Push Security Launches Malicious Copy-and-Paste Detection to Stop ClickFix Attacks in the Browser

The unholy combination of OAuth consent phishing, social engineering and Azure CLI

Push Security Launches Malicious Copy-and-Paste Detection to Stop ClickFix Attacks in the Browser

Azure CLI trust abused in ConsentFix account takeovers

Shut down and restart—New Microsoft attack beats passwords, 2FA and passkeys

2025’s Top phishing trends and what they mean for your security strategy

ConsentFix, a new twist on ClickFix

Hacking endpoint to identity (Microsoft 365): "ConsentFix"

New ConsentFix attack let attackers hijack Microsoft accounts by leveraging Azure CLI

ConsentFix attack lets hackers hijack Microsoft accounts via Azure CLI abuse

Microsoft account takeovers eased by new ConsentFix attack

ConsentFix attack

Meet ConsentFix, a new twist on the ClickFix phishing attack

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack

Calendly emails impersonate major brands in new credential theft scheme

Hackers using Calendly-themed phishing attack to steal Google Workspace account

Ongoing Calendly phishing scheme impersonates major brands

New Calendly-inspired phishing attack aims to steal Google Workspace credentials

Fake Calendly invites spoof top brands to hijack ad manager accounts

Sneaky2FA phishing tool adds ability to insert legit-looking URLs

BitB integrated into updated Sneaky 2FA PhaaS kit

Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack

New phishing kit using BitB technique targets Microsoft accounts to steal credentials via Sneaky 2FA attack

New Sneaky 2FA phishing kit with BitB technique attacking users to steal Microsoft account credentials

Sneaky 2FA phishing kit adds BitB pop-ups designed to mimic the browser address bar

5 Reasons Why Attackers Are Phishing Over LinkedIn

ClickFix may be the biggest security threat your family has never heard of

5 reasons why attackers are phishing over LinkedIn

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Experts warn ClickFix malware attacks are back, and more dangerous than ever before - here's how to stay safe

ClickFix attacks against macOS users evolving

ClickFix malware evolves with multi-OS support and video tutorials

New ClickFix attacks feature ‘self-infection’ videos

ClickFix attacks evolved with weaponized videos that tricks users via self-infection process

Sophisticated ClickFix campaign targets Mac users

Arrests, cybercrime, and threat intel

Attackers upgrade ClickFix with tricks used by online stores

ClickFix attacks just got a major upgrade to trick you into infecting your computer with malware — don't fall for this

ClickFix malware attacks evolve with multi-OS support, video tutorials

Hackers abuse LinkedIn to target finance executives

Hackers exploiting LinkedIn DMs in major phishing campaign

LinkedIn phishers target executives with fake board invitations

LinkedIn DM attack warning — what users need to know

New LinkedIn phishing campaign targets finance executives

New LinkedIn phishing scam targets executives with fake board positions

Push Security and GuidePoint partner to deliver browser-based detection and response

LinkedIn phishing targets finance execs with fake board invites

Push Security Identifies Surge in Sophisticated LinkedIn-based Phishing Campaigns

Push Security & GuidePoint Security announce partnership

Push Security and GuidePoint Security Announce Strategic Partnership to Bring Browser-Based Defense to Customers

Analysing ClickFix: 3 reasons why copy/paste attacks are driving security breaches

Fighting identity attacks. Push Security secures $30M in funding.

Hackers are trying to scam tech bosses through LinkedIn

Who is Scattered Spider? Crypto.com breach and major London cyber attacks the result of crime network

New targeted phishing attack trends with Adam Bateman of Push Security

6 browser-based attacks security teams need to prepare for right now

Changes in the channel: Push Security names Mark Orlando as Field CTO

Push Security appointed new Field CTO Mark Orlando

Is the browser becoming the new endpoint?

Push Security Welcomes Veteran Cybersecurity Leader and SANS Instructor Mark Orlando as Field CTO

Bleeping Computer: 6 browser-based attacks all security teams should be ready for in 2025

Attackers abuse Velociraptor forensic tool to deploy visual studio code for C2 tunneling

Black Hat ignites under Vegas lights

Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe

Hackers are looking to steal Microsoft logins using some devious new tricks

Hackers have figured out a new way to steal Microsoft logins

Hackers exploit Microsoft ADFS with office.com redirects

Microsoft 365 logins pilfered via ADFS-exploiting phishing campaign

New Campaign Uses Active Directory Federation Services to Steal M365 Credentials

Hackers weaponize Active Directory Federation Services and office.com to steal Microsoft 365 logins

Hackers steal Microsoft logins using legitimate ADFS redirects

Why the browser is becoming a prime security battleground

Risky Business News: Phishers get creative using ADFS to phish office.com links

Push Security introduces Phishing Detection Evasion Techniques matrix

Push Security Launches Phishing Detection Evasion Techniques Matrix to Help Security Teams Pinpoint Detection Gaps

A U.S. cybercrime group is targeting banks and credit unions

How attackers are still phishing "phishing-resistant" authentication

The Hacker News: How the Browser Became the Main Cyber Battleground

Bleeping Computer: 3 key takeaways from the Scattered Spider attacks on insurance firms

Push Security: Five months to ‘partner-first, partner-only’

Risky Business News: Phishing crews have gotten really good at evasion

Bleeping Computer: Scattered Spider — Three things the news doesn’t tell you

The Hacker News: Defending your organization from help desk dcams

Photos: Infosecurity Europe 2025

Blurring lines between Scattered Spider & Russian cybercrime

Push launches global advisor network for identity security

Push Security debuts global partner program to address identity-driven threats

Push Security rolls out first global partner program

Push Security to launch global partner program

Push Security Launches Global Partner Program to Accelerate its Channel Go-To-Market Strategy

Dynamic DNS emerges as go-to cyberattack facilitator

RSAC 2025 Conference: Identity security highlights

Push Security: $30 million series B raised for detecting modern identity attacks in the browser

New money: Push Security grabbed $30 million in Series B

Push Security Secures $30 Million series B funding led by Redpoint Ventures

Push Security raises $30 million in Series B funding

Push Security raises $30M to expand browser-based identity threat detection

Push Security Secures $30 Million Series B Funding Led by Redpoint Ventures to Fight the Rising Tide of Identity Attacks

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

Phishing detection is broken: Why most attacks feel like a zero-day

Push Security appoints new CMO Chris Tilton

Push Security Welcomes Former Bugcrowd Marketing Leader as Chief Marketing Officer

Data security and identity security themes at RSAC 2025

Why it's time for phishing prevention to move beyond email

How New AI Agents Will Transform Credential Stuffing Attacks

Push Security Recognized as a Rising Star for ITDR by KuppingerCole Analysts

Balancing usability and security in the fight against identity-based attacks

The $10 cyber threat responsible for the biggest breaches of 2024

Push Security Transforms Threat Intelligence Analysis With New Verified Stolen Credentials Detection Capability

Push Security introduces verified stolen credentials detection capability

Former CrowdStrike Sales Leader Joins Push Security as Chief Revenue Officer

Push Security alert: Cross-IdP threat risks SSO apps

New Security Alert from Push Security: Cross-IDP Impersonation Threatens SSO Security to Gain Unauthorized Access to Downstream Apps

Push Security Raises $15M and Launches New Visibility and Employee-Powered Tools to Help Enterprises Scale SaaS Security

Push Security Announces $4M Seed Round to Introduce User-Centric Approach to Securing SaaS