Posts

A phishing wave against Microsoft 365 bypasses MFA and even phishing-resistant passkeys without faking a single pixel of Microsoft. What attackers do, why it works, and the conditional access policy that stops it.

An SMS lands in the real Trade Republic chat — and costs a 63-year-old his retirement savings. What makes alphanumeric sender IDs so phishable, and why the UK and Singapore are ahead of Germany.

The first post on lwst.io — what this blog is and who's behind it. No marketing language, no tool reviews — just notes from working in the field and studying.