Security Champion: Our Free Intermediate Phishing Course Is Live
Our first phishing course, Spot the Scam, taught you to recognize attacks. It gave you a framework – PUSHED+VERIFY – for pausing, reading the emotional...
Read More →Blog
Security News & Insights
Research, guides, and expert advice.
We Just Released 240 Free Cybersecurity Exercises
For the past several months, we’ve been building something that didn’t exist in the format we wanted.
Read More →Vervain: A Chrome Extension That Uses AI to Catch Phishing Emails in Gmail
Phishing emails used to give themselves away. Bad grammar, sketchy domains, generic greetings – these were reliable red flags for years. That era is ending....
Read More →When you feel PUSHED, stop and VERIFY before you reply
Phishing isn’t just emails anymore. Today’s attackers use AI-generated phone calls, deepfake videos, sophisticated text messages, and perfectly crafted emails. The technology behind these attacks...
Read More →Indicator Removal in the Wild: A Practitioner's Guide to Detection and Response
After gaining access to a target system, sophisticated adversaries don’t just accomplish their objectives and leave. They systematically remove traces of their presence, making incident...
Read More →Widespread npm Supply Chain Attack: The Shai-Hulud Worm
On 23 September 2025, CISA disclosed that the “Shai-Hulud” worm had taken over more than 500 npm packages—roughly 2.9 billion weekly downloads—within a 94‑minute window. The...
Read More →