Explore Resources
Reports, customer stories, threat intelligence, and expert analysis from the Dune Security team.
Stay Updated
Get the latest threat intelligence, research, and product updates from Dune Security.
Phishing Didn't Leave the Inbox. It Expanded Around It.
Mobile-centric phishing carries a 40% higher success rate than email. Vishing is up 442%. Deepfake fraud is projected to hit $40 billion by 2027. The attack surface didn't shift, it expanded. Here's what that means for enterprise defense.
.jpeg)
Social Engineering Is About to Be the Only Game in Town
AI is finding and patching zero‑days at machine speed. The traditional attack surface is collapsing. The only place attackers can still win consistently is the user. Learn what that means for CISOs trying to defend the enterprise, and why the operating model that worked for networks, endpoints, and identity has to come to the User Layer next.
The Top User-Driven Cyber Threats Targeting Law Firms
Law firms sit on some of the most sensitive and valuable data in the enterprise, and attackers have built an entire playbook around exploiting the users who handle it. Learn how four dominant threat vectors are targeting legal sector workflows in 2026 and what it takes to stop attacks at the User Layer.
The Workforce Has Expanded: How Attackers Are Targeting Enterprise AI Agents
AI agents are being deployed across the enterprise at scale, and attackers have already started engineering against them. Learn how agentic AI expands the enterprise attack surface in ways legacy security programs were never designed to defend.
.avif)
Making Cyber Risk Board Ready: Strategies for Winning Boardroom Confidence
Winning board confidence on cyber risk requires more than technical reporting. Security leaders need to support better governance decisions and communicate exposure in a way directors can act on.
Tax Season Scams: How Refund Fraud Escalates Into Enterprise Risk
Each filing season, threat actors execute coordinated, identity-driven campaigns that begin with refund fraud and rapidly escalate into credential harvesting and enterprise exposure.
%20(1).avif)
Dune Security and OmegaBlack Partner to Deliver Intelligence-Driven Protection for the User Layer
Threat actors are building their campaigns across the dark web long before they reach the enterprise. Dune Security and OmegaBlack are partnering to deliver layered protection that connects external exposure with user level risk scoring and automated remediation.
How Attackers Exploit Trusted Access in BPO Environments
Learn why BPO environments are increasingly targeted by social engineering and how user cyber risk spreads across outsourced operations and client organizations.
How Impersonation-Based Social Engineering Drives Enterprise Cyber Risk
Impersonation-based social engineering attacks are driving disproportionate enterprise risk. Learn why they work and what it takes to defend against them.
Cybersecurity in Healthcare: How Social Engineers Target Patient Data and Hospital Operations
Healthcare’s reliance on digital systems and high-pressure clinical environments has made user risk a patient safety issue, and organizations must rethink how they prepare their workforce for modern attacks.
Dune Security and Abstract Security Partner to Deliver Real-Time Detection and Automated Risk Reduction
Modern attacks often reveal themselves through subtle technical events that most tools miss until it is too late. Dune Security and Abstract Security now bring real-time detection and automated risk remediation into a single defense strategy.
How Social Engineering Exploits Human Behavior in Enterprises
Learn how social engineering weaponizes human behavior and organizational trust, turning routine business processes into costly avenues for enterprise compromise.
Closing Out Cybersecurity Awareness Month: 5 Key Takeaways in the Fight for User Resilience
October may be over, but the fight for user resilience continues – see how Dune helped turn awareness into action this Cybersecurity Awareness Month.
Dune Security and Reality Defender Team Up at Cooley LLP to Tackle the Rise of Deepfake and Synthetic Media Threats
Deepfakes have emerged as one of the most pressing enterprise threats, capable of eroding trust and triggering costly decisions in seconds. Dune Security and Reality Defender gathered industry leaders at Cooley LLP to explore how organizations can keep up with today’s most advanced threats at scale.
Dune Security Launches Resource Calendar to Help Teams Fight Back This Cybersecurity Awareness Month
Cybercriminals are training every day – but this October, we’re hitting back harder. Our new Resource Calendar helps security teams meaningfully engage employees, strengthen culture, and build resilience all month long.
Dune Security Joins the National Cybersecurity Alliance to Champion Cybersecurity Awareness Month
Dune Security has joined forces with the National Cybersecurity Alliance to champion Cybersecurity Awareness Month. Together, we’re working to strengthen the human layer of cybersecurity and equip employees to stay safe online against modern threats.
Dune Security Takes Over Times Square
In less than three years, Dune Security has grown from an idea into a platform trusted by Fortune 1,000 enterprises. Our Times Square milestone celebrates that journey and our mission to stop insider threats and social engineering at scale.
