Abnormal Blog

Discover the eight advanced email threats that often bypass secure email gateways and learn how AI-native security stops these modern, behavior-based attacks.

Impact Solutions is the new phishing toolkit making advanced malware delivery accessible to any threat actor. Explore its evasion tactics and payload tricks.

A phishing campaign targeting higher education steals credentials and Duo OTPs to compromise accounts, exfiltrate data, and launch lateral attacks.

The Salesloft Drift breach exploited OAuth to compromise Salesforce data across 700+ orgs, exposing SaaS integration and posture management risks.

Threat actors are abusing Microsoft Direct Send to spoof internal emails. See why legacy defenses fail and how Abnormal prevents these attacks.

Major Federal cyber breaches share one overlooked constant: email. This post presents five case studies revealing how attackers exploited the inbox through phishing, credential theft, and forged tokens—and why behavioral, identity-aware AI delivers the decisive advantage over legacy defenses.

Phishing attacks impersonate Zoom and Teams to deliver ScreenConnect, exploiting the legitimate IT tool for stealthy, persistent system access.

Cybercriminals are selling active .gov and .police accounts, enabling identity takeover, fraudulent subpoenas, and access to sensitive law enforcement systems.

A newly discovered zero-day is affecting on-prem SharePoint environments. Here’s what CISOs need to know.

New research reveals predictable seasonal cybersecurity patterns in retail. Discover when attacks are most prevalent and how to synchronize defenses with threat cycles.

Discover how multi-party attacks unfold and how to stop them before they cause damage to your organization.

Regional analysis of 1,400+ organizations reveals how geography shapes email security risks. See which regions are most vulnerable to VEC vs BEC.

Brand-specific phishing kits are replacing generic templates. Learn how these custom phishing kits enable sophisticated impersonation attacks.

See how a real vendor email compromise attack fooled multiple employees. Learn why VEC succeeds and how AI makes these threats more dangerous.

FluxPanel turns legitimate ecommerce checkouts into live data theft operations. Learn how this dark web tool works, the role phishing plays, and how to stop attacks at their source.

Learn how threat actors used Flask, a popular Python framework, to build a versatile phishing kit for evasive campaigns that bypass traditional defenses.

New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.

Email bombing turns trusted sources into a smokescreen, flooding inboxes to distract users and hide follow-up threats.

EvilPanel is a new phishing toolkit built on Evilginx that provides a full-featured web interface for launching MFA-bypassing attacks.

With live session hijacking, OTP interception, and dynamic targeting, the ByteDance Live Panel phishing-as-a-service kit gives attackers the upper hand against traditional defenses.

Threat actors used DKIM replay to send Google-branded phishing emails that passed authentication checks. Here’s how the attack worked and why it’s hard to catch.

Learn about pig butchering fraud, a new threat to organizational security. Explore operational tactics, warning signs, and strategies to safeguard your business.

Learn how XFiles uses fileless malware, Cloudflare Turnstile widgets, and phishing emails to steal login details, cryptocurrency wallets, and access to corporate systems.

Discover how cybercriminals use Atlantis AIO to automate credential stuffing attacks—and how AI-driven security can stop them before accounts are compromised.