Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.” The technique, which the researchers call “ConsentFix,” tricks victims into copying and pasting a localhost URL containing an authorization token, then pasting it into a phishing page.

Fraud analysts know the pattern too well. After an account takeover incident, the postmortem confirms what happened. A stolen credential was used. A bot executed a replay. A mule account attempted a transfer. Yet the origin of the compromise remains unclear. The postmortem becomes an autopsy on a loss that already occurred. The core issue is the Window of Exposure.

Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox. “Parking threats are fueled by lookalike domains,” Infoblox explained. “No domain is immune. When one of our researchers tried to report a crime to the FBI’s Internet Crime Complaint Center (IC3), they accidentally visited ic3gov. Their phone was quickly redirected to a false “Drive Subscription Expired” page.

The image of the cyber attacker is changing. For years, the industry focused on email gateways and typo-squatted domains like citi-bank-security.com. But according to Tzoor Cohen, CTI Lead at Memcyco, the battleground has shifted. In 2026, the most dangerous social engineering tactics typically don’t start in an inbox. They start on social media, utilize legitimate infrastructure like Bitly, and exploit the user interface (UI) of mobile devices to hide malicious intent.

Can you believe it? The holiday season is finally here! For many of us, that means nostalgic traditions, quality time with family, and—let’s be honest—a significant amount of online shopping. The convenience of browsing for gifts from the comfort of our homes is undeniable, especially in our hybrid work environment. However, this surge in digital activity and scams also signals the busiest time of year for cybercriminals.

Artificial Intelligence (AI) has been a revelation. It has changed the way things are done. AI is being used in almost every industry because it speeds up the ability to perform tasks and reduces the chance of errors. But there is a dark side to this highly advanced technology. Scammers are using AI to create sophisticated attacks and are achieving success with them. Deepfake cyber fraud attacks are one such type where malicious actors use deep learning techniques and AI to manipulate existing media.

Today, anyone can find a picture of absolutely anybody and it is also not difficult to find a sample of their voice. By combining these it is shockingly easy to create a realistic AI deepfake video of that person. The video may not be perfect, and an experienced AI deepfake enthusiast might be able to see signs of it not being real, but it will be good enough to fool 99% of people. Cybercriminals have been creating and using AI-enabled deepfake technologies since early 2024 to socially engineer people.

The Visa Acquirer Monitoring Program (VAMP) has quickly become one of the most discussed (and feared) compliance frameworks in the payments industry. With stricter enforcement beginning October 1, 2025, merchants and acquirers around the globe are scrambling to understand how to stay within Visa’s tightening thresholds and avoid painful penalties.

For most enterprises, account takeover (ATO) detection is a game of lagging indicators. You see the spike in failed logins at the WAF level, the impossible travel flag in your SIEM, or – worst case – the chargeback report weeks later. This latency exists because traditional defenses monitor the perimeter (the login endpoint) rather than the environment (the user’s browser). By the time a request hits your backend authentication service, the attack chain is already in its final stage.