Dune Security and Reality Defender Partner to Stop AI-Generated Media Threats Targeting Enterprises
Deepfakes and AI-generated attacks are targeting employees faster than legacy tools can keep up. Dune Security and Reality Defender are partnering to deliver layered protection against these threats, combining real-time detection with user layer intelligence.
Dune Security Is Now Available on AWS Marketplace
Dune Security is now available on AWS Marketplace, allowing enterprises to deploy User Adaptive Risk Management through AWS for faster protection against social engineering and insider threats.
Lateral Movement: How Attackers Expand Access After Initial Compromise
Lateral movement turns a single compromise into an enterprise-wide breach. Learn how attackers spread, why it evades detection, and how CISOs can contain it.
%25202.png)
What Is Vishing? How Voice Phishing Works and How to Stop It
Vishing attacks use voice-based social engineering to bypass traditional defenses. Learn how attackers exploit urgency, trust, and AI-generated audio to trigger breaches – and what enterprises must do to stop them.
Third-Party Access Is the New Insider Threat
Third-party breaches now drive 30% of incidents. Learn how attackers use valid vendor credentials to move undetected, escalate access, and operate like insiders inside your network.
.jpeg)
BEC Has Already Cost $55 Billion and AI Is Making It Worse
Business Email Compromise has already caused over $55 billion in losses. Now AI is scaling these attacks with deepfakes, voice clones, and urgent pretexts. Learn how modern BEC works and what CISOs can do to stop it.
How Ghost Students Are Exploiting College Enrollment Systems to Steal Federal Aid
Criminal fraud rings are targeting college aid systems with fake student identities. These scams use automation, identity theft, and AI to steal financial aid, lock out real students, and overwhelm public institutions. Here’s how it works and what security leaders in higher ed need to know.
How Employee Fatigue Drives Human Error in Cybersecurity
Employee fatigue fuels human error and cybersecurity breaches by creating behavioral blind spots attackers exploit through social engineering and cognitive overload. Replace static awareness training with adaptive, real-time protection built for enterprise-scale risk.
ChatGPT in the Wrong Hands: How AI is Being Used in Cybercrime
Generative AI is reshaping enterprise cybersecurity by targeting trust, behavior, and user access. Learn how AI-powered threats bypass static defenses and what CISOs must do to protect the human layer.
.avif)
Quishing Explained: How QR Code Phishing Bypasses Enterprise Defenses
Quishing is a growing phishing threat that uses malicious QR codes to bypass enterprise defenses. Learn how it works and why traditional tools fall short.
Why Traditional Security Awareness Training Can’t Stop Phishing 3.0
Phishing 3.0 weaponizes human error across email, SMS, voice, and apps. Learn how attackers use AI-driven deception to bypass static defenses and how your team can respond in real time.
.avif)
.avif)
%202.avif)
Buying vs. Building Compliance Automation Tools
GRC leaders from Hershey, Coveo, and GitLab on the trade-offs of buying vs. building compliance automation across cost, audit defensibility, integration depth, and where AI changes the math.
.avif)
Columbus Blue Jackets vs. Carolina Hurricanes Suite
Dune Security, Cyberhaven, Defy Security, and SpyCloud hosted an exclusive suite experience at Nationwide Arena, where guests enjoyed the Columbus Blue Jackets vs. Carolina Hurricanes game alongside networking, food, and drinks.
.avif)
.avif)
.avif)
.avif)
.avif)
Defining User Risk: A Leadership Roundtable with Women Shaping Cybersecurity
Senior women cybersecurity leaders joined us at Dune Security’s HQ in NYC for an invitation-only roundtable on defining, measuring, and prioritizing user risk across the enterprise, hosted by Dune Security and Cysurance.
User Risk in Cybersecurity: Exploring the Primary Driver of Modern Breaches
Margarita Rivera (Global CISO, Carnival Corporation) and Upasana Tripathi (Head of GRC, Verily) on how User Risk has evolved from phishing clicks to identity, access, behavior, and out-of-bound attacks spanning humans and AI agents.
Making Cyber Risk Board-Ready: How Security Leaders Win the Boardroom
Chris Glanden (Ashley Furniture), Charles Nwatu (formerly Netflix), and Keith Schlosser (Dune Security) on translating cyber risk into board-level decisions that earn trust, investment, and governance wins.
Redefining the GRC Function: Leading the Shift Beyond Checkbox Security Training
GRC leaders from UVM Health, Koch, and Tetra Tech on why security awareness training was built for compliance, not resilience – and how to close that gap.
GuidePoint Mid-Atlantic Pinehurst Golf Outing
Dune Security was proud to sponsor and attend GuidePoint Security’s Pinehurst Golf Outing, an exclusive two-day event that brought together security executives and technology partners for high-value networking, collaboration, and competition.
National Cybersecurity Alliance Cybersecurity Summit at NYSE
Dune Security is proud to sponsor the National Cybersecurity Alliance Cybersecurity Summit at the New York Stock Exchange, bringing together leaders from government, industry, and academia to shape the future of digital defense.
Cyber Happy Hour & Panel: Deepfake + Synthetic Media
Hosted by Dune Security and Reality Defender, this NYC event brought together CISOs and security leaders for cocktails, networking, and an expert panel on the enterprise risks of AI-generated deepfakes and synthetic media.
.avif)
.avif)
.avif)
Securing Financial Services
Marco Maiurano (First Citizens Bank), Darrell Bateman (City Bank), and Marcos Marrero (H.I.G. Capital) on defending banks and investment firms against APTs, AI-enabled phishing, and supply chain risk.
Securing Healthcare
Hussein Syed (RWJBarnabas Health) and Patrick Felin (UCSF) on defending clinical operations and patient data from ransomware, MFA fatigue, and AI-driven social engineering without disrupting care delivery.
The Future of Social Engineering
CISOs from NTT DATA North America, Zscaler, and Paychex on how generative AI has stripped phishing of its old red flags, why attacks have expanded to voice, WhatsApp, and deepfakes, and what effective cyber defense requires.
Why $50 Bribes Are Breaching Enterprises
Dune Security CTO Michael Waite joins the Cyber Security Matters podcast to discuss how AI-driven social engineering is evolving, why legacy security awareness training no longer works, and how behavior-based risk quantification can better protect users from emerging threats.
The User Is Still the Weakest Link - Now What?
Dune Security CEO David DellaPelle joins Secure Insights to break down why user risk drives breaches, how AI is accelerating social engineering, and why legacy awareness models are no longer effective.
Dune Security's Revolutionary Approach: AI and Cybersecurity
Dune Security CEO David DellaPelle joins the Cyber Security America podcast to explain how AI-driven social engineering is outpacing traditional security awareness training and why organizations need a behavior-driven approach to identifying and reducing user risk.
Transforming Cybersecurity Awareness Training
Dune Security CTO Michael Waite joins Security by Default to break down how AI-boosted social engineering and identity-based deception are transforming enterprise user risk.
The Flight Delay That Launched A Cybersecurity Rocketship - Dune Security
Dune Security CEO David DellaPelle joins CyberBytes to discuss AI-driven social engineering, insider threats, and how user-layer intelligence is reshaping cyber defense.
Cybersecurity Training Gets Personal: The Dune Approach
Dune Security CEO David DellaPelle joins Wharton Tech Talks to discuss how AI and behavior-based intelligence are reshaping the future of enterprise cyber defense.
Deepfakes, DMs, and Deception: Dune Security on Human Cyber Risk
Dune Security’s CEO and SHI’s field CISO discuss how AI, multi-channel attacks, and user risk are transforming cybersecurity and how to adapt defenses effectively.
Why Security Awareness Training Fails with David DellaPelle
David DellaPelle, Co-Founder and CEO of Dune Security, joined The CyberVault Podcast to discuss why most security awareness programs fall short and what it takes to build a true human-first security culture.
.avif)
Raising $8M in Venture Capital as an early-stage Founder with David Dellapelle
Dune Security Co-Founder and CEO David DellaPelle joined the Inside the Round Podcast to share how Dune is tackling user risk and what it takes to build a modern cybersecurity company from the ground up.
.avif)
Exploring Scattered Spider Cloud Attacks
Tarun Ramesh, Senior Backend Engineer at Dune Security, joined The ITSM Practice Podcast to discuss how Scattered Spider and similar threat groups exploit cloud environments using advanced social engineering and defense strategies.
Tackling Social Engineering Prevention
David DellaPelle, Co-Founder and CEO of Dune Security, joined the Cyber Security Matters Podcast to discuss defending against social engineering, the rise of deepfakes, and his journey as a cybersecurity entrepreneur.
The Billion-Dollar Value of Cybersecurity Startups
David DellaPelle, CEO of Dune Security, joined The Hustle Daily Show to discuss the billion-dollar value of cybersecurity startups, why the industry is booming, and how to break into it.
User Error in Cybersecurity: You're The Weak Link
David DellaPelle, Co-Founder and CEO of Dune Security, joined Alumni Ventures CEO Mike Collins to discuss how Dune is tackling one of the most common causes of cybersecurity breaches: employee error.
Securing Tomorrow: Dune Security's Mission with David DellaPelle
David DellaPelle, Co-Founder and CEO of Dune Security, joined the Security Architecture Podcast to discuss Dune’s mission to reduce attack surfaces, counter AI-powered social engineering, and build resilient security cultures.