Data & research | 2 min read
It’s here: Expel’s 2025 Annual Threat Report

This year’s Annual Threat Report describes the major attack trends we saw last year, advice to safeguard your org, and predictions for 2025.

MDR | 10 min read
Beware QR code phishing, subscription bombing, and other Grinchy scams this holiday season

As the holidays approach, cyber Grinches are phishing for data, credentials, and more. Look out for these email scams and check your inbox this season!

Current events | 2 min read
A secure world is built together: closing out Cybersecurity Awareness Month

It's the end of Cybersecurity Awareness Month, but these resources are useful every month of the year to enhance resilience and stay secure.

Data & research | 3 min read
Expel Quarterly Threat Report Q3 2024, volume IV: Suspicious infrastructure from phishing-as-a-service (PhaaS) platforms

Volume IV of our Q3 2024 Quarterly Threat Report focuses on phishing-as-a-service (PaaS). Learn what to focus on right now.

Data & research | 2 min read
Expel Quarterly Threat Report, volume I: Q3 2024 by the numbers

Volume I of our Quarterly Threat Report summarizes key findings and stats from Q3 of 2024. Learn what to focus on right now.

Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume IV: Phishing trends

PhaaS platforms make phishing easy. In this volume in our series, we share what these are, how they work, and how they can be counteracted.

Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume II: Attackers advance with AI

Volume II of our Quarterly Threat Report covers how attackers are advancing with AI in Q2 of 2024. Learn what to focus on right now.

MDR | 3 min read
How phishing threat actors are using AI: a real world example

Our phishing team intercepted an email that appears to contain AI-generated code. Here's what it can teach you.

Security operations | 2 min read
Beware this new-ish attacker tactic: QR code attacks

There’s been an increase in “qishing,” the use of QR codes to drive users to malicious URLs in credential harvesting attacks. Here’s what our SOC is seeing plus some insight on how to avoid them.

Security operations | 2 min read
Security alert: Okta “support user” data theft

Okta recently determined that an attacker stole support system user in an incident identified in October. Here’s what Okta customers need to know and do right now.

Engineering | 5 min read
How we built it: the app that gives our analysts more time to fight cyber evil

Auto-close marketing emails (AME), a feature we built for our SOC, not only frees up time for our analysts, it offers insight into application development using machine learning.

Security operations | 3 min read
Okta cross-tenant impersonation: a new Expel detection

Okta recently described a novel attack on a customer organization. Expel analyzed the information and has developed two new detections for this attack.

Security operations | 3 min read
Expel Q3 Quarterly Threat Report: the top five findings

The Q3 Quarterly Threat Report findings are based on incidents our security operations center identified in the third quarter this year. Here are a few of the top trends.

Security operations | 8 min read
A new way to recruit: Our approach to building Expel’s Phishing team

In this blog post, we’ll share how we’re using the Expel Phishing team and its simple, narrow focus, to achieve two goals -- Protect managed detection and response (MDR) service continuity, and Increase diversity in cybersecurity

Security operations | 5 min read
The top phishing keywords in the last 10k+ malicious emails we investigated

Curious how attackers are prompting victims to engage with phishing campaigns? Check out the top keywords from the malicious emails our SOC investigated and our top resilience recommendations.

Security operations | 7 min read
Come sea how we tackle phishing: Expel’s Phishing dashboard

Want a tour of Expel’s Phishing dashboard? Get a behind-the-scenes look at how one of our senior UX designers developed the Phishing dashboard for Expel’s managed phishing service customers.