Fable Security
@fablesecurity.bsky.social
Fable is the human risk platform that shapes employee behavior—automatically, in real time, right where people work. Cut risk. Sharpen habits. Build resilience.
This attack doesn’t need your password, it just needs your approval.
Attackers are deploying a Microsoft365 OAuth “device code” phishing to bypass your MFA while using legitimate-looking domains.
Find the full report + learn how to equip your team to stay protected 👇
Attackers are deploying a Microsoft365 OAuth “device code” phishing to bypass your MFA while using legitimate-looking domains.
Find the full report + learn how to equip your team to stay protected 👇
January 9, 2026 at 2:57 PM
This attack doesn’t need your password, it just needs your approval.
Attackers are deploying a Microsoft365 OAuth “device code” phishing to bypass your MFA while using legitimate-looking domains.
Find the full report + learn how to equip your team to stay protected 👇
Attackers are deploying a Microsoft365 OAuth “device code” phishing to bypass your MFA while using legitimate-looking domains.
Find the full report + learn how to equip your team to stay protected 👇
Microsoft 365 accounts are being targeted with OAuth device code phishing, avoiding passwords and MFA to steal session tokens. We break down the attack and share a short, free, downloadable video you can send to employees.
Watch now: youtu.be/u4v6CLcwmio
Watch now: youtu.be/u4v6CLcwmio
January 6, 2026 at 9:14 PM
Microsoft 365 accounts are being targeted with OAuth device code phishing, avoiding passwords and MFA to steal session tokens. We break down the attack and share a short, free, downloadable video you can send to employees.
Watch now: youtu.be/u4v6CLcwmio
Watch now: youtu.be/u4v6CLcwmio
Myth: younger generations are better at cybersecurity.
Reality: password habits say otherwise.
Across generations, “123456” is still the most common password, per @NordPass + @NordStellar.
Strong, unique passwords + MFA still matter. A lot.
Learn how to better protect your data 👇
Reality: password habits say otherwise.
Across generations, “123456” is still the most common password, per @NordPass + @NordStellar.
Strong, unique passwords + MFA still matter. A lot.
Learn how to better protect your data 👇
January 5, 2026 at 4:32 PM
Myth: younger generations are better at cybersecurity.
Reality: password habits say otherwise.
Across generations, “123456” is still the most common password, per @NordPass + @NordStellar.
Strong, unique passwords + MFA still matter. A lot.
Learn how to better protect your data 👇
Reality: password habits say otherwise.
Across generations, “123456” is still the most common password, per @NordPass + @NordStellar.
Strong, unique passwords + MFA still matter. A lot.
Learn how to better protect your data 👇
And on the last day of Riskmas, we leave you with this: some risks travel together, creating toxic combinations that quietly amplify exposure.
So, find the overlap, prioritize the toxic combos, and zap risk.
fablesecurity.com/resources/bl...
So, find the overlap, prioritize the toxic combos, and zap risk.
fablesecurity.com/resources/bl...
December 30, 2025 at 5:36 PM
And on the last day of Riskmas, we leave you with this: some risks travel together, creating toxic combinations that quietly amplify exposure.
So, find the overlap, prioritize the toxic combos, and zap risk.
fablesecurity.com/resources/bl...
So, find the overlap, prioritize the toxic combos, and zap risk.
fablesecurity.com/resources/bl...
Technically Christmas is over. But Riskmas is still in full swing.
In our second-to-last blog of the series, we focus on how important targeting is in human risk campaigns.
Learn more about how targeted campaigns have better engagement & lead to lasting change: fablesecurity.com/resources/bl...
In our second-to-last blog of the series, we focus on how important targeting is in human risk campaigns.
Learn more about how targeted campaigns have better engagement & lead to lasting change: fablesecurity.com/resources/bl...
December 29, 2025 at 6:58 PM
Technically Christmas is over. But Riskmas is still in full swing.
In our second-to-last blog of the series, we focus on how important targeting is in human risk campaigns.
