Threat Intel

B Inbox Prime AI Blog

Author Callie Hinman

Callie Baron

Author Piotr Wojtyla

Piotr Wojtyla

Discover how the InboxPrime AI phishing kit automates scalable, believable email attacks and highlights the growing sophistication of AI-driven cybercrime.

InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime

B Cyber LNK

Cyber LNK Builder exploits Windows shortcuts to deliver malicious payloads. Learn how it works and why traditional defenses struggle against it.

Cyber LNK Weaponizes Windows Shortcuts for Malware

Security Solutions

B 1500x1500 MKT1042p CSAM 2025 Open Graphs

Discover the eight advanced email threats that often bypass secure email gateways and learn how AI-native security stops these modern, behavior-based attacks.

Top 8 Alarming Anomalies That Are Evading Your SEG

Impact Solutions Cover pptx

Impact Solutions is the new phishing toolkit making advanced malware delivery accessible to any threat actor. Explore its evasion tactics and payload tricks.

Impact Solutions: The Point-and-Click Toolkit Democratizing Malware Delivery

B EDU Duo MFA Threat Intel Report Blog

A phishing campaign targeting higher education steals credentials and Duo OTPs to compromise accounts, exfiltrate data, and launch lateral attacks.

Attackers Steal Duo OTPs to Compromise Higher Ed Accounts

B Salesloft Drift Breach Blog

The Salesloft Drift breach exploited OAuth to compromise Salesforce data across 700+ orgs, exposing SaaS integration and posture management risks.

When Integrations Become Exploits: What the Salesloft Drift Breach Reveals

B Microsoft Direct Send Abuse

Threat actors are abusing Microsoft Direct Send to spoof internal emails. See why legacy defenses fail and how Abnormal prevents these attacks.

Microsoft Direct Send Abuse: Why Legacy Defenses Fall Short

Artificial Intelligence

B Anthropic Report Blog

Anthropic’s threat intelligence report reveals exploitation of Claude for AI-enabled attacks like vibe hacking. Learn why AI-native defenses are critical.

Vibe Hacking and AI-Enabled Threats: Lessons from Anthropic’s Report

B Screen Connect Abuse

Phishing attacks impersonate Zoom and Teams to deliver ScreenConnect, exploiting the legitimate IT tool for stealthy, persistent system access.

ScreenConnect Abuse Highlights the Risks of Trusted IT Tools

B Compromised Police Government Accounts

Cybercriminals are selling active .gov and .police accounts, enabling identity takeover, fraudulent subpoenas, and access to sensitive law enforcement systems.

The Dark Web Economy for Compromised Government and Police Email Accounts

B Regional VEC BEC Trends Blog

Author Elizbeth Swantek

Elizabeth Swantek

Regional analysis of 1,400+ organizations reveals how geography shapes email security risks. See which regions are most vulnerable to VEC vs BEC.

Global Email Threat Landscape: Eye-Opening VEC and BEC Engagement Trends by Region

Credential Phishing

B HTML and Java Script Phishing

Explore real phishing attacks that use HTML and JavaScript to bypass defenses and learn what makes these emails so hard to detect.

How HTML and JavaScript Fuel Modern Phishing: 3 Real-World Examples

B Custom Phishing Kits Blog

Brand-specific phishing kits are replacing generic templates. Learn how these custom phishing kits enable sophisticated impersonation attacks.

Custom Phishing Kits: How Cybercriminals Create Bespoke Brand Impersonation Attacks

Vendor Email Compromise

B Vendor Email Compromise Case Study Blog

See how a real vendor email compromise attack fooled multiple employees. Learn why VEC succeeds and how AI makes these threats more dangerous.

Thread Hijacked: Breaking Down a Real Vendor Email Compromise Attack

B Flux Panel Ecommerce Checkout Hijacking via Phishing

FluxPanel turns legitimate ecommerce checkouts into live data theft operations. Learn how this dark web tool works, the role phishing plays, and how to stop attacks at their source.

Inside FluxPanel: How Phishing Enables Real-Time Ecommerce Checkout Hijacks

Attack Stories

B Flask Phishing Kit

Learn how threat actors used Flask, a popular Python framework, to build a versatile phishing kit for evasive campaigns that bypass traditional defenses.

Flask Phishing Kit: Targeted Credential Theft Using Open-Source Technology

B VEC Employee Engagement Threat Report Blog 1

New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.

The Hidden Cost of Trust: New Data Reveals Alarming Employee Engagement with Vendor Email Compromise

B Evil Panel Blog

EvilPanel is a new phishing toolkit built on Evilginx that provides a full-featured web interface for launching MFA-bypassing attacks.

EvilPanel: The New Face of Automated AiTM Phishing

B Bypassing Safeguards in Leading AI Tools

Can generative AI be manipulated for cybercrime? Our research shows how attackers can bypass safeguards in today’s top AI tools.

Bypassing Safeguards in Leading AI Tools: ChatGPT, Gemini, Claude

Industry Research

B Verizon DBIR

Verizon's 2025 Data Breach Investigations Report reveals how attackers continue to exploit human behavior. Here’s what defenders need to know.

