Cybersecurity Decrypted #51

Warning As New Attack Targets M365 And Google Workspace With MFA Bypass

VoidProxy is a sophisticated phishing-as-a-service platform that can steal credentials, intercept MFA codes, and hijack sessions in real-time using adversary-in-the-middle (AiTM) tactics. The service lowers the barrier for attackers, enabling widespread phishing campaigns at scale. Only phishing-resistant MFA, like FIDO2 keys, successfully blocked attacks.

Microsoft & Cloudflare “Rugpull” Major Global Phishing Service

Microsoft has disrupted a fast-growing phishing service known as “RaccoonO365”, shutting down over 300 phishing domains. RaccoonO365’s phishing kits are notorious for the low technical know-how required to start sending widespread phishing campaigns to thousands of people. The kits are advertised as being able to avoid spam filters and bypass Multi-Factor Authentication (MFA).

Hackers Want Victims To Install RMM Software—Here’s Why

A new phishing campaign is tricking users with fake browser updates that actually install popular Remote Monitoring and Management (RMM) tools. Once inside, attackers abuse these trusted IT platforms to steal data, maintain persistence, and drop malware —all while blending in with normal network activity.

SonicWall Warns Of Potential Cloud Backup File Breach

SonicWall has disclosed a security incident affecting the MySonicWall cloud backup service, after detecting suspicious activity targeting firewall backup files. Due to the sensitivity of the configuration files impacted, SonicWall is urging customers using the cloud backup service to log into their account and verify if any of their firewalls are flagged as at risk.

Podcast: How To Build A Cyber Start Up

In the very first episode of the Women In Cyber podcast, our panel of cybersecurity trailblazers discusses the triumphs, challenges, and lessons learned when building a company. This is a must listen for cybersecurity pros.

Article: Top 10 Enterprise Cybersecurity Challenges In 2025 

Enterprise cybersecurity is not just about deploying tools; it’s about managing risk at scale and protecting the trust that customers, partners, and stakeholders place in the business. In this article, we take a look at the biggest cybersecurity challenges teams are facing in 2025.

Article: Do You Really Need API Security? A Complete Guide 

API security tools protect data being exchanged between applications. But how real are the risks associated with unsecured APIs, and why aren’t traditional AppSec solutions enough to protect them?

TheHackerNews: Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

CISA: CISA Presents Vision for the Common Vulnerabilities and Exposures (CVE) Program

SecurityWeek: ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails

Crowdstrike: CrowdStrike to Acquire Pangea to Secure Every Layer of Enterprise AI

ValiMail: DigiCert acquires Valimail to accelerate the future of digital trust

TheRecord: Uvalde school district says ransomware attack forcing closure until Thursday

Tom’sHardware: China’s Great Firewall suffers its biggest leak ever as 500GB of source code and docs spill online — censorship tool has been sold to three different countries

• Remote Monitoring & Management (RMM)
• Mobile Device Management (MDM)
• Email Security
• Identity & Access Management (IAM)
• Phishing Simulation
• Multi-Factor Authentication (MFA)
• Cyber Threat Intelligence

• Podcasts

Expert Insights Podcast

Expert Insights Game Changers

Expert Insights Explainers

Women In Cyber

• Advertising

Advertise with us

Expert Insights helps security and IT professionals make smarter, faster cybersecurity decisions.

Join our community, stay ahead with our podcasts, and get essential insights in our weekly newsletter. Trusted by over one million businesses.