Learn more about how targeted campaigns have better engagement & lead to lasting change: fablesecurity.com/resources/bl...
In our second-to-last blog of the series, we focus on how important targeting is in human risk campaigns.
Learn more about how targeted campaigns have better engagement & lead to lasting change: fablesecurity.com/resources/bl...
Security tends to treat human behavior as immutable. In 2026, that will change.
Cybersecurity is adapting to what other industries have known for years: behavior can change when the message is targeted, relevant, and timely.
The shift is starting, and we’re pushing it forward. 🧵
Cybersecurity is adapting to what other industries have known for years: behavior can change when the message is targeted, relevant, and timely.
The shift is starting, and we’re pushing it forward. 🧵
December 23, 2025 at 9:33 PM
Security tends to treat human behavior as immutable. In 2026, that will change.
Cybersecurity is adapting to what other industries have known for years: behavior can change when the message is targeted, relevant, and timely.
The shift is starting, and we’re pushing it forward. 🧵
Cybersecurity is adapting to what other industries have known for years: behavior can change when the message is targeted, relevant, and timely.
The shift is starting, and we’re pushing it forward. 🧵
Metrics should do more than decorate dashboards.
Real risk involves behavior, context, speed, and durability. Not vanity metrics like phishing click rates or training completions.
More details in today’s post: fablesecurity.com/resources/bl...
Real risk involves behavior, context, speed, and durability. Not vanity metrics like phishing click rates or training completions.
More details in today’s post: fablesecurity.com/resources/bl...
December 23, 2025 at 4:10 PM
Metrics should do more than decorate dashboards.
Real risk involves behavior, context, speed, and durability. Not vanity metrics like phishing click rates or training completions.
More details in today’s post: fablesecurity.com/resources/bl...
Real risk involves behavior, context, speed, and durability. Not vanity metrics like phishing click rates or training completions.
More details in today’s post: fablesecurity.com/resources/bl...
Not all human risks fly solo. When two or more risks overlap more than you’d expect by chance, we call that a toxic combination.
Learn more about toxic combos, risk lift, and how this info can help your targeted behavior campaigns 👉
Learn more about toxic combos, risk lift, and how this info can help your targeted behavior campaigns 👉
December 22, 2025 at 4:15 PM
Not all human risks fly solo. When two or more risks overlap more than you’d expect by chance, we call that a toxic combination.
Learn more about toxic combos, risk lift, and how this info can help your targeted behavior campaigns 👉
Learn more about toxic combos, risk lift, and how this info can help your targeted behavior campaigns 👉
Who’s pushing the limits with generative AI?
In this analysis, it’s the tech team. And they’re uploading a lot of code.
Our research shows employees aren’t just playing around, they’re uploading code, documents, and media files.
Read the report: fablesecurity.com/resources/bl...
In this analysis, it’s the tech team. And they’re uploading a lot of code.
Our research shows employees aren’t just playing around, they’re uploading code, documents, and media files.
Read the report: fablesecurity.com/resources/bl...
December 19, 2025 at 6:50 PM
Who’s pushing the limits with generative AI?
In this analysis, it’s the tech team. And they’re uploading a lot of code.
Our research shows employees aren’t just playing around, they’re uploading code, documents, and media files.
Read the report: fablesecurity.com/resources/bl...
In this analysis, it’s the tech team. And they’re uploading a lot of code.
Our research shows employees aren’t just playing around, they’re uploading code, documents, and media files.
Read the report: fablesecurity.com/resources/bl...
You fixed the behavior. 🎉 But did it stick?
Behavior decay reveals how fast people drift back to risky habits once a campaign ends.
👉Lasting change needs relevant guidance + ongoing monitoring before the risk comes back.
Check out day 7 of riskmas to learn more: fablesecurity.com/resources/bl...
Behavior decay reveals how fast people drift back to risky habits once a campaign ends.
👉Lasting change needs relevant guidance + ongoing monitoring before the risk comes back.
Check out day 7 of riskmas to learn more: fablesecurity.com/resources/bl...
