Social Media Makes Phishing So Easy

• Post author:Pocholo Legaspi
• Post published:August 13, 2025
• Post category:Blogs

Phishing isn’t always sloppy or random. With your own social content, attackers craft emails that mirror real conversations and current business stress.

Continue ReadingExecs Oversharing? Why Social Media Makes Phishing So Easy

SIM Swapping and MFA Bombing: How Attackers Beat Two-Factor Authentication

• Post author:Pocholo Legaspi
• Post published:August 6, 2025
• Post category:Blogs

MFA is effective against automation, but targeted attacks like MFA bombing and SIM swaps are exposing its human-centered weaknesses.

Continue ReadingSIM Swapping and MFA Bombing: How Attackers Beat Two-Factor Authentication

The PDF Trap: How Callback Phishing Attacks Work

• Post author:Pocholo Legaspi
• Post published:July 3, 2025
• Post category:Blogs

PDF phishing is on the rise. Learn how attackers use trusted documents and fake phone numbers to bypass defenses in callback phishing campaigns.

Continue ReadingThe PDF Trap: How Callback Phishing Attacks Work