Every module we make, free for everyone, forever
No account, no paywall, no seat count. Watch it, share it, reuse it under CC-BY-4.0. 34 modules across 9 categories, 25 with video.
AI & Modern Threats
The attack classes that generative AI made cheap and scalable in 2025 and 2026. This is where the real risk moved, and where the slowest training programs never caught up. Start here.
Deepfake Video-Meeting Fraud
Every colleague on the call can be a real-time fake. One firm lost 25 million dollars this way.
AI Voice-Clone Fraud
A 90-second clip is enough to clone an executive's voice and authorise an urgent payment by phone.
AI-Generated Phishing at Scale
Flawless, personalised lures generated by the thousand. The old spelling-mistake tell is gone.
LLM-Aided Social Engineering
Attackers use chatbots to research targets, draft pretexts, and improvise convincing conversations.
Prompt Injection for Employees
Hidden instructions in documents and emails can hijack the AI tools your staff now rely on.
Malicious OAuth and AI-Extension Consent
One click on a consent screen hands a rogue app or browser extension standing access to your data.
MFA Fatigue and Push-Bombing
Dozens of login prompts at 2am until someone taps approve just to make it stop.
Callback Phishing (TOAD)
An email with no link, just a phone number. The trap springs when you call to sort it out.
QR Phishing (Quishing)
A QR code on a poster, a parking meter, or an email jumps you straight to a fake login page.
Deepfakes: The Basics
What deepfakes are, how they are made, and why seeing is no longer believing. Start here.
Phishing
The classic and still the most common way in. Email, SMS, and the links that look almost right.
Spot a Phishing Email
The anatomy of a lure, and the three checks that catch most of them.
Smishing: Text-Message Scams
Delivery notices, bank alerts, and the link you should never tap on your phone.
Spear Phishing: When It Is Personal
Targeted lures built from your real details. Why they land, and how to slow down.
Passwords & Auth
Passkeys, multi-factor login, and why reuse is the single easiest mistake to fix.
Passkeys and Passwordless Login
The upgrade that makes most phishing pointless. What passkeys are and why to switch.
Password Managers in 5 Minutes
One strong secret instead of fifty weak ones. Set up done right.
Multi-Factor Done Right
Not all second factors are equal. Pick the ones attackers cannot phish.
Cloud & SaaS
Shared drives, third-party apps, and the access you grant without reading the screen.
Sharing Links Safely
"Anyone with the link" is a decision, not a default. Share without oversharing.
Third-Party App Access
Every app you connect can read your data. How to grant, review, and revoke.
Shadow IT: The Tools Nobody Approved
The handy app you signed up for might be leaking company data. Where the risk sits.
Compliance
The plain-language version of the rules: GDPR, data handling, and what actually matters day to day.
GDPR in Plain Language
Personal data, consent, and your day-to-day responsibilities, minus the legalese.
Handling Sensitive Data
What counts as sensitive, where it is allowed to live, and how to move it safely.
Clean Desk, Clean Screen
The low-tech habits that stop the most avoidable leaks.
Foundations
How attackers think, what they want, and the handful of habits that stop most of them.
How Attackers Think
Get inside the mindset. What they want, how they pick targets, and where they start.
What Is Malware, Really
Ransomware, spyware, and the rest, explained without the jargon.
Your Role in Security
You are not the weakest link. You are the sensor the attackers did not plan for.
Remote Work
Home networks, personal devices, and staying safe outside the office walls.
Home Network Basics
Your router is the front door. A few settings make it a good deal harder to open.
Public WiFi and VPNs
Coffee-shop networks, hotel logins, and when a VPN actually helps.
Personal Devices at Work
Mixing personal and work on one phone or laptop, done without the risk.
Incident Reporting
Spot it, say something, and never get blamed for a false alarm. Reporting fast is the win.
Report It Fast
The single highest-value habit. What to report, how, and why speed beats certainty.
What Happens After You Report
Follow the report through the security team so you know it was worth it.
You Clicked. Now What?
Mistakes happen. The calm, blame-free steps that limit the damage.
Social Engineering
People, not software, are the target. Pretexts, urgency, and the psychology attackers lean on.
Pretexting: The Convincing Story
How a believable backstory gets people to hand over what an attacker wants.
Tailgating and Physical Access
Holding the door open is polite. It is also how strangers get inside.
The Urgency Trap
Why pressure short-circuits good judgement, and how to buy yourself ten seconds.