Verizon 2025 DBIR: Key Takeaways for Modern Email Security

B Byte Dance Live Panel Blog

With live session hijacking, OTP interception, and dynamic targeting, the ByteDance Live Panel phishing-as-a-service kit gives attackers the upper hand against traditional defenses.

ByteDance Live Panel: An Advanced Phishing-as-a-Service Kit with Real-Time Monitoring

B DKIM Replay Google Phishing Attack

Threat actors used DKIM replay to send Google-branded phishing emails that passed authentication checks. Here’s how the attack worked and why it’s hard to catch.

Replay, Reuse, and Rob: How Attackers Exploit DKIM and Turn Google OAuth Alerts into Phishing Lures

B Gamma Attack Story Blog

Attackers exploit Gamma in a multi-stage phishing attack using Cloudflare Turnstile and AiTM tactics to evade detection and steal Microsoft credentials.

Multi-Stage Phishing Attack Exploits Gamma, an AI-Powered Presentation Tool

B Exploiting Trusted AI Tools Blog

Malicious AI is rewriting the rules of cybercrime. Learn how traditional GPTs are being exploited and why security teams need to act now.

When Good GPTs Go Bad: How Trusted AI Tools Are Exploited for Attacks

B X Files Fileless Malware

Learn how XFiles uses fileless malware, Cloudflare Turnstile widgets, and phishing emails to steal login details, cryptocurrency wallets, and access to corporate systems.

XFiles: A Fileless Malware Delivered via Phishing Campaigns

B Atlantis AIO Blog

Discover how cybercriminals use Atlantis AIO to automate credential stuffing attacks—and how AI-driven security can stop them before accounts are compromised.

Inside Atlantis AIO: Credential Stuffing Across 140+ Platforms

B AI Generated Zoom Impersonation Phishing Attack

Threat actors impersonated Zoom using an AI-generated phishing page to deliver a remote monitoring and management tool.

AI-Generated Zoom Impersonation Attack Exploits Tax Season to Deploy Remote Desktop Tool

B Crypto Grab Blog

CryptoGrab, a global cryptocurrency affiliate network, has been defrauding users of millions for more than 5 years using phishing emails and other tactics.

Multi-Layered Cryptocurrency Fraud: How CryptoGrab Drains Millions Through Scam Websites and Phishing

B H1 2025 Email Threat Report Blog

Explore new research on how AI is amplifying the impact of BEC and VEC attacks and learn how to defend against these evolving email security threats.

New Research: AI’s Role in the Escalating Email Attack Landscape

B Exploiting Google Services Blog

Cybercriminals misuse Google services for phishing, ad hijacking, and more. Learn five attack methods and how to protect your accounts.

Protect Your Google Accounts: 5 Ways Cybercriminals Exploit Google Services

B Ghost GPT Blog

Cybercriminals use GhostGPT, an uncensored AI chatbot, for malware creation, BEC scams, and more. Learn about the risks and how AI fights back.

How GhostGPT Empowers Cybercriminals with Uncensored AI

B Weaponizing Google Translate for Phishing

Learn how attackers use Google Translate's URL redirection for phishing, exploiting Google’s trust to deceive users and bypass security.

How Threat Actors Weaponize Google Translate for Phishing

B Cyberattack Forecast Emerging Threats Blog

Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.

2025 Cyberattack Forecast: Top Email Threats to Watch for

B How Phishing Kits Work Blog

Learn how phishing kits provide pre-packaged tools for stealing credentials, bypassing MFA, and targeting platforms like Gmail and Microsoft 365.

How Phishing Kits Work: Unpacking Cybercriminal Tools in 2024

B Malicious AI Platforms Blog

What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.

What Happened to WormGPT and What Are Cybercriminals Using Now?

B Dropbox Open Enrollment Attack Blog

Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.

Adversary-in-the-Middle Tactics Elevate Dropbox Phishing Attack Capitalizing on Open Enrollment

B 2024 ISC2 Cybersecurity Workforce Study Recap

Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.

AI Skills Gaps and Workforce Shortages: Insights from the 2024 ISC2 Cybersecurity Workforce Study

Data & Trends

B H2 2024 BEC VEC Blog

Our H2 2024 Email Threat Report revealed the rates of business email compromise and vendor email compromise continue to increase. Learn more.

Threat Report: BEC and VEC Attacks Continue to Surge, Outpacing Legacy Solutions

B H2 2024 Threat Report Blog

Released today, our H2 2024 Email Threat Report spotlights sophisticated phishing attacks that exploit file-sharing platforms. Learn more.

File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

B IBM Cost of a Data Breach Report 2024 Recap

IBM's Cost of a Data Breach Report 2024 revealed a continued rise in breach costs and emphasized the role of AI and automation in reducing expenses and recovery time.

IBM Cost of a Data Breach Report: AI + Automation Key to Mitigating Impact

B Examining Employee Engagement with Email Attacks

Cybercriminals know that humans are your enterprise's biggest vulnerability and are successfully engaging with your employees at an alarming rate.