December 18, 2025 at 7:25 PM
You fixed the behavior. 🎉 But did it stick?
Behavior decay reveals how fast people drift back to risky habits once a campaign ends.
👉Lasting change needs relevant guidance + ongoing monitoring before the risk comes back.
Check out day 7 of riskmas to learn more: fablesecurity.com/resources/bl...
Behavior decay reveals how fast people drift back to risky habits once a campaign ends.
👉Lasting change needs relevant guidance + ongoing monitoring before the risk comes back.
Check out day 7 of riskmas to learn more: fablesecurity.com/resources/bl...
Phishing campaigns on autopilot? Yes, please.
Recurring phishing simulations in Fable let you automate campaigns for up to a year—no constant setup, no busywork—so your team can focus on the strategic stuff.
Read more: fablesecurity.com/resources/bl...
Recurring phishing simulations in Fable let you automate campaigns for up to a year—no constant setup, no busywork—so your team can focus on the strategic stuff.
Read more: fablesecurity.com/resources/bl...
December 18, 2025 at 6:24 PM
Phishing campaigns on autopilot? Yes, please.
Recurring phishing simulations in Fable let you automate campaigns for up to a year—no constant setup, no busywork—so your team can focus on the strategic stuff.
Read more: fablesecurity.com/resources/bl...
Recurring phishing simulations in Fable let you automate campaigns for up to a year—no constant setup, no busywork—so your team can focus on the strategic stuff.
Read more: fablesecurity.com/resources/bl...
Day 6 of riskmas is here, and spoiler alert: human risk is not a one-size-fits-all situation.
Want to know where the risky business really happens? Cohort analysis.
Your targeting gets sharper. Your risk gets smaller. Your strategy gets smarter.
Unwrap today’s blog 👉
Want to know where the risky business really happens? Cohort analysis.
Your targeting gets sharper. Your risk gets smaller. Your strategy gets smarter.
Unwrap today’s blog 👉
December 17, 2025 at 5:11 PM
Day 6 of riskmas is here, and spoiler alert: human risk is not a one-size-fits-all situation.
Want to know where the risky business really happens? Cohort analysis.
Your targeting gets sharper. Your risk gets smaller. Your strategy gets smarter.
Unwrap today’s blog 👉
Want to know where the risky business really happens? Cohort analysis.
Your targeting gets sharper. Your risk gets smaller. Your strategy gets smarter.
Unwrap today’s blog 👉
Behavior change is a critical metric, but it doesn’t tell the whole story.
Meet TTBC: the metric that shows how long the “I’ll do it later” gap keeps your org exposed.
If we want to reduce real risk, we have to measure the moment awareness → action.
Read more: fablesecurity.com/resources/bl...
Meet TTBC: the metric that shows how long the “I’ll do it later” gap keeps your org exposed.
If we want to reduce real risk, we have to measure the moment awareness → action.
Read more: fablesecurity.com/resources/bl...
December 16, 2025 at 4:07 PM
Behavior change is a critical metric, but it doesn’t tell the whole story.
Meet TTBC: the metric that shows how long the “I’ll do it later” gap keeps your org exposed.
If we want to reduce real risk, we have to measure the moment awareness → action.
Read more: fablesecurity.com/resources/bl...
Meet TTBC: the metric that shows how long the “I’ll do it later” gap keeps your org exposed.
If we want to reduce real risk, we have to measure the moment awareness → action.
Read more: fablesecurity.com/resources/bl...
“The cyberattacks we see will only become more personalized, more targeted, and far more convincing.” [email protected], chief product officer and co-founder of Fable
Listen to the full discussion with Brains Byte Back: sociable.co/business/ai-...
Listen to the full discussion with Brains Byte Back: sociable.co/business/ai-...
December 15, 2025 at 10:34 PM
“The cyberattacks we see will only become more personalized, more targeted, and far more convincing.” [email protected], chief product officer and co-founder of Fable
Listen to the full discussion with Brains Byte Back: sociable.co/business/ai-...
