News

Why QR Code Phishing Is Beating Employee Security Training

The FBI issued a public alert in January 2026 warning that North Korean state-sponsored hackers have been embedding malicious QR codes in spear-phishing emails to bypass corporate security controls and steal credentials from government agencies, universities, and think tanks. This technique, called quishing, is no longer a fringe attack method. QR code phishing emails surged […]

Why QR Code Phishing Is Beating Employee Security Training Read More »

Device Code Phishing Hits Microsoft 365: What to Know

News / POPP3R

A sophisticated phishing campaign is actively targeting Microsoft 365 accounts at more than 340 organizations across Canada, the United States, Australia, New Zealand, and Germany, using a technique called device code phishing to capture authentication tokens that persist even after a password reset. Security researchers first detected the attacks on February 19, 2026, and the

Device Code Phishing Hits Microsoft 365: What to Know Read More »

Device Code Phishing: The Attack MFA Can’t Stop

News / POPP3R

A new device code phishing attack campaign has compromised over 340 organizations across five countries, including Canada, since February 19, 2026, and the pace is accelerating. Researchers at Huntress, who published their analysis this week, found that multi-factor authentication provides no protection against this attack class. Employees who complete MFA challenges believe they are signing

Device Code Phishing: The Attack MFA Can’t Stop Read More »

Quishing: Why QR Code Phishing Needs a Training Response

News / POPP3R

A new variant of phishing is bypassing email filters, evading mobile defenses, and landing in employee inboxes with almost no friction. QR code phishing, known in the security industry as quishing, has grown at a pace that most security awareness training programs have not kept up with. If your team does not know how to

Quishing: Why QR Code Phishing Needs a Training Response Read More »

CIRO Breach: Financial Sector Phishing Attack Exposes 750K

News / POPP3R

A financial sector phishing attack on Canada’s investment regulator has exposed the sensitive data of 750,000 investors, including social insurance numbers, annual income figures, government-issued IDs, and detailed account statements. The Canadian Investment Regulatory Organization (CIRO) confirmed in January 2026 that a targeted email delivered in August 2025 gave an attacker unauthorized access to records

CIRO Breach: Financial Sector Phishing Attack Exposes 750K Read More »

Spear Phishing Beats DMARC as Identity Attacks Surge

News / POPP3R

Spear phishing attacks bypassed DMARC email authentication in 70 percent of cases detected last year, according to Darktrace’s newly released 2025 annual report. The figure is striking enough on its own. But the broader picture reveals something more unsettling: the technical filters most organizations rely on are being outpaced by attackers who have shifted their

Spear Phishing Beats DMARC as Identity Attacks Surge Read More »

Vishing Attack on One Employee Exposed 900,000 Records

News / POPP3R

When an identity protection company falls victim to a targeted phone scam, the lesson lands harder. On March 19, 2026, Aura confirmed that a vishing attack on one of its employees had exposed nearly 900,000 contact records. For security awareness training professionals and the teams they protect, the incident is not just another breach headline.

Vishing Attack on One Employee Exposed 900,000 Records Read More »

Why Email Urgency Is Now the Top Phishing Red Flag

News / POPP3R

For years, the advice was simple: check for typos, look for a suspicious sender address, and watch out for requests for sensitive information. But new research published this week signals a significant shift in how employees are identifying phishing threats. According to a KnowBe4 poll, the top email urgency phishing red flag today is not

Why Email Urgency Is Now the Top Phishing Red Flag Read More »

Supply Chain Credential Theft and the TELUS Breach

News / POPP3R

When TELUS Digital confirmed a cyberattack on March 12, 2026, the headline was about scale: nearly one petabyte of stolen data, a $65 million ransom demand, and one of Canada’s largest telecoms facing a months-long silent intrusion. But the detail security teams should focus on is how the attack started. The ShinyHunters group did not

Supply Chain Credential Theft and the TELUS Breach Read More »

Human Risk Management: Beyond Security Awareness Training

News / POPP3R

Nearly 70% of organizations believe their employees lack fundamental cybersecurity awareness, even at organizations that already run formal training programs. That finding, from Fortinet’s 2024 Security Awareness and Training Global Research Report, captures a frustration that many security leaders recognize immediately: completing a course is not the same as being prepared. In 2026, the industry’s

Human Risk Management: Beyond Security Awareness Training Read More »

Why QR Code Phishing Is Beating Employee Security Training

Device Code Phishing Hits Microsoft 365: What to Know

Device Code Phishing: The Attack MFA Can’t Stop

Quishing: Why QR Code Phishing Needs a Training Response

CIRO Breach: Financial Sector Phishing Attack Exposes 750K

Vishing Attack on One Employee Exposed 900,000 Records

Supply Chain Credential Theft and the TELUS Breach

Human Risk Management: Beyond Security Awareness Training

Quick Links

Services