phishing

Booking.com Breach Is a Social Engineering Defence Lesson

News /

Booking.com confirmed on April 13, 2026 that unauthorized parties accessed customer reservation data through a third-party compromise. The stolen information included names, email addresses, phone numbers, postal addresses, and messages guests had exchanged with hotels through the platform. Financial data was not exposed, but the immediate weaponization of that booking data in follow-up attacks tells […]

Booking.com Breach Is a Social Engineering Defence Lesson Read More »

Why Contextual Security Awareness Training Works Better

News /

A new integration announced this week between Dashlane and KnowBe4 points to a fundamental shift in how effective contextual security awareness training actually works. Rather than delivering training on a quarterly schedule, the two companies have built a system that triggers learning the moment a credential risk is detected in the browser. The announcement offers

Why Contextual Security Awareness Training Works Better Read More »

Tax Season Phishing: The Security Training Blind Spot

News /

Proofpoint researchers identified more than 100 malicious tax-themed phishing campaigns in early 2026, and Canadian organizations are among the primary targets. With April representing the peak filing period for most Canadians, attackers are exploiting the urgency, distraction, and financial stress that tax season reliably produces. Most organizations have not updated their security awareness training to

Tax Season Phishing: The Security Training Blind Spot Read More »

ClickFix: The Fake CAPTCHA That’s Tricking Employees

News /

A social engineering technique called ClickFix is now the leading way cybercriminals break into organizations, and it asks nothing more from victims than pressing three keys on a keyboard. According to Microsoft’s 2025 Digital Defense Report, ClickFix has become the number one initial access method, responsible for 47% of all attacks observed by Microsoft Defender

ClickFix: The Fake CAPTCHA That’s Tricking Employees Read More »

Device Code Phishing Hits Microsoft 365: What to Know

News /

A sophisticated phishing campaign is actively targeting Microsoft 365 accounts at more than 340 organizations across Canada, the United States, Australia, New Zealand, and Germany, using a technique called device code phishing to capture authentication tokens that persist even after a password reset. Security researchers first detected the attacks on February 19, 2026, and the

Device Code Phishing Hits Microsoft 365: What to Know Read More »

Device Code Phishing: The Attack MFA Can’t Stop

News /

A new device code phishing attack campaign has compromised over 340 organizations across five countries, including Canada, since February 19, 2026, and the pace is accelerating. Researchers at Huntress, who published their analysis this week, found that multi-factor authentication provides no protection against this attack class. Employees who complete MFA challenges believe they are signing

Device Code Phishing: The Attack MFA Can’t Stop Read More »

Why Phishing Simulations Are Failing Your Team in 2026

News /

Most organizations run phishing simulations a few times a year and feel reassured when pass rates look good. But new research from ISACA and findings from Gartner’s March 2026 Security and Risk Management Summit in Sydney paint a more troubling picture: the simulations themselves may be the problem. Outdated templates, unrealistic scenarios, and a compliance-first

Why Phishing Simulations Are Failing Your Team in 2026 Read More »

  • 100 Innovation Dr #441
    Winnipeg, MB R3T 6G2
    Canada
  • +1 204.202.3005
  • +1 844.5.POPP3R

Quick Links

Menu

Services

Menu