Listen to the full discussion with Brains Byte Back: sociable.co/business/ai-...
If you’re trying to change security behavior, engagement metrics aren’t enough.
Training metrics measure activity. Behavior metrics measure risk reduction.
Measure actions, not just phishing clicks, views, or training completions.
Full report: fablesecurity.com/resources/bl...
Training metrics measure activity. Behavior metrics measure risk reduction.
Measure actions, not just phishing clicks, views, or training completions.
Full report: fablesecurity.com/resources/bl...
December 15, 2025 at 5:12 PM
If you’re trying to change security behavior, engagement metrics aren’t enough.
Training metrics measure activity. Behavior metrics measure risk reduction.
Measure actions, not just phishing clicks, views, or training completions.
Full report: fablesecurity.com/resources/bl...
Training metrics measure activity. Behavior metrics measure risk reduction.
Measure actions, not just phishing clicks, views, or training completions.
Full report: fablesecurity.com/resources/bl...
Happy holidays from our team to yours! ✨🎄
Hoping yours are merry, bright, and delightfully low on email. 😉
Hoping yours are merry, bright, and delightfully low on email. 😉
December 12, 2025 at 10:48 PM
Happy holidays from our team to yours! ✨🎄
Hoping yours are merry, bright, and delightfully low on email. 😉
Hoping yours are merry, bright, and delightfully low on email. 😉
Welcome to Day 4 of Riskmas!
A targeted help-desk impersonation campaign outperformed the general version by 33 points, all thanks to smarter audience matching.
Link to the report below.
#12DaysofRiskmas #Cybersecurity #RiskManagement
A targeted help-desk impersonation campaign outperformed the general version by 33 points, all thanks to smarter audience matching.
Link to the report below.
#12DaysofRiskmas #Cybersecurity #RiskManagement
December 12, 2025 at 4:38 PM
Welcome to Day 4 of Riskmas!
A targeted help-desk impersonation campaign outperformed the general version by 33 points, all thanks to smarter audience matching.
Link to the report below.
#12DaysofRiskmas #Cybersecurity #RiskManagement
A targeted help-desk impersonation campaign outperformed the general version by 33 points, all thanks to smarter audience matching.
Link to the report below.
#12DaysofRiskmas #Cybersecurity #RiskManagement
On the third day of Riskmas, Fable gave to me… 🎶
A truth every security team learns the hard way:
“Send-to-everyone” campaigns barely move the needle.
Day 3 is live now. Download the full report for real-world examples. Link in the comment below.
A truth every security team learns the hard way:
“Send-to-everyone” campaigns barely move the needle.
Day 3 is live now. Download the full report for real-world examples. Link in the comment below.
December 11, 2025 at 4:36 PM
On the third day of Riskmas, Fable gave to me… 🎶
A truth every security team learns the hard way:
“Send-to-everyone” campaigns barely move the needle.
Day 3 is live now. Download the full report for real-world examples. Link in the comment below.
A truth every security team learns the hard way:
“Send-to-everyone” campaigns barely move the needle.
Day 3 is live now. Download the full report for real-world examples. Link in the comment below.
Day 2 of our 12 days of riskmas (or risk-mukah, risk-ivus, pick your favorite): the 10 human risks we see across nearly every Fable customer.
From weak creds to social engineering, the patterns are consistent. Targeted, timely interventions are the key to reducing risk. Get the full report 👇
From weak creds to social engineering, the patterns are consistent. Targeted, timely interventions are the key to reducing risk. Get the full report 👇
December 10, 2025 at 5:31 PM
Day 2 of our 12 days of riskmas (or risk-mukah, risk-ivus, pick your favorite): the 10 human risks we see across nearly every Fable customer.
From weak creds to social engineering, the patterns are consistent. Targeted, timely interventions are the key to reducing risk. Get the full report 👇
From weak creds to social engineering, the patterns are consistent. Targeted, timely interventions are the key to reducing risk. Get the full report 👇
New report: the art (and science) of behavior change in human risk.
