Notification Tab
LiveMoving forward all features, updates, error messages will reside in the notification tab in the top right hand side of the portal.
%20(1080%20%C3%97%20608%20px)%20(4).png)
What changed, what’s new, and what's next? Built for executives and IT pros who run PhishFirewall.
Moving forward all features, updates, error messages will reside in the notification tab in the top right hand side of the portal.
You no longer need to wait for CSV's for bulk data to be generated, instead when you click download CSV youw will recieve an email with a link to download the CSV file.
Older templete styles have been retired for phish follow up emails, and all phish follow-ups have been upgraded to our modern format.
Flexible editing tools allow administrators to easily customize training modules and phishing templates. This enables them to tailor content to their organization’s language, tone, policies, and cultural nuances—without compromising consistency or overall structure.
Take your analytics a step further focusing on key user segments—high-risk users, non-compliant users, and low-engagement users.
By segmenting your data this way, you can:
Identify and monitor high-risk users who may be more susceptible to phishing or security breaches.
Track non-compliant users to ensure they’re completing required training and following security protocols.
Recognize low-engagement users who may need additional motivation, guidance, or communication to stay involved.
This level of reporting allows for proactive management and targeted intervention, ensuring your efforts are focused where they will have the greatest impact. Instead of treating your entire workforce uniformly, you can prioritize resources and support for those who need an extra push—strengthening both overall compliance and security resilience.
Improve your impact by publicly praising those who get it right. Recognizing employees who report phishing attempts is a powerful way to build morale, reinforce confidence, and strengthen cybersecurity awareness across your organization.
When someone reports a phish, highlight it—especially if it’s a prevalent or concerning example. Share the reported phish with targeted groups or teams. Doing so not only celebrates a job well done, but also sparks curiosity among peers. Everyone will take a closer look and ask themselves, “Would I have caught that?”
This simple act of recognition transforms an individual success into a collective learning opportunity. It’s one of the most effective ways to reward vigilance, foster engagement, and raise awareness about real threats facing your organization.
Roadmap and timelines are directional. Priorities may change.
Curated for October 2025
China-linked operators sent event-themed lures that dropped malicious .LNK shortcuts exploiting CVE-2025-9491 to deploy PlugX and persist.
Action: strip/disable .LNK from email; block known C2; harden file-type handling; ensure EDR flags scriptable shortcuts; reinforce “open only trusted attachments.”
Pre-auth deserialization bug in WSUS enables remote code execution; attackers scan for exposed 8530/8531 and drop PowerShell payloads. CISA added it to KEV.
Action: patch immediately; keep WSUS off the public Internet; if patching is delayed, block 8530/8531 and disable WSUS role until updated; hunt for spawned cmd.exe/powershell.exe from wsusservice.exe.
Investigators say gangs use SIM boxes to blast texts, capture OTPs, and load stolen cards into mobile wallets for instant spend; related European SIM-farm takedowns show the scale of the infrastructure.
Action: mobile-first awareness—don’t tap links in texts; favor official apps; enable wallet & card alerts; filter SMS/RCS at the gateway; block newly registered look-alike domains.
Grab a slot for a quick admin walkthrough, feature enablement help, or Q&A.
If the scheduler doesn’t load, open it in a new tab.