Push Security Launches Malicious Browser Extension Blocking to Stop Emerging Extension-Based Attacks

New wave of AiTM phishing targets TikTok for business

New campaign targets TikTok for Business accounts

TikTok for Business accounts targeted in phishing campaign — here's how to stay safe

Hackers are hijacking TikTok business accounts to steal credentials in real time

AitM phishing targets TikTok business accounts using Cloudflare turnstile evasion

TikTok for Business accounts targeted in new phishing campaign

Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference

ClickFix campaigns spread MacSync macOS infostealer via fake AI tool installers

Brief #146: InstallFix targets Claude code users

Fake Claude Code install pages highlight rise of “InstallFix” attacks

Fake Claude code install pages spread infostealer malware

"Install‑Fix” malvertising exploits copy‑paste commands, stealing developer credentials

Amatera infostealer deployed via phony Claude Code guides

'InstallFix' attacks spread fake Claude code sites

This scam impersonates the official Claude code website to spread malware

Cloned AI tool sites distribute malware in ‘InstallFix’ campaign

Fake Claude Code install pages highlight rise of “InstallFix” attacks

Phony Claude Code install guides trick vibe coders into installing malware

Push Security adds malicious browser extension detection to block threats in employee browsers

Fake Claude Code install guides push infostealers in InstallFix attacks

Push Security Launches Malicious Browser Extension Blocking to Stop Emerging Extension-Based Attacks

Sneaky 2FA attack reveals fake Windows stealing passwords from users

ConsentFix debrief: Insights from the new OAuth phishing attack

Browser-in-the-Browser phishing is on the rise: Here’s how to spot it

Cyber scams on the rise: How to avoid getting phished by hackers

Phishing scams becoming prevalent on LinkedIn: How to spot them

Push Security detects and blocks malicious copy-and-paste activity

The unholy combination of OAuth consent phishing, social engineering and Azure CLI

Push Security Launches Malicious Copy-and-Paste Detection to Stop ClickFix Attacks in the Browser

Azure CLI trust abused in ConsentFix account takeovers

Shut down and restart—New Microsoft attack beats passwords, 2FA and passkeys

2025’s Top phishing trends and what they mean for your security strategy

ConsentFix, a new twist on ClickFix

Hacking endpoint to identity (Microsoft 365): "ConsentFix"

New ConsentFix attack let attackers hijack Microsoft accounts by leveraging Azure CLI

ConsentFix attack lets hackers hijack Microsoft accounts via Azure CLI abuse

Microsoft account takeovers eased by new ConsentFix attack

ConsentFix attack

Meet ConsentFix, a new twist on the ClickFix phishing attack

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack

Calendly emails impersonate major brands in new credential theft scheme

Hackers using Calendly-themed phishing attack to steal Google Workspace account

Ongoing Calendly phishing scheme impersonates major brands

New Calendly-inspired phishing attack aims to steal Google Workspace credentials

Fake Calendly invites spoof top brands to hijack ad manager accounts

Sneaky2FA phishing tool adds ability to insert legit-looking URLs

BitB integrated into updated Sneaky 2FA PhaaS kit

Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack

New phishing kit using BitB technique targets Microsoft accounts to steal credentials via Sneaky 2FA attack

New Sneaky 2FA phishing kit with BitB technique attacking users to steal Microsoft account credentials

Sneaky 2FA phishing kit adds BitB pop-ups designed to mimic the browser address bar

5 Reasons Why Attackers Are Phishing Over LinkedIn

ClickFix may be the biggest security threat your family has never heard of

5 reasons why attackers are phishing over LinkedIn

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Experts warn ClickFix malware attacks are back, and more dangerous than ever before - here's how to stay safe

ClickFix attacks against macOS users evolving

ClickFix malware evolves with multi-OS support and video tutorials

New ClickFix attacks feature ‘self-infection’ videos

ClickFix attacks evolved with weaponized videos that tricks users via self-infection process