Key findings:
-Targeted > broad campaigns
-Behavior change happens fast
-“Toxic combos” amplify risk
Get the report 👉
#Cybersecurity #HumanRisk #12DaysOfRiskmas
Key findings:
-Targeted > broad campaigns
-Behavior change happens fast
-“Toxic combos” amplify risk
Get the report 👉
#Cybersecurity #HumanRisk #12DaysOfRiskmas
December 9, 2025 at 6:10 PM
New report: the art (and science) of behavior change in human risk.
Key findings:
-Targeted > broad campaigns
-Behavior change happens fast
-“Toxic combos” amplify risk
Get the report 👉
#Cybersecurity #HumanRisk #12DaysOfRiskmas
Key findings:
-Targeted > broad campaigns
-Behavior change happens fast
-“Toxic combos” amplify risk
Get the report 👉
#Cybersecurity #HumanRisk #12DaysOfRiskmas
Team = upgraded 🙌 🔥 So glad you’re here Somu and Zoe!
Interested in joining? Check out our open positions: fablesecurity.com/careers/
Interested in joining? Check out our open positions: fablesecurity.com/careers/
December 9, 2025 at 5:00 PM
Team = upgraded 🙌 🔥 So glad you’re here Somu and Zoe!
Interested in joining? Check out our open positions: fablesecurity.com/careers/
Interested in joining? Check out our open positions: fablesecurity.com/careers/
Human risk campaigns shouldn’t take all day.
Now they don’t. 😉
#Cybersecurity #HumanRisk #SecurityLeadership #FeatureFriday
Now they don’t. 😉
#Cybersecurity #HumanRisk #SecurityLeadership #FeatureFriday
December 5, 2025 at 4:38 PM
Human risk campaigns shouldn’t take all day.
Now they don’t. 😉
#Cybersecurity #HumanRisk #SecurityLeadership #FeatureFriday
Now they don’t. 😉
#Cybersecurity #HumanRisk #SecurityLeadership #FeatureFriday
Hackers aren’t “breaking in” anymore, they’re persuading AI to do their dirty work — no code required.
Read our latest post to find the emerging tactics every security leader should know: fablesecurity.com/blog-hackers...
Read our latest post to find the emerging tactics every security leader should know: fablesecurity.com/blog-hackers...
December 4, 2025 at 4:55 PM
Hackers aren’t “breaking in” anymore, they’re persuading AI to do their dirty work — no code required.
Read our latest post to find the emerging tactics every security leader should know: fablesecurity.com/blog-hackers...
Read our latest post to find the emerging tactics every security leader should know: fablesecurity.com/blog-hackers...
Our product manager tried to install ChatGPT Atlas and found password-stealing malware. Here’s how it all went down. (Free, downloadable video included that you can use to warn your team.)
fablesecurity.com/blog-chatgpt...
fablesecurity.com/blog-chatgpt...
December 2, 2025 at 5:55 PM
Our product manager tried to install ChatGPT Atlas and found password-stealing malware. Here’s how it all went down. (Free, downloadable video included that you can use to warn your team.)
fablesecurity.com/blog-chatgpt...
fablesecurity.com/blog-chatgpt...
Welcome to the Fable fam Kashyap Chaturvedula! 🚀😃
Are you interested in joining the Fable team? We’re still hiring! Check us out: fablesecurity.com/careers/
#Cybersecurity #FableSecurity #Hiring
Are you interested in joining the Fable team? We’re still hiring! Check us out: fablesecurity.com/careers/
#Cybersecurity #FableSecurity #Hiring
December 1, 2025 at 4:53 PM
Welcome to the Fable fam Kashyap Chaturvedula! 🚀😃
Are you interested in joining the Fable team? We’re still hiring! Check us out: fablesecurity.com/careers/
#Cybersecurity #FableSecurity #Hiring
Are you interested in joining the Fable team? We’re still hiring! Check us out: fablesecurity.com/careers/
#Cybersecurity #FableSecurity #Hiring