Abnormal Blog

Go inside Starkiller's control panel to see how headless browsers and reverse proxies enable enterprise-grade phishing infrastructure with MFA bypass.

Learn how ShinyHunters uses hybrid vishing, credential harvesting, and MFA abuse to compromise SSO and pivot into SaaS environments.

Attackers are exploiting trust, identity, and routine workflows. Get an in-depth look at the tactics and techniques threat actors will be refining in 2026.

Real threat actors are using AI-powered tools like HTMLMIX to bypass email filters at scale. Here's how the tool works and how to defend against it.

Discover how the InboxPrime AI phishing kit automates scalable, believable email attacks and highlights the growing sophistication of AI-driven cybercrime.

Cyber LNK Builder exploits Windows shortcuts to deliver malicious payloads. Learn how it works and why traditional defenses struggle against it.

Impact Solutions is the new phishing toolkit making advanced malware delivery accessible to any threat actor. Explore its evasion tactics and payload tricks.

A phishing campaign targeting higher education steals credentials and Duo OTPs to compromise accounts, exfiltrate data, and launch lateral attacks.

The Salesloft Drift breach exploited OAuth to compromise Salesforce data across 700+ orgs, exposing SaaS integration and posture management risks.

Threat actors are abusing Microsoft Direct Send to spoof internal emails. See why legacy defenses fail and how Abnormal prevents these attacks.

Major Federal cyber breaches share one overlooked constant: email. This post presents five case studies revealing how attackers exploited the inbox through phishing, credential theft, and forged tokens—and why behavioral, identity-aware AI delivers the decisive advantage over legacy defenses.

Phishing attacks impersonate Zoom and Teams to deliver ScreenConnect, exploiting the legitimate IT tool for stealthy, persistent system access.

Cybercriminals are selling active .gov and .police accounts, enabling identity takeover, fraudulent subpoenas, and access to sensitive law enforcement systems.

A newly discovered zero-day is affecting on-prem SharePoint environments. Here’s what CISOs need to know.

New research reveals predictable seasonal cybersecurity patterns in retail. Discover when attacks are most prevalent and how to synchronize defenses with threat cycles.

Discover how multi-party attacks unfold and how to stop them before they cause damage to your organization.

Regional analysis of 1,400+ organizations reveals how geography shapes email security risks. See which regions are most vulnerable to VEC vs BEC.

Brand-specific phishing kits are replacing generic templates. Learn how these custom phishing kits enable sophisticated impersonation attacks.

See how a real vendor email compromise attack fooled multiple employees. Learn why VEC succeeds and how AI makes these threats more dangerous.

FluxPanel turns legitimate ecommerce checkouts into live data theft operations. Learn how this dark web tool works, the role phishing plays, and how to stop attacks at their source.

Learn how threat actors used Flask, a popular Python framework, to build a versatile phishing kit for evasive campaigns that bypass traditional defenses.

New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.

Email bombing turns trusted sources into a smokescreen, flooding inboxes to distract users and hide follow-up threats.

EvilPanel is a new phishing toolkit built on Evilginx that provides a full-featured web interface for launching MFA-bypassing attacks.