Open Season: Examining Employee Engagement with Email Attacks

B Q2 2024 Attacks

In the second installment of our quarterly look-back at malicious emails, we examine 5 more recent noteworthy attacks detected and stopped by Abnormal.

Email Threat Roundup: 5 Sophisticated Attacks Recently Stopped by Abnormal

B Europe Attack Data Blog

Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.

Email Security Threats in Europe: Insights into Attack Trends

B Verizon DBIR 2024

Verizon's 2024 Data Breach Investigations Report reveals the role of employees in creating opportunities for threat actors to infiltrate organizations.

Verizon 2024 DBIR: Employees Remain Weakest Link in Cybersecurity Chain

B 1500x1500 Adobe Acrobat Sign Attack Blog

Attackers attempt to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA and branded phishing pages.

Adobe Acrobat Sign Impersonators Use Customized Phishing Pages in Email Attacks

B QR Code Phishing Blog

QR code phishing is the newest iteration of phishing. Learn about the latest malicious initiative designed to evade organizational security measures and manipulate targets.

The Rise of QR Code Phishing Attacks: Exploring Quishing Threats

B Most Interesting Attacks Q1 2024

Take a look at five of the most unique and sophisticated email attacks recently detected and stopped by Abnormal.

The Most Interesting Email Attacks We've Caught in 2024 (So Far)

B Construction Professional Services QR Code Attacks

Abnormal data shows construction firms and professional service providers are up to 19.2 times and 18.5 times, respectively, more likely to receive QR code attacks than organizations in other industries.

Top QR Code Attack Targets: Construction and Professional Services

Business Email Compromise

B Threat Report BEC VEC Blog

Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.

Threat Report: BEC and VEC Attacks Show No Signs of Slowing

B 1500x1500 Quishing Stats Blog 02 05 24

Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.

C-Suite Under Fire: Data Shows Execs Receive 42x More QR Code Attacks

Company & Culture

B 1500x1500 Top Blogs of 2023 Blog v01

As 2023 comes to a close, we wanted to take a look back and highlight the top 10 articles published by Abnormal this year.

A Year in Cybersecurity: Abnormal's Top Blog Posts from 2023

CISO Insights

B Insights from Clemson University CISO

John Hoyt, CISO at Clemson University, shares his take on the unique cybersecurity challenges of higher education and how Abnormal Security can help.

Webinar Recap: 4 Insights from the Clemson University CISO

B Most Costly BEC Attack Examples

Losses from business email compromise (BEC) attacks are consistently increasing. Here are 11 examples of the most costly BEC attacks from the past decade.

11 Most Costly BEC Attack Examples of the Past 10 Years

B Phishing is Your Biggest Cybersecurity Problem

Phishing attacks are a much larger issue than many organizations realize. Here are 5 reasons why you need to make preventing phishing a priority.

5 Reasons Phishing is Your Biggest Cybersecurity Problem

B Q1 2023 in Review

We wanted to make sure that you have the opportunity to check out the most recent news and updates. Here are a few posts from the last quarter that you might have missed.

Q1 2023 in Review: 7 Must-Read Blog Posts from Abnormal

B Business Email Compromise Response

Knowing what to do after receiving a business email compromise attack is essential for preventing costly consequences. Learn how to respond to BEC attacks.

What to Do After Receiving a Business Email Compromise Attack

B SVB Closure Cybersecurity Threats

The Silicon Valley Bank (SVB) closure has created opportunities for threat actors to launch more convincing email attacks. Here's how to lower your risk.

Addressing Cybersecurity Threats Associated with the SVB Closure

B Common Social Engineering Attacks

Learn about the psychology behind social engineering attacks and the steps you can take to block these advanced email threats.

Defending Against Common Social Engineering Attacks

B Employees Engaging with Email Attacks

See just how convincing modern email attacks can be and how cybercriminals can leverage social engineering to trick employees with these two real attacks.

Real-World Examples of Employees Engaging with Email Attacks

B H1 2023 Threat Report Blog 1

The H1 2023 Email Threat Report examines the email threat environment and focuses on the growing risk that employees pose to cybersecurity.

28% of BEC Attacks Opened by Employees, New Data Shows

B 1500x1500 Top Blogs of 2022 Blog Post

We’re already hard at work creating more helpful content for 2023, but first we wanted to highlight a few of our popular blog posts from the past year.

2022 Content Review: Abnormal's Top 10 Blog Posts

B 09 30 22 CISO Q3 2022 in Review

To help ensure you have the opportunity to read the latest cybersecurity news and updates, we’ve compiled a few posts from the last quarter that you can use to improve security in your organization.

.css-bmf3w{font-family:inherit;font-size:15px;font-style:normal;font-weight:400;line-height:24px;}Abnormal Blog.css-7dny4u{-webkit-padding-start:12px;padding-inline-start:12px;-webkit-padding-end:12px;padding-inline-end:12px;display:inline;}/Author/Callie Baron

Callie Baron

Abnormal Blog/Author/Callie Baron