Sophisticated ClickFix campaign targets Mac users

Arrests, cybercrime, and threat intel

Attackers upgrade ClickFix with tricks used by online stores

ClickFix attacks just got a major upgrade to trick you into infecting your computer with malware — don't fall for this

ClickFix malware attacks evolve with multi-OS support, video tutorials

Hackers abuse LinkedIn to target finance executives

Hackers exploiting LinkedIn DMs in major phishing campaign

LinkedIn phishers target executives with fake board invitations

LinkedIn DM attack warning — what users need to know

New LinkedIn phishing campaign targets finance executives

New LinkedIn phishing scam targets executives with fake board positions

Push Security and GuidePoint partner to deliver browser-based detection and response

LinkedIn phishing targets finance execs with fake board invites

Push Security Identifies Surge in Sophisticated LinkedIn-based Phishing Campaigns

Push Security & GuidePoint Security announce partnership

Push Security and GuidePoint Security Announce Strategic Partnership to Bring Browser-Based Defense to Customers

Analysing ClickFix: 3 reasons why copy/paste attacks are driving security breaches

Fighting identity attacks. Push Security secures $30M in funding.

Hackers are trying to scam tech bosses through LinkedIn

Who is Scattered Spider? Crypto.com breach and major London cyber attacks the result of crime network

New targeted phishing attack trends with Adam Bateman of Push Security

6 browser-based attacks security teams need to prepare for right now

Changes in the channel: Push Security names Mark Orlando as Field CTO

Push Security appointed new Field CTO Mark Orlando

Is the browser becoming the new endpoint?

Push Security Welcomes Veteran Cybersecurity Leader and SANS Instructor Mark Orlando as Field CTO

Bleeping Computer: 6 browser-based attacks all security teams should be ready for in 2025

Attackers abuse Velociraptor forensic tool to deploy visual studio code for C2 tunneling

Black Hat ignites under Vegas lights

Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe

Hackers are looking to steal Microsoft logins using some devious new tricks

Hackers have figured out a new way to steal Microsoft logins

Hackers exploit Microsoft ADFS with office.com redirects

Microsoft 365 logins pilfered via ADFS-exploiting phishing campaign

New Campaign Uses Active Directory Federation Services to Steal M365 Credentials

Hackers weaponize Active Directory Federation Services and office.com to steal Microsoft 365 logins

Hackers steal Microsoft logins using legitimate ADFS redirects

Why the browser is becoming a prime security battleground

Risky Business News: Phishers get creative using ADFS to phish office.com links

Push Security introduces Phishing Detection Evasion Techniques matrix

Push Security Launches Phishing Detection Evasion Techniques Matrix to Help Security Teams Pinpoint Detection Gaps

A U.S. cybercrime group is targeting banks and credit unions

How attackers are still phishing "phishing-resistant" authentication

The Hacker News: How the Browser Became the Main Cyber Battleground

Bleeping Computer: 3 key takeaways from the Scattered Spider attacks on insurance firms

Risky Business News: Phishing crews have gotten really good at evasion

Push Security Launches Global Partner Program to Accelerate its Channel Go-To-Market Strategy

Push Security Secures $30 Million Series B Funding Led by Redpoint Ventures to Fight the Rising Tide of Identity Attacks

Push Security Welcomes Former Bugcrowd Marketing Leader as Chief Marketing Officer

Push Security Recognized as a Rising Star for ITDR by KuppingerCole Analysts

Push Security Transforms Threat Intelligence Analysis With New Verified Stolen Credentials Detection Capability

Former CrowdStrike Sales Leader Joins Push Security as Chief Revenue Officer

New Security Alert from Push Security: Cross-IDP Impersonation Threatens SSO Security to Gain Unauthorized Access to Downstream Apps

Push Security Raises $15M and Launches New Visibility and Employee-Powered Tools to Help Enterprises Scale SaaS Security

Push Security Announces $4M Seed Round to Introduce User-Centric Approach to Securing SaaS