human risk management

Payroll Pirates Reveal Canada’s Human Risk Gap

On April 9, 2026, Microsoft’s security researchers published their investigation into Storm-2755, a financially motivated threat actor running what they are calling “payroll pirate” attacks against Canadian employees. The campaign does not rely on malware, ransomware, or headline-grabbing intrusions. It relies on two things that are already inside your organization: a staff member who Googled […]

Payroll Pirates Reveal Canada’s Human Risk Gap Read More »

Why Contextual Security Awareness Training Works Better

News / POPP3R

A new integration announced this week between Dashlane and KnowBe4 points to a fundamental shift in how effective contextual security awareness training actually works. Rather than delivering training on a quarterly schedule, the two companies have built a system that triggers learning the moment a credential risk is detected in the browser. The announcement offers

Why Contextual Security Awareness Training Works Better Read More »

AI Voice Cloning Phishing: What Security Training Misses

News / POPP3R

Picture this: your company’s CFO calls your finance manager to approve an urgent wire transfer before end of day. The voice is familiar, the cadence right, even the slight impatience is typical of how she sounds under deadline pressure. The call is also completely fake. AI voice cloning phishing attacks have matured to the point

AI Voice Cloning Phishing: What Security Training Misses Read More »

Quishing: Why QR Code Phishing Needs a Training Response

News / POPP3R

A new variant of phishing is bypassing email filters, evading mobile defenses, and landing in employee inboxes with almost no friction. QR code phishing, known in the security industry as quishing, has grown at a pace that most security awareness training programs have not kept up with. If your team does not know how to

Quishing: Why QR Code Phishing Needs a Training Response Read More »

Human Risk Management: Beyond Security Awareness Training

News / POPP3R

Nearly 70% of organizations believe their employees lack fundamental cybersecurity awareness, even at organizations that already run formal training programs. That finding, from Fortinet’s 2024 Security Awareness and Training Global Research Report, captures a frustration that many security leaders recognize immediately: completing a course is not the same as being prepared. In 2026, the industry’s

Human Risk Management: Beyond Security Awareness Training Read More »

Why Phishing Simulations Are Failing Your Team in 2026

News / POPP3R

Most organizations run phishing simulations a few times a year and feel reassured when pass rates look good. But new research from ISACA and findings from Gartner’s March 2026 Security and Risk Management Summit in Sydney paint a more troubling picture: the simulations themselves may be the problem. Outdated templates, unrealistic scenarios, and a compliance-first

Why Phishing Simulations Are Failing Your Team in 2026 Read More »

When Phishing Bypasses MFA: Lessons from Tycoon 2FA

News / POPP3R

On March 4, 2026, Microsoft, Europol, and a coalition of industry partners announced the disruption of Tycoon 2FA, one of the most prolific phishing-as-a-service platforms ever documented. The takedown is a meaningful win for defenders, but the story it tells about how phishing bypasses MFA should be required reading for anyone building a security awareness

When Phishing Bypasses MFA: Lessons from Tycoon 2FA Read More »

Why Contextual Security Awareness Training Works Better

AI Voice Cloning Phishing: What Security Training Misses

Quishing: Why QR Code Phishing Needs a Training Response

Human Risk Management: Beyond Security Awareness Training

Why Phishing Simulations Are Failing Your Team in 2026

When Phishing Bypasses MFA: Lessons from Tycoon 2FA

Retail Data Breach: Phishing Awareness Training Gap

Quick Links

Services