- 3 min read
No Password Required: The Kali365 Phishing Kit Hijacking Microsoft 365 Accounts
The FBI is warning about Kali365, a subscription phishing kit that steals Microsoft 365 access without ever touching your password — and walks right past MFA. Here's how the trick works and the one setting that blocks it.
Read - 3 min read
The 'Accept' button that hands over your mailbox: consent phishing, explained
A new wave of attacks skips passwords entirely: victims approve an innocent-looking app permission screen and hand criminals long-lived access to their Microsoft 365 mailbox and files. One setting shuts most of it down.
Read - 3 min read
Infostealers: the 30-second malware behind many of today's break-ins
Infostealer malware copies every password and login session off a computer in seconds, then sells them — often within 48 hours. Here's how it works and the five defenses that actually counter it.
Read - 4 min read
Multi-factor authentication, explained — and why turning it on is not the finish line
MFA stops most stolen-password attacks cold. But 'turned on' and 'properly configured' are not the same thing, and the gap between them is where accounts still get compromised.
Read - 4 min read
Everything you were taught about passwords is changing — here's what matters now
Forced 90-day resets and complexity rules felt rigorous. Modern guidance says they actually make things worse. Here is what security experts recommend instead.
Read - 3 min read
When someone leaves: the 20-minute routine that prevents a breach
Disabling a laptop isn't enough when everything is in the cloud. Here's the complete access cleanup you should run every time someone leaves — whether it was their idea or yours.
Read - 3 min read
MFA fatigue: when approving the prompt is the mistake
Multi-factor authentication is one of your best defenses, but attackers found a way around it: ask for approval over and over until someone taps yes. Here is how MFA fatigue works and how to beat it.
Read - 3 min read
Insider risk: the threat that already has a key
Not every risk comes from outside. Sometimes it is a careless click, a disgruntled employee, or an account that kept access it should have lost. Insider risk is uncomfortable to think about, and worth thinking about.
Read - 3 min read
How one stolen password becomes ten break-ins
Attackers don't always guess passwords. They reuse ones already leaked in other companies' breaches, trying them everywhere automatically. It is called credential stuffing, and password reuse is what makes it work.
Read - 3 min read
Why even MFA isn't bulletproof: the session-theft trick explained
Multi-factor authentication blocks most attacks, but a newer technique gets around it by stealing your logged-in session instead of your password. Here is how it works and why MFA still matters.
Read - 4 min read
Account takeover: what it looks like and how to take it back
When an attacker gets into an email or Microsoft 365 account, they try to stay quiet and dig in. Here are the signs of a hijacked account and the exact steps to lock them out and clean up.
Read
See your own risk
Reading about it is one thing. Seeing your own gaps is another.
Start a 7-day Pro trial and get a plain-English security report for your Microsoft 365 and Azure — no credit card.