Abnormal Blog

A cybercrime platform called ATHR uses AI vishing agents, credential harvesting panels, and built-in phishing mailers to execute and scale TOAD attacks.

A phishing-as-a-service platform is exploiting Microsoft’s Device Code OAuth flow at scale, then weaponizing stolen tokens with AI-powered email intelligence to automate business email compromise.

A previously undocumented phishing platform is targeting CEOs and CFOs by name, exploiting live Microsoft authentication to establish persistent access.

Iran-aligned groups are conducting cyber operations after strikes by the U.S. and Israel. Explore their tactics and how Abnormal can strengthen defenses.

Behavioral models live or die on the signals they see. The next frontier uses AI to connect normal user behavior with attack behavior, sharpening detection with each event.

Go inside Starkiller's control panel to see how headless browsers and reverse proxies enable enterprise-grade phishing infrastructure with MFA bypass.

Learn how ShinyHunters uses hybrid vishing, credential harvesting, and MFA abuse to compromise SSO and pivot into SaaS environments.

Attackers are exploiting trust, identity, and routine workflows. Get an in-depth look at the tactics and techniques threat actors will be refining in 2026.

Real threat actors are using AI-powered tools like HTMLMIX to bypass email filters at scale. Here's how the tool works and how to defend against it.

Discover how the InboxPrime AI phishing kit automates scalable, believable email attacks and highlights the growing sophistication of AI-driven cybercrime.

Cyber LNK Builder exploits Windows shortcuts to deliver malicious payloads. Learn how it works and why traditional defenses struggle against it.

Impact Solutions is the new phishing toolkit making advanced malware delivery accessible to any threat actor. Explore its evasion tactics and payload tricks.

A phishing campaign targeting higher education steals credentials and Duo OTPs to compromise accounts, exfiltrate data, and launch lateral attacks.

The Salesloft Drift breach exploited OAuth to compromise Salesforce data across 700+ orgs, exposing SaaS integration and posture management risks.

Threat actors are abusing Microsoft Direct Send to spoof internal emails. See why legacy defenses fail and how Abnormal prevents these attacks.

Major Federal cyber breaches share one overlooked constant: email. This post presents five case studies revealing how attackers exploited the inbox through phishing, credential theft, and forged tokens—and why behavioral, identity-aware AI delivers the decisive advantage over legacy defenses.

Phishing attacks impersonate Zoom and Teams to deliver ScreenConnect, exploiting the legitimate IT tool for stealthy, persistent system access.

Cybercriminals are selling active .gov and .police accounts, enabling identity takeover, fraudulent subpoenas, and access to sensitive law enforcement systems.

A newly discovered zero-day is affecting on-prem SharePoint environments. Here’s what CISOs need to know.

New research reveals predictable seasonal cybersecurity patterns in retail. Discover when attacks are most prevalent and how to synchronize defenses with threat cycles.

Discover how multi-party attacks unfold and how to stop them before they cause damage to your organization.

Regional analysis of 1,400+ organizations reveals how geography shapes email security risks. See which regions are most vulnerable to VEC vs BEC.

Brand-specific phishing kits are replacing generic templates. Learn how these custom phishing kits enable sophisticated impersonation attacks.

See how a real vendor email compromise attack fooled multiple employees. Learn why VEC succeeds and how AI makes these threats more dangerous.