https://vintriplabs.com/blog/ Vintrip Labs — applied cybersecurity research, phishing simulation, and human-risk programmes for enterprises across Asia-Pacific and beyond. en 2026-04-15 https://vintriplabs.com/blog/click-rate-isnt-enough.html https://vintriplabs.com/blog/click-rate-isnt-enough.html 2026-04-02 Why click-through on phishing simulations is the weakest signal you can track, and what to measure instead. Dr Priya Sundaram https://vintriplabs.com/blog/aitm-phishing-in-practice.html https://vintriplabs.com/blog/aitm-phishing-in-practice.html 2026-03-10 Token-stealing phishing kits are now commodity. What that means for your detection layer and how training has to adapt. Elena Costache https://vintriplabs.com/blog/quishing-as-the-new-default.html https://vintriplabs.com/blog/quishing-as-the-new-default.html 2026-02-18 QR-code phishing has moved from edge case to dominant initial vector in many engagements. The implications run beyond email security. Marcus Tan https://vintriplabs.com/blog/training-that-survives-year-two.html https://vintriplabs.com/blog/training-that-survives-year-two.html 2026-01-22 Most awareness programmes peak in year one and decline thereafter. Three structural changes that change the trajectory. Wei Hua Chen https://vintriplabs.com/blog/tabletop-exercises-that-actually-work.html https://vintriplabs.com/blog/tabletop-exercises-that-actually-work.html 2025-12-09 Most tabletops rehearse the technical investigation. The communications and decision flow — the hard parts — usually go unpracticed. Jian Wei Lim https://vintriplabs.com/blog/what-to-tell-the-board.html https://vintriplabs.com/blog/what-to-tell-the-board.html 2025-10-28 Board-level communication about awareness programme outcomes works when it is short, narrative-driven, and explicit about what to ignore. Dr Priya Sundaram