Arsen Security

268 posts

Arsen Security

@arsen

🛡️ Security Awareness for the age of AI — ✨ AI-driven vishing, smishing, and phishing — 🌐 https://t.co/9Y3cjzpwhL

🇺🇸 USA 🇬🇧 UK 🇫🇷 France Katılım Mart 2020

197 Takip Edilen358 Takipçiler

Arsen Security@arsen·16 Mar

According to @ESET, ClickFix attacks surged by 517% in 2025. This social engineering trick can make your employees run malware on their own. @MsftSecIntel and @moonlock_lab recently detected two new massive schemes using this technique. Find out how.👇 arsen.co/en/blog/clickf…

English

Arsen Security@arsen·9 Mar

@MsftSecIntel Arsen offers ready-made 'ClickFix' simulation campaign scenarios. Test your employees on real attacker tactics: multi-step social engineering sequences that lead to a deceptive action request. arsen.co/en/blog/clickf…

English

Arsen Security@arsen·9 Mar

Bad actors are impersonating and weaponizing legitimate Microsoft tools thousands of firms use, using 'ClickFix' attacks - @MsftSecIntel. Arsen's simulations now allow security teams to mimic similar ClickFix attacks to assess and train their employees. Learn more below. 👇

Microsoft Threat Intelligence@MsftSecIntel

Microsoft Defender Experts identified a widespread ClickFix social engineering campaign in February 2026 leveraging Windows Terminal as the primary execution mechanism. Rather than the traditional Win + R → paste → execute technique, this campaign instructs targets to use the Windows + X → I shortcut to launch Windows Terminal (wt.exe) directly, guiding users into a privileged command execution environment that blends into legitimate administrative workflows and appears more trustworthy to users. This approach bypasses detections specifically tuned to Run dialog abuse while exploiting the legitimacy and familiarity of Windows Terminal. Once the terminal is opened, targets are prompted to paste malicious PowerShell commands delivered through fake CAPTCHA pages, troubleshooting prompts, or verification-style lures designed to appear routine and benign.

English

170

Arsen Security@arsen·20 Şub

Blockchain lending firm Figure confirmed a significant data breach resulting from a social engineering attack on an employee, highlighting the persistent threat of human vulnerability in cybersecurity for fintechs. 👉 arsen.co/en/blog/fintec…

English

Arsen Security@arsen·19 Şub

AI has handed attackers a new arsenal. For Financial Services CISOs, the 2026 threat landscape looks nothing like last year. Here's your fast-track briefing, and a full report to back it up.👇 ➡️ arsen.co/en/reports/soc…

English

Arsen Security@arsen·13 Şub

45% of the financial services industry faced AI-powered attacks last year. From deepfake defense to the new regulatory implications, get the intelligence you need to secure your organization. 👉 arsen.co/en/reports/soc…

English

Arsen Security@arsen·10 Şub

Recent researches from @Unit42_Intel (@PaloAltoNtwks) highlight how the emergence of "Dark LLMs", or malicious AI models, is transforming the cybercrime landscape, enhancing social engineering in ways never before achieved. 👉 arsen.co/en/blog/dark-l…

English

Arsen Security@arsen·5 Şub

As recently revealed by @Mandiant (@googlecloud #ThreatIntelligence), #vishing is becoming the primary intrusion vector used by known threat groups for SaaS data theft. Learn how they do it—and how to protect your team. 🛡️ 👉 arsen.co/en/blog/vishin…

English

Arsen Security@arsen·4 Şub

You're a cybersecurity specialist based in Asia? Join us on February 10 at 12:30 PM (HKT 🇭🇰) for a special webinar hosted by @AsiaLogon. 👉 lnkd.in/dS5_dX6e

English

Arsen Security@arsen·27 Oca

🚨 Attackers are moving from static emails to real-time vishing. Spotted by the @okta Threat Intelligence team, new phishing kits allow hackers to sync live calls with the victim's browser to break SSO and bypass MFA on major services. 👉 arsen.co/en/blog/the-ne…

English

Arsen Security@arsen·9 Oca

For #CISOs, the challenge is clear: standard awareness training is lagging. Strategies must shift from simple metrics to defending against real-time proxy attacks, with scenarios able to mimic such threats. 👉 arsen.co/en/blog/the-bl…

English

Arsen Security@arsen·9 Oca

Attack mechanics: → Victims are lured to a fake login the attacker controls → A reverse proxy relays inputs to the real site → MFA is completed, but the session cookie is intercepted → The attacker reuses the token to impersonate the user, bypassing login 🚨

English

118

Arsen Security@arsen·9 Oca

The @zscaler @Threatlabz team has uncovered BlackForce, a toolkit that is redefining phishing. It’s not just about passwords anymore; attackers are using Man-in-the-Middle (MitM) proxies to execute MFA Hijacking, effectively bypassing standard security layers. 🧵👇

English

133

Arsen Security@arsen·7 Oca

🚨 #Vishing attacks have surged 400%+ YoY, with Financial Services as a prime target (@CrowdStrike). Learn why banks and fintechs are vulnerable and how to build a compliant human firewall through scalable simulation training. 👉 arsen.co/en/blog/vishin…

English

Arsen Security@arsen·15 Ara

🚨 New vishing tactic alert from @SpiderLabs: Attackers weaponized Microsoft Quick Assist to deploy fileless malware in minutes. The "don't click links" era is over. If your team can't spot a fake IT call & vishing, basic controls won't save you. 👇 arsen.co/en/blog/vishin…

English

190

Arsen Security@arsen·11 Ara

Financial services are a prime target. 🎯 Generic training isn't enough, brands need to mirror exact threats. @arsen tests wealth & payment ops with ultra-realistic, AI-driven phishing, smishing or vishing scenarios. Test your resilience: arsen.co/en/blog/massiv…

English

Arsen Security@arsen·11 Ara

The attack uses a "DocuSign" lure with a complex redirect chain to hide the final malicious URL. It’s a masterclass in evasion. Traditional "hover to verify" advice won't save you here. arsen.co/en/blog/massiv… #InfoSec #Phishing #Cybersecurity

English

569

Arsen Security@arsen·11 Ara

🚨 40k+ phishing emails. 6k+ targets. A giant attack was just tracked down by @CheckPointSW. Attackers are now abusing trusted infrastructure like Mimecast and Bitdefender to target financial institutions and other firms. Phishing is evolving fast. Is your team ready? 🧵👇

English

142

Arsen Security@arsen·6 Kas

How do AI advancements in social engineering reshape our understanding of privacy and security in the digital age? Dive into the discussion and explore the implications: arsen.co/en/blog/ia-soc…

English

119

Arsen Security@arsen·4 Kas

Lear more: arsen.co/en/blog/genai-…

English

Arsen Security@arsen·4 Kas

Protect your inbox from GenAI attachment phishing! Stay safe with these quick tips: 1) Always verify sender email addresses. 2) Be cautious of unexpected attachments. 3) Keep your software updated. 4) Use advanced email filtering options. tachment-phishing

English

105

Keşfet

@ESET @MsftSecIntel @moonlock_lab @Unit42_Intel @PaloAltoNtwks @Mandiant @googlecloud @AsiaLogon