@arsen profile picture
Arsen Security @arsen

🛡️ Security Awareness for the age of AI — ✨ AI-driven vishing, smishing, and phishing — 🌐 arsen.co

Joined March 2020
  • Tweets 287
  • Following 193
  • Followers 359
135 Photos and videos
☎️ Voice spearphishing is becoming the #1 initial access tactic used by bad actors. With AI making voice impersonation easier than ever, attackers are just one phone call away. Try our playground for free and find out how secure you really are. 👇 arsen.co/en/resources/ai-voi…

AI Voice Phishing Playground

Think you're safe from vishing? Try our simulation in a controlled environment for free and find out how secure you really are.

arsen.co
Mandiant (part of Google Cloud)@Mandiant
Jun 5
🚨 UNC3753 is targeting US law firms using vishing and RMM tools for data extortion. In instances linked to UNC3753, individuals posing as IT technicians attempted direct data theft using physical, in-person access. Read more & get IOCs ➔ goo.gle/49HfT8g
Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

ALT Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

33
MFA doesn't protect you if your users approve access themselves. Here's how attackers are hijacking @Microsoft365 & @Azure OAuth, and what to do about it. 🧵
1
1
85
more replies
Follow-up training, personalized to what each employee actually did, completes the cycle. Not a generic module blasted to everyone. The right lesson, for the right person, at the right moment.
1
19
Your most vulnerable attack surface is your team. arsen.co/en/blog/microsoft-3…

Microsoft 365 & Azure: SSPR and OAuth Attacks Explained

Attackers are bypassing MFA in Microsoft 365 and Azure using social engineering. Here's what's happening and how to prevent it.

arsen.co
19
Crypto, blockchain, and DeFi companies operate in an environment of irreversible settlement, distributed counterparties, and fragmented security frameworks. That creates an ideal attack surface. Attackers know it. So do we. Here's our solution: arsen.co/en/industries/crypt…
62
Arsen Security retweeted
Thomas Le Coz@ThomasLeCoz
Jun 2
Crypto, blockchain, and Web3 companies are targeted by social engineering attacks. Irreversible transactions & distributed teams make them targets. 40% of crypto security incidents stem from social engineering. @Arsen fixes this.
1
1
23
Over $200 million in financial losses were attributed to deepfakes in Q1 2025, and 44% of financial professionals have already reported deepfake-driven fraud. Here are three concrete controls you can deploy: arsen.co/en/blog/deepfake-fr…
1
1
200
We got tons of notifications because @Arsenal qualified for the #UCL, and our handle @arsen starts almost the same! Do you know this reflects a #phishing tactic? It's called #typosquatting (aka URL hijacking), where fraudsters exploit typing mistakes to redirect to fake sites. 👇
1
3
212
arsen.co/en/resources/typosq…

Typosquatting: What It Is and How to Stop It

Typosquatting redirects users to fake domains that mimic real brands. Learn how it works, what attackers do with it, and how to protect your organisation.

arsen.co
85
#CustomerStory @odaseva needed security awareness training that could scale with their global workforce. With Arsen, they got it: localized campaigns, zero friction, real behavioral insights. Read the full story 👇 arsen.co/en/customers/odasev…
1
70
#SocialEngineering @Mandiant (@googlecloud) recently released its M-Trends 2026 report, confirming vishing is now the second most common initial breach vector globally and the #1 vector in cloud environments. 👉arsen.co/en/blog/vishing-mai…
2
68
Over the past few weeks, we deployed a redesigned cyber awareness training module, now available to all customers. It delivers adaptive, engaging learning that drives behavior change, not just compliance knowledge. 👉 lnkd.in/eAmBaex9
0:28
59
Arsen Security retweeted
Thomas Le Coz@ThomasLeCoz
Apr 20
The @vercel breach didn't start at Vercel. It started with a 3rd party. We'll learn more in the coming days, but if it's really ShinyHunters, social engineering on top of weakness exploitation is very probable. Either way: 3rd party human surface remains a key entry point.
Vercel
@vercel
Apr 19
Replying to @vercel
Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. vercel.com/kb/bulletin/verce…
1
2
146
💥 From a cloned CEO identity to a fake Slack workspace and a fake Microsoft Teams error: the perfect multi-step #SocialEngineering attack? Read the report 👇 arsen.co/en/blog/ceo-imperso…
1
99
"Click Next. Click Next. Click Next. Quiz passed." That's not security awareness; that's speed-clicking. CISOs: Your employees deserve better than a slideshow they'll forget by lunch. Try actual, real-life simulations instead. arsen.co/en/platform/phishin…

Phishing & Social Engineering Simulation

Run realistic phishing simulations with Arsen's platform. Train employees at scale and measure real human risk across email, SMS, and voice.

arsen.co
⚚Sage
@belikesagee
Mar 31
'You must complete the HR mandatory safety training" Me:
0:08
1
110
According to @ESET, ClickFix attacks surged by 517% in 2025. This social engineering trick can make your employees run malware on their own. @MsftSecIntel and @moonlock_lab recently detected two new massive schemes using this technique. Find out how.👇 arsen.co/en/blog/clickfix-at…
1
126
Load more