Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, …

Independent research shows that 91% of organizations have experienced outbound email security incidents in their Microsoft 365 environments. …

There's a beautiful moment happening right now, and by "beautiful" I mean "horrifying in that can't-look-away-from-the-car-crash sense”.

Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a …

People accidentally send emails to the wrong recipients every day. The impact of these incidents can be relatively minor if there is no …

AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI …

Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid …

Cybercriminals are abusing legitimate invoices and dispute notifications from popular services to send scam emails that bypass security …

There's a moment in every security professional's career when they realise the game has fundamentally changed. Mine came last Tuesday at 3:47 …

CyberheistNews Vol 16 #07  |   February 17th, 2026 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA …

North Korean hackers continue to target software developers via social engineering attacks, according to researchers at Recorded Future.

I am excited to announce my latest book, How AI and Quantum Impact Cyber Threats and Defenses: Shaping Your Cyber Defense Strategies.

Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice …

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing …

Valentine’s Day is usually a time for flowers and candlelight, but in recent years the digital dating landscape has shifted from a place of …

If you look back just a couple of years, the digital landscape looks almost unrecognizable. We’ve moved from AI being a cool new tool to it …

The first requirements set forth for the EU AI Act start this month (February). Luckily, this regulation starts with some of the easiest …

A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s …

We are very excited that 2025 broke all of our records for usage and quality ratings of our content on the platform! Our 2025 records were…

Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to …

Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms …

A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major …

In the relentless growth of the phishing landscape, technical advances like AI have made attack methods two-pronged. They target technical …

A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The …

CyberheistNews Vol 16 #05  |   February 3rd, 2026 [Heads Up] New “Fancy” QR Codes Are Making Quishing More Dangerous QR …

One of my first intentional “to-dos” this year has been spending time with the World Economic Forum’s Global Cybersecurity Outlook 2026, a …

With organizations collecting and storing massive amounts of personal data these days, much of which people share freely, we need to become …

Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports. QR code phishing (quishing) …

Forty percent of employees have never received cybersecurity training, according to a new report from Yubico. That number rises to nearly …

A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports. Threat actors are …

For those of you who are like me, when I first heard about the new EU AI Act, I had flashbacks to the implementation of the General Data …

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs recently examined a sophisticated …

While organizations invest heavily in stopping threats from entering their networks, a critical vulnerability often goes underprotected: …

A survey by the World Economic Forum (WEF) found that 47% of organizations cite the advancement of adversarial capabilities as their top …

Scammers stole an estimated $17 billion worth of cryptocurrency in 2025, according to a new report from Chainalysis.  Notably, the report …

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This …

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio.…

Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing…

WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations.

“Gave me good things to consider that I had not thought about as we move forward and AI becomes a part of our work processes!” …

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on …

“It was really good. I liked that it covered a lot of important subjects, focused on how to spot red flags, and used an AI deepfake …

Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts.

Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization.

The North Korean threat actor “Kimsuky” is using QR codes to trick users into installing malicious mobile apps, according to security …

In the early hours following reports of a U.S. military operation involving Venezuela, social media feeds were flooded with dramatic images …

Amazon has blocked more than 1,800 suspected North Korean applicants from joining the company since April 2024, TechRadar reports. Amazon’s …

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style …

Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox.

Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and …

Eighty-one percent of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise…

A popular phone call/voicemail scam (i.e., vishing) involves someone calling you, claiming to be law enforcement with a warrant for your …

Today, anyone can find a picture of absolutely anybody and it is also not difficult to find a sample of their voice. By combining these it is …

Lead analysts: Cameron Sweeney, Lucy Gee, Louis Tiley, James Dyer “Super-app” WeChat offers a wealth of functionality—from instant messaging, …

Mexico has taken a major step toward strengthening its digital defenses with the official unveiling of its first National Cybersecurity Plan, …

A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers …

Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid…

"Good information. Everyone who owns a computer should do this training across the country. It should be mandatory!” "Wow, I had no …

Deepfake attacks have become more compelling and realistic than ever before.

A friend of mine, John D., received this outreach on Threads (see below). At first, he thought it was the standard fake employer scam, but it …

"Good information. Everyone who owns a computer should do this training across the country. It should be mandatory!” "Wow, I had no …

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets …

Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks…

Threat actors are using the open-source phishing framework Evilginx to target universities across the United States, according to researchers …

ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” appears to be using social engineering attacks to target …

Researchers at Palo Alto Networks’ Unit 42 are tracking two new malicious AI tools, WormGPT 4 and KawaiiGPT, that allow threat actors to craft…

KnowBe4 is proud to announce that three of its leading security products — Security Awareness Training, PhishER/PhishER Plus and Compliance …

Sophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms,…

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke Since November 3, 2025, KnowBe4 Threat Labs has been monitoring …

A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers …

Following its launch in 2024, Gartner® has now published the second Magic Quadrant™ for Email Security —and KnowBe4 is delighted to once again…

Users should be particularly wary of holiday-themed scams over the next few weeks, according to researchers at Malwarebytes. “Mobile-first …

A large phishing campaign is using phony seasonal party invites to trick users into installing remote management and monitoring (RMM) tools, …

Here's a curious thing about people, sometimes we crave the familiar, and sometimes we demand the novel.

Think about your digital spaces. You’ve got your corporate email, which we all treat a bit like a high-security bank vault. We approach it …

The finance and banking sector across Europe, the Middle East, and Africa (EMEA) faces extraordinary cybersecurity challenges, according to …

In recent weeks, the UK government has announced the introduction of its new Cyber Security and Resilience Bill.

Lead analysts: Louis Tiley, Lucy Gee and James Dyer Between 1:48pm ET on October 29 and 6:53pm ET on October 30, 2025, KnowBe4 threat analysts…

A new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, …

Users and organizations should be prepared for a surge in phishing attacks over the next several weeks, as attackers take advantage of the …

Ransomware attacks spiked in October 2025, with more than 700 organizations sustaining attacks, according to a new report from Cyfirma.

Using the right tool for the job is always better. Anyone who does DIY projects around the home knows how using the right tool can …

A new phishing kit is impersonating the Italian IT and web services provider Aruba, according to researchers at Group-IB. The kit is designed …

Researchers at Zimperium are tracking a new malware-as-a-service platform designed to target Android phones with banking Trojans. The …

Organizations rely on KnowBe4 to educate millions of people each month on security awareness and compliance topics, and every October, during …

We’re thrilled to announce KnowBe4 Studios, uniting our world-class creative teams under one powerful brand for our Compliance Plus library. …

Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated …

Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social …

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has uncovered an emerging advanced phishing …

AI-fueled cyberattacks are increasingly targeting entities across Africa, according to Robert Lemos at Dark Reading. Lemos cites two recent …

Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing …

A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center.

We’re thrilled to announce KnowBe4 Studios, uniting our world-class creative teams under one powerful brand. Leveraging the latest AI …

I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!

A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s …

A study from Malwarebytes has found that one in three mobile users has been targeted by an extortion scam, and one in five of these users has …

Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI).

AI maturation is leading to more malicious hacking attacks.

Attackers can more easily introduce malicious data into AI models than previously thought, according to a new study from Antropic. Poisoned AI…

One of the biggest reasons why cybercrime is so bad — and is increasing each year —is that so much of it is committed by foreign nationals who…

Lead Analysts: Lucy Gee and James Dyer Cybercriminals want their payday. Unfortunately for the targets of phishing (and the organizations they…

76% of organizations are struggling to keep up with the sophistication of AI-powered attacks, according to CrowdStrike’s latest State of …

In the complex ecosystem of financial services, some of the greatest threats come from within. While cybersecurity for financial institutions …

The integration of artificial intelligence into the modern workplace represents a paradigm shift in productivity and innovation.

These days it can be hard to tell if something is or isn’t a scam.

Researchers at Bitdefender warn that scams are seeing a steady increase globally. Citing a recent report from the Global Anti-Scam Alliance …

It can happen to the best of us.  This story happened a decade ago, when I was working at a Fortune 10 company. “Smartest” is subjective, but …

In late September 2025, several European airports reported significant delays and flight cancellations due to disruptions with their check-in …

A phishing campaign is impersonating Google Careers to target job seekers, according to researchers at Sublime Security.

A phishing campaign is impersonating LastPass and Bitwarden with phony breach notifications, BleepingComputer reports.

In late September 2025, several European airports reported significant delays and flight cancellations due to issues with their check-in and …

Threat actors are abusing X’s generative AI bot Grok to spread phishing links, according to researchers at ESET. The attackers achieve this by…

In the high-stakes world of financial services, trust is the cornerstone of every client relationship. But here's the challenge that keeps …

Cybernews warns that threat actors will likely take advantage of the recent AWS outage to launch phishing attacks against affected users.

A new survey found that 50% of UK residents aged 16 to 34 cite deepfake nudes as their top worry related to AI technology, SecurityBrief …

Ransomware is the gift that keeps on giving… and taking.

Phishing was the initial access vector for 60% of cyberattacks across Europe between July 2024 and June 2025, according to the European Union …

I have been writing about the need to better train our programmers in secure coding practices for decades, most recently here and here.

Google’s Mandiant has published guidance on defending against an ongoing wave of social engineering attacks targeting organizations’ …

The financial services industry operates in one of the most heavily regulated environments in the business world. With sensitive client data …

A new report warns of a significant spike in SMS phishing (smishing) scams targeting younger Americans between 18 and 29 years old.

Job-related scams surged by more than one thousand percent between May and July 2025, according to new research from McAfee.

Deepfakes are easier to create than ever and are being used to attack organizations, families and individuals.

We’ve come a long way. We’ve deconstructed the problem, explored the complexity of humans, and laid out a strategic framework and a practical …

North Korea’s fraudulent IT worker schemes have expanded to target nearly every industry that hires remote employees, according to researchers…

The conversation about AI in cybersecurity is missing the point. While the industry has been focused on the emergence of AI-generated phishing…

OpenAI, the people behind ChatGPT, have launched an updated AI video- and audio-generation system with fascinating, and terrifying, …

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in…

Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan. 

The cybersecurity landscape is undergoing its most dramatic transformation since the dawn of the internet.

If you’re wondering what keeps business leaders up at night, the latest Aon Global Risk Management Survey has a clear answer: cyber attacks …

Microsoft warns that a recent phishing campaign used AI technology to obfuscate its payload and evade security filters.

A new report has found that nearly 40% of security leaders believe their organizations are least prepared for phishing and other social …

October marks Cybersecurity Awareness Month, a perfect reminder that while technology evolves, the greatest threat to organizations often …

Check out the September updates in Compliance Plus so you can stay on top of featured compliance training content.

Welcome back. We have our DEEP framework which was explored in the previous blog post, and discussed in depth in our most recent human risk …

A North Korean threat actor dubbed “DeceptiveDevelopment” is using various social engineering techniques to target job seekers, according to …

A survey by Gartner found that 62% of organizations have been hit by a deepfake attack in the past twelve months, Infosecurity Magazine …

Check out the 44 new pieces of training content added in September, alongside the always fresh content update highlights, new features and …

As cyber threats continue to evolve at breakneck speed, staying ahead of the curve isn't just important, it's essential.

At KnowBe4, everything we do is built on a foundation of innovation and trust. As we bring more artificial intelligence (AI) into our human …

The calendar has flipped into October, so now it’s time to let the Cybersecurity Awareness Month games begin!

In our previous blog post, we discussed the behavioral science behind why people click on malicious links.

Law firms really are under constant pressure to meet tight deadlines, maintain client confidentiality and protect privileged communications.

Welcome back. In our last blog post, we talked about the great divide between tech-focused and people-focused security.

Researchers at Varonis warn of a new phishing automation platform called “SpamGPT” that “combines the power of generative AI with a full suite…

Attackers are abusing AI-powered development platforms like Lovable, Netlify and Vercel to create and host captcha challenge websites as part …

Hackread reports that attackers are abusing Google’s AppSheet platform to send phishing emails.

Let’s be brutally honest. For years, our industry has been locked in a civil war. In one camp, the technologists have been building higher …

North Korean hackers behind the “Contagious Interview” campaign are using the ClickFix social engineering tactic to target job seekers with …

AI-assisted phishing attacks pose a significant and increasing threat to organizations, according to Matt Weidman, partner and vice president…

Protecting humans means protecting the tools humans use.

AI-powered social engineering attacks are significantly more successful than traditional attacks, according to a new report from cyber risk …

Attackers are abusing iCloud Calendar invites to send phishing messages that pose as PayPal notifications, BleepingComputer reports. Since the…

The FBI and the American Bankers Association (ABA) have issued a joint advisory warning of the growing threat posed by AI-generated deepfake …

One of the most common human risk management recommendations is for users to hover over URL links of unexpected messages to see if the …

The use of “shadow AI” is an increasing security risk within organizations, according to a new report from Netskope.

In essence, that is the disclosure and notification message that the open-source developer "qix" sent to the world when he was social …

The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, …

I occasionally get human risk management (HRM) administrators asking me to help them with ideas of “contests” to better educate their …

Researchers at Stripe warn of a wave of spear phishing attacks targeting C-suite employees and senior leadership across a wide range of …

Healthcare organizations need to be prepared for an increase in AI-assisted phishing attacks, according to Zack Martin, Senior Policy Advisor …

A super common voice phone call phishing scam (i.e., vishing) is when the scammer calls you and pretends to be a law enforcement official with…

Threat actors can now use AI tools to automate entire attack operations, according to a new report from Anthropic.

Many years ago, a friend of mine worked as a security director at a firm and had what they called an “audit box.” It was a pre-prepared box …

Check out the August updates in Compliance Plus so you can stay on top of featured compliance training content.

“The problem is much, much worse than most people acknowledge.” One of the biggest enduring mysteries for me in cybersecurity is why most …

Check out the 19 new pieces of training content added in August, alongside the always fresh content update highlights, new features and events.

Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across …

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering …

It’s that exhilarating time of year again! Summer is winding down, and the back-to-school season is in full swing—a truly fantastic time to …

Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at…

Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The …

You've probably seen them: enticing online offers for free products from brands you trust, like a Yeti beach chair from Costco or an emergency…

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The …

Attackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports.

Social engineering attacks are a growing threat to operational technology (OT) environments, Industrial Cyber reports.

In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to …

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120%surge in these …

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations …

The North Korean threat actor ScarCruft has incorporated ransomware into its arsenal, according to researchers at South Korean security firm …

Modern Security Operations Centers (SOCs) face a persistent challenge: managing threats across multiple security tools while maintaining operational…

In the never-ending battle against cyber villains, your users are on the front lines.

For any small- to medium-sized enterprise (SME), the cybersecurity landscape can be intimidating. You are informed of a variety of threats, …

For the sixth year in a row, we've been honored with the TrustRadius Tech Cares Award!

In a world so full of digital online scams, it’s hard to remember that scammers abuse our postal mailing systems as well.

The Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear…

As I reflect on KnowBe4's incredible journey, I'm filled with both pride for how far we've come and excitement for what’s ahead.

Check out the 36 new pieces of training content added in July, alongside the always fresh content update highlights, new features and events.

Check out the July updates in Compliance Plus so you can stay on top of featured compliance training content.

The FBI has issued an advisory warning that scammers are distributing QR code phishing (quishing) links via unsolicited packages sent by snail…

I hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a …

Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a …

In today's world, cyberattacks are a constant threat. While technical defenses are crucial, people often remain the easiest attack vector for …

A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at …

ClickFix attacks have been around for decades; only the name is new.

Attackers are using Microsoft Teams calls to trick users into installing the Matanbuchus malware loader, which frequently precedes ransomware …

There is no other way to say it clearer, social engineering is going to be a lot, lot worse soon and far more successful than it is today. And…

The FBI has issued an advisory warning that North Korean IT workers continue to seek fraudulent employment at Western companies.

Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector.

A global retail and wholesale company transformed their security posture after implementing KnowBe4's Phish Alert Button (PAB) and security …

Managing the security gap between your technical defenses and user behavior just got easier!

KnowBe4 is excited to announce that we have been recognized as an overall Customers’ Choice in the July 2025 Gartner Peer Insights Voice of …

Bob Fabien wrote on X: "While some are still paying over a grand for AI courses, the biggest players are giving away high-value resources at …

Ransomware attacks increased by 63% year-over-year in the second quarter of 2025, with a total of 276 publicly disclosed incidents, according …

Africa's cybersecurity landscape presents a paradox: a widespread belief in preparedness among organisations, although significant blind spots…

We’re excited to announce the addition of six new training modules from APIsec University, now available at the Diamond Level in KnowBe4’s …

I’ve been following ransomware since the first one, the AIDS Cop Trojan, was released in December 1989.

More than one in ten people who were targeted by job scams this year fell victim, according to a report from Resume.org.

Scammers are using over 17,000 phony news sites to push investment fraud, according to a new report from CTM360.

The US Federal Trade Commission (FTC) has issued an advisory warning of job scams that impersonate well-known companies with tempting …

We are working tirelessly on our AI First strategy to better protect both humans and their AI tools.

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter …

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate …

The US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and …

AI is going to allow better, faster, and more pervasive attacks.

Employees are expected to behave securely, and the definition of “securely” is often written down in a myriad of security policies. Yet, …

Author: Bex Bailey Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of…

In today's threat landscape, your employees represent both your greatest vulnerability and your strongest defense.

Check out the June updates in Compliance Plus so you can stay on top of featured compliance training content.

A new survey has found that 64% of C-Suite executives in cybersecurity or data center roles view data breaches and ransomware attacks as the …

Check out the 33 new pieces of training content added in June, alongside the always fresh content update highlights, new features and events.

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts.

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code.

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.

I recently had several conversations about repeat clickers. First with a Forrester analyst and then, shortly after, at KB4-CON Orlando …

I am used to repeating some pretty big numbers when talking about the financial impact of cybercrimes. When you look into the data, it is …

Can it be? Is it true? Two years of KnowBe4 Community!

AI-generated voice deepfakes present an urgent threat to organizations, according to researchers at Pindrop.

Lead Researchers: James Dyer and Louis Tiley Between May 5 and May 7, 2025, KnowBe4 Threat Lab identified a phishing campaign originating from…

In today's rapidly evolving threat landscape, cybercriminals are becoming increasingly sophisticated in their attack methodologies, …

Researchers at Google’s Mandiant have published a report on voice phishing (vishing) attacks, noting that these attacks have served as initial…

Researchers at Google have published a report on the latest scam trends, noting an increase in travel-themed scams targeting people preparing …

There are many things in our lives we must prepare for to be ready. For other things, we wing it, or we're not prepared to deal with it at the…

What is AI really? Throughout this article, I will remove the hype and get to the most honest answer ever.

Researchers at Socure warn of an ongoing wave of employment fraud driven by North Korean IT operatives attempting to secure positions at …

Picture this: it's 2021. You're an IT professional, scrolling through LinkedIn, when a message pings. "Bastion Secure," a new cybersecurity …

Reducing human risk in cybersecurity requires a human-first approach that relies on effective training and practice for people to gain …

OpenAI has published a report looking at AI-enabled malicious activity, noting that threat actors are increasingly using AI tools to assist in…

We’re proud to share that KnowBe4 has once again been recognized as a leader in cybersecurity, receiving multiple 2025 TrustRadius Top Rated …

Researchers at Trellix warn of a spear-phishing campaign that’s targeting CFOs around the world with phony employment offers.

A criminal threat actor tracked as “UNC6040” is using voice phishing (vishing) attacks to compromise organizations’ Salesforce instances, …

When it comes to cybersecurity, organizations face an ever-present and often underestimated threat: human risk.

A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish).

A phishing campaign is targeting European countries with lures themed around copyright infringement, researchers at Cybereason warn.

The FBI is warning that the Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing …

Last year, KnowBe4's report "Exponential Growth in Cyber Attacks Against Higher Education Institutions" illustrated the growing cyber threats …

Researchers at Certo warn that a new AI chatbot called “Venice[.]ai” can allow cybercriminals to easily generate phishing messages or malware …

Check out the May updates in Compliance Plus so you can stay on top of featured compliance training content.

You know what's interesting about data breaches? Everyone focuses on credit card numbers and financial data, but the reality is that every …

Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the …

Check out the 25 new pieces of training content added in May, alongside the always fresh content update highlights, new features and events. 

Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, …

The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One.

The FBI is warning that threat actors are impersonating senior US officials in phishing attacks designed to compromise users’ accounts.

Human risk management involves more than security awareness training, but training is a huge part of the mix.

I was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out …

Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a …

Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other…

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US.

I got this Coinbase-related scam in my personal inbox last week.

Commodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET.

Agentic AI-enabled ransomware is not here yet, but likely will be very soon. I am talking this year or by 2026.

Business email compromise (BEC) attacks and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, according to a new…

When it comes to artificial intelligence (AI) and human risk management (HRM), not all AI is created equal.

Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise …

Cybersecurity professionals face an increasingly aggressive phishing threat landscape, and the 2025 KnowBe4 Phishing By Industry Benchmarking …

KnowBe4 ThreatLabs has identified and analyzed a sophisticated cross-platform phishing campaign that utilizes Telegram as its primary …

Just because you’re using a passkey doesn’t mean your password is gone.

Researchers at Cisco Talos warn that major phishing kits continue to incorporate features that allow them to bypass multi-factor …

Phishing was the initial access vector in 50% of attacks during the first quarter of 2025, according to a new report from Cisco Talos.

Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into …

Check out the April updates in Compliance Plus so you can stay on top of featured compliance training content.

Check out the 21 new pieces of training content added in April, alongside the always fresh content update highlights, new features and events. 

To our valued KnowBe4 customers, partners, and community. I wanted to share some exciting developments happening at KnowBe4.

Recently, I covered a T-Mobile scam where a friend of mine narrowly avoided losing money. In that scam, the attackers called up pretending to …

Email is still the most common attack vector for cyber threats, according to a new report from Barracuda.

Cyberwire wrote: "WIRED has published a report on North Korea's efforts to obtain remote IT positions at foreign companies, noting that these …

Researchers at INKY warn that criminals are impersonating the US Department of Homeland Security to launch phishing scams.

A friend of mine got a call on his phone and he regrettably picked it up. The number was 267-332-3644. The area code is from Bucks County, PA,…

The number of infostealers delivered via phishing emails increased by 84% last year, according to a new report from IBM’s X-Force researchers.…

Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing,"…

Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point.

Do your users love The Inside Man? See more of beloved character AJ, now in SecurityCoach!

We're thrilled to announce the launch of KnowBe4 Academy—a comprehensive learning ecosystem designed specifically for security administrators,…

A social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to…

A new report from Valimail has found that 50% of organizations lack effective protection against email spoofing.

Recently, I received an email at work from a company with whom I've had previous interactions. The email lacked context and contained an …

According to our independent survey of individuals across the UK, USA, Netherlands, France, Denmark, Sweden, the DACH region, and Africa who …

A new report from Sophos found that ransomware attacks accounted for over 90% of incident response cases involving medium-sized businesses in …

Have you ever walked down a street with broken windows, burnt out cars, graffiti and felt a bit uneasy? There's a reason for that, and it's …

Cybercriminals are increasingly using AI tools to assist in malicious activities, according to Microsoft’s latest Cyber Signals report.

The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, …

Resecurity warns that a China-based cybercriminal gang dubbed the “Smishing Triad” is launching a wave of road toll-themed SMS phishing …

Right now, today, thousands of people are being tricked into going to their banks or credit unions to withdraw large sums of cash and will …

Most organizations cite low security awareness among employees as the biggest barrier to defending against cyberattacks, according to a new …

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025?…

In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk. Despite significant …

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns.

Phishing was the most prevalent and disruptive type of attack experienced by UK organizations over the past twelve months, according to the …

America's critical infrastructure faces an unprecedented threat, and it's already installed in hundreds of locations across the nation.

Cybercriminals are capitalizing on tax season by launching phishing campaigns targeting QuickBooksusers, Malwarebytes reports.

