Identity Illuminated

27/10/2025

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains.

24/10/2025

23/10/2025

Discover a technical analysis of Tykit, a new phishing kit targeting NA and EU companies in finance, construction, and telecom.

16/10/2025

Synced passkeys expose enterprises to cloud takeover, browser hijacks, and downgrade attacks.

14/10/2025

That exciting "You've Won!" link could be a wolf in sheep's clothing. 🐺➡️🔗

Your most powerful tool against phishing scams isn't software, it's this one-second habit.

Always HOVER before you CLICK. That tiny pause reveals the true destination, letting you spot the fakes.

A moment of inspection can save you from a nightmare of infection.

PAUSE. OBSERVE. QUESTION.

♻️ Share this lifesaver of a tip.

IT4YUS

13/10/2025

fans

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly.

02/10/2025

Google

Mandiant provided proactive defenses against UNC6040's social engineering attacks that have led to several Salesforce breaches.

23/09/2025

When a clickjack attack managed to hijack a passkey authentication ceremony, were password managers really to blame? ZDNET's investigation reveals a more complicated answer.

22/09/2025

Microsoft patched CVE-2025-55241 July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.

11/09/2025

The phishing page is said to have prompted the co-maintainer to enter their username, password, and two-factor authentication (2FA) token, only for it to be stolen.

20 npm packages with 2B weekly downloads compromised after maintainer phishing led to crypto-stealing malware.