Topic

Threat Intel

Original research and frontline observations from Abnormal's threat intelligence team.

91 articles

Threat Intel

Ghost-Sender: Why Email Spoofing Still Works When Authentication Fails

Explore how Ghost-Sender abuses Microsoft Exchange Online mail-flow gaps to deliver spoofed messages despite SPF, DKIM, and DMARC failures.

Jun 12, 2026

Threat Intel

2026 Attack Landscape Report: BEC Shifts From Internal Impersonation to Vendor Exploitation

Research from Abnormal reveals that most BEC attacks involve impersonation of external third parties, not internal identities.

Jun 3, 2026

Threat Intel

Tycoon2FA Rebounds Post-Takedown with 6 Layers of Obfuscation

Twenty days after Europol seized 330 Tycoon2FA domains, a new campaign emerged with rebuilt infrastructure and six layers of obfuscation. Here's how it works.

May 6, 2026

Threat Intel

2026 Attack Landscape Report: Phishing Tactics Calibrate to Your Environment

Analysis of nearly 800,000 attacks shows how phishing techniques adapt to the workflows, defenses, and platforms of the organizations they target.

Apr 29, 2026

Threat Intel

2026 Attack Landscape Report: BEC Tactics Adapt to Your Operations

Nearly 800,000 attacks reveal how BEC tactics shift with operational characteristics. See which impersonation strategies target organizations like yours.

Apr 22, 2026

Threat Intel

AI Meets Voice Phishing: How ATHR Automates the Full TOAD Attack Chain

A cybercrime platform called ATHR uses AI vishing agents, credential harvesting panels, and built-in phishing mailers to execute and scale TOAD attacks.

Apr 16, 2026

Threat Intel

EvilTokens: Turning OAuth Device Codes into Full-Scale BEC Operations

A phishing-as-a-service platform is exploiting Microsoft’s Device Code OAuth flow at scale, then weaponizing stolen tokens with AI-powered email intelligence to automate business email compromise.

Apr 3, 2026

Threat Intel

Meet VENOM: The PhaaS Platform That Neutralizes MFA

A previously undocumented phishing platform is targeting CEOs and CFOs by name, exploiting live Microsoft authentication to establish persistent access.

Apr 2, 2026

Threat Intel

Tracking Iran-Aligned Cyber Operations Following U.S.-Israel Strikes

Iran-aligned groups are conducting cyber operations after strikes by the U.S. and Israel. Explore their tactics and how Abnormal can strengthen defenses.

Mar 24, 2026

Protect Against Evolving Email Threats

See how behavioral AI detects attacks that legacy defenses miss.

Request a Demo

Seguridad de identidad e IA

Plataforma

Recursos de productos

Soporte

Destacado

Liderazgo de pensamiento

Destacado

Empresa

Noticias y eventos

Destacado

Threat Intel

Ghost-Sender: Why Email Spoofing Still Works When Authentication Fails

2026 Attack Landscape Report: BEC Shifts From Internal Impersonation to Vendor Exploitation

Tycoon2FA Rebounds Post-Takedown with 6 Layers of Obfuscation

2026 Attack Landscape Report: Phishing Tactics Calibrate to Your Environment

2026 Attack Landscape Report: BEC Tactics Adapt to Your Operations

AI Meets Voice Phishing: How ATHR Automates the Full TOAD Attack Chain

EvilTokens: Turning OAuth Device Codes into Full-Scale BEC Operations

Meet VENOM: The PhaaS Platform That Neutralizes MFA

Tracking Iran-Aligned Cyber Operations Following U.S.-Israel Strikes

Protect Against Evolving Email Threats

Threat Intel

Ghost-Sender: Why Email Spoofing Still Works When Authentication Fails

2026 Attack Landscape Report: BEC Shifts From Internal Impersonation to Vendor Exploitation

Tycoon2FA Rebounds Post-Takedown with 6 Layers of Obfuscation

2026 Attack Landscape Report: Phishing Tactics Calibrate to Your Environment

2026 Attack Landscape Report: BEC Tactics Adapt to Your Operations

AI Meets Voice Phishing: How ATHR Automates the Full TOAD Attack Chain

EvilTokens: Turning OAuth Device Codes into Full-Scale BEC Operations

Meet VENOM: The PhaaS Platform That Neutralizes MFA

Tracking Iran-Aligned Cyber Operations Following U.S.-Israel Strikes

Protect Against Evolving Email Threats