security awareness training

Device Code Phishing: The Attack MFA Can’t Stop

A new device code phishing attack campaign has compromised over 340 organizations across five countries, including Canada, since February 19, 2026, and the pace is accelerating. Researchers at Huntress, who published their analysis this week, found that multi-factor authentication provides no protection against this attack class. Employees who complete MFA challenges believe they are signing […]

Device Code Phishing: The Attack MFA Can’t Stop Read More »

Quishing: Why QR Code Phishing Needs a Training Response

News / POPP3R

A new variant of phishing is bypassing email filters, evading mobile defenses, and landing in employee inboxes with almost no friction. QR code phishing, known in the security industry as quishing, has grown at a pace that most security awareness training programs have not kept up with. If your team does not know how to

Quishing: Why QR Code Phishing Needs a Training Response Read More »

CIRO Breach: Financial Sector Phishing Attack Exposes 750K

News / POPP3R

A financial sector phishing attack on Canada’s investment regulator has exposed the sensitive data of 750,000 investors, including social insurance numbers, annual income figures, government-issued IDs, and detailed account statements. The Canadian Investment Regulatory Organization (CIRO) confirmed in January 2026 that a targeted email delivered in August 2025 gave an attacker unauthorized access to records

CIRO Breach: Financial Sector Phishing Attack Exposes 750K Read More »

Spear Phishing Beats DMARC as Identity Attacks Surge

News / POPP3R

Spear phishing attacks bypassed DMARC email authentication in 70 percent of cases detected last year, according to Darktrace’s newly released 2025 annual report. The figure is striking enough on its own. But the broader picture reveals something more unsettling: the technical filters most organizations rely on are being outpaced by attackers who have shifted their

Spear Phishing Beats DMARC as Identity Attacks Surge Read More »

Vishing Attack on One Employee Exposed 900,000 Records

News / POPP3R

When an identity protection company falls victim to a targeted phone scam, the lesson lands harder. On March 19, 2026, Aura confirmed that a vishing attack on one of its employees had exposed nearly 900,000 contact records. For security awareness training professionals and the teams they protect, the incident is not just another breach headline.

Vishing Attack on One Employee Exposed 900,000 Records Read More »

Why Email Urgency Is Now the Top Phishing Red Flag

News / POPP3R

For years, the advice was simple: check for typos, look for a suspicious sender address, and watch out for requests for sensitive information. But new research published this week signals a significant shift in how employees are identifying phishing threats. According to a KnowBe4 poll, the top email urgency phishing red flag today is not

Why Email Urgency Is Now the Top Phishing Red Flag Read More »

Supply Chain Credential Theft and the TELUS Breach

News / POPP3R

When TELUS Digital confirmed a cyberattack on March 12, 2026, the headline was about scale: nearly one petabyte of stolen data, a $65 million ransom demand, and one of Canada’s largest telecoms facing a months-long silent intrusion. But the detail security teams should focus on is how the attack started. The ShinyHunters group did not

Supply Chain Credential Theft and the TELUS Breach Read More »

Human Risk Management: Beyond Security Awareness Training

News / POPP3R

Nearly 70% of organizations believe their employees lack fundamental cybersecurity awareness, even at organizations that already run formal training programs. That finding, from Fortinet’s 2024 Security Awareness and Training Global Research Report, captures a frustration that many security leaders recognize immediately: completing a course is not the same as being prepared. In 2026, the industry’s

Human Risk Management: Beyond Security Awareness Training Read More »

Why Phishing Simulations Are Failing Your Team in 2026

News / POPP3R

Most organizations run phishing simulations a few times a year and feel reassured when pass rates look good. But new research from ISACA and findings from Gartner’s March 2026 Security and Risk Management Summit in Sydney paint a more troubling picture: the simulations themselves may be the problem. Outdated templates, unrealistic scenarios, and a compliance-first

Why Phishing Simulations Are Failing Your Team in 2026 Read More »

When Phishing Bypasses MFA: Lessons from Tycoon 2FA

News / POPP3R

On March 4, 2026, Microsoft, Europol, and a coalition of industry partners announced the disruption of Tycoon 2FA, one of the most prolific phishing-as-a-service platforms ever documented. The takedown is a meaningful win for defenders, but the story it tells about how phishing bypasses MFA should be required reading for anyone building a security awareness

When Phishing Bypasses MFA: Lessons from Tycoon 2FA Read More »

Device Code Phishing: The Attack MFA Can’t Stop

Quishing: Why QR Code Phishing Needs a Training Response

CIRO Breach: Financial Sector Phishing Attack Exposes 750K

Vishing Attack on One Employee Exposed 900,000 Records

Supply Chain Credential Theft and the TELUS Breach

Human Risk Management: Beyond Security Awareness Training

Why Phishing Simulations Are Failing Your Team in 2026

When Phishing Bypasses MFA: Lessons from Tycoon 2FA

Quick Links

Services