After NL Health Services apologized for a phishing simulation that promised health-care workers an extra paid day off, security teams should revisit how to make awareness training effective without making employees feel punished.
The Verizon 2026 DBIR confirms that people remain central to breach risk, but attackers are no longer relying on email alone. Security awareness programs need to evolve from annual training and basic phishing tests into continuous, behavior-based human risk management.
AI is transforming phishing into highly sophisticated, multi-step attacks at scale. Learn why human behavior is now the primary cybersecurity risk—and how organizations can adapt.
PhishingBox now integrates with Cornerstone, allowing organizations to sync LMS users and streamline security awareness training with manual and automated enrollment workflows.
Credential theft and social engineering attacks are scaling rapidly. Discover the latest threats and how to strengthen your human firewall against modern phishing.
Explore the latest phishing threats, including MFA bypass kits, fake CAPTCHA malware, and AI-driven scams, and how organizations can reduce social engineering risk.
Social engineering is accelerating in 2026, with attackers shifting from malware to manipulating people through voice calls, phishing emails, and AI-powered deception. From enterprise vishing campaigns stealing SSO and MFA credentials to global cyberespionage operations and large-scale breaches triggered by a single employee interaction, trust exploitation remains the primary entry point. As emerging economies and cloud-driven organizations expand their digital footprint, identity deception, impersonation, and voice-based attacks are becoming dominant threats—proving that the human element is still the most targeted vulnerability in cybersecurity.
Deep dive into password manager phishing campaigns targeting LastPass, 1Password, and Bitwarden, including MFA bypass tactics and modern mitigation strategies.
A breakdown of 2026’s top social engineering threats, including phishing, vishing, AiTM attacks, and credential exposure—and how to reduce risk.
