Topic

Attack Stories

Anatomies of real attacks Abnormal stopped — what attackers tried, what tipped us off.

51 articles

Attack Stories

System Notification Abuse: How Attackers Force Microsoft to Send Phishing Emails

Attackers exploit Microsoft Entra ID to inject malicious messages into legitimate system emails, bypassing authentication and deceiving users.

Jan 29, 2026

Attack Stories

Security Superlatives: 2025’s Phishiest Attacks and Boldest Offenders

Explore 2025’s most sophisticated phishing attacks—from DKIM replay to OAuth abuse and vendor impersonation—and how Abnormal’s behavioral AI stops them.

Dec 9, 2025

Attack Stories

Fake Microsoft Teams Meeting Invite Used to Deploy Malicious OAuth App

Attackers impersonated Microsoft Teams meeting invites to trick users into authorizing a malicious OAuth app, granting persistent access to Microsoft 365 data.

Nov 13, 2025

Attack Stories

College Athletics Under Email Attack: How Bad Actors Are Targeting the Sidelines

College athletic programs are prime targets for email attacks. Learn how threat actors exploit them—and how Abnormal AI stops attacks before they spread.

Jul 28, 2025

Attack Stories

Flask Phishing Kit: Targeted Credential Theft Using Open-Source Technology

Learn how threat actors used Flask, a popular Python framework, to build a versatile phishing kit for evasive campaigns that bypass traditional defenses.

Jun 10, 2025

Attack Stories

Multi-Stage Phishing Attack Exploits Gamma, an AI-Powered Presentation Tool

Attackers exploit Gamma in a multi-stage phishing attack using Cloudflare Turnstile and AiTM tactics to evade detection and steal Microsoft credentials.

Apr 15, 2025

Attack Stories

Hiding in Plain Sight: How Attackers Use PDF Annotations to Mask Malicious QR Codes

Attackers are exploiting PDF annotations to disguise phishing QR codes, bypassing security and deceiving users. Learn how this sophisticated threat works.

Mar 4, 2025

Attack Stories

That Word Document Isn’t Broken—It’s a Phishing Attack in Disguise

Attackers exploit Microsoft Word’s file recovery to evade detection, using corrupted docs for QR code phishing. Learn how this tactic bypasses legacy security.

Feb 13, 2025

Attack Stories

When SEGs Fail: Attackers Exploit Vendor Relationships for Credential Phishing

Discover how attackers exploit vendor relationships for credential phishing and how Abnormal Security’s AI-driven defense stops these attacks in real time, preventing account takeovers and minimizing risk.

Jan 29, 2025

Protect Against Evolving Email Threats

See how behavioral AI detects attacks that legacy defenses miss.

Request a Demo

Seguridad de identidad e IA

Plataforma

Recursos de productos

Soporte

Destacado

Liderazgo de pensamiento

Destacado

Empresa

Noticias y eventos

Destacado

Attack Stories

System Notification Abuse: How Attackers Force Microsoft to Send Phishing Emails

Security Superlatives: 2025’s Phishiest Attacks and Boldest Offenders

Fake Microsoft Teams Meeting Invite Used to Deploy Malicious OAuth App

College Athletics Under Email Attack: How Bad Actors Are Targeting the Sidelines

Flask Phishing Kit: Targeted Credential Theft Using Open-Source Technology

Multi-Stage Phishing Attack Exploits Gamma, an AI-Powered Presentation Tool

Hiding in Plain Sight: How Attackers Use PDF Annotations to Mask Malicious QR Codes

That Word Document Isn’t Broken—It’s a Phishing Attack in Disguise

When SEGs Fail: Attackers Exploit Vendor Relationships for Credential Phishing

Protect Against Evolving Email Threats

Attack Stories

System Notification Abuse: How Attackers Force Microsoft to Send Phishing Emails

Security Superlatives: 2025’s Phishiest Attacks and Boldest Offenders

Fake Microsoft Teams Meeting Invite Used to Deploy Malicious OAuth App

College Athletics Under Email Attack: How Bad Actors Are Targeting the Sidelines

Flask Phishing Kit: Targeted Credential Theft Using Open-Source Technology

Multi-Stage Phishing Attack Exploits Gamma, an AI-Powered Presentation Tool

Hiding in Plain Sight: How Attackers Use PDF Annotations to Mask Malicious QR Codes

That Word Document Isn’t Broken—It’s a Phishing Attack in Disguise

When SEGs Fail: Attackers Exploit Vendor Relationships for Credential Phishing

Protect Against Evolving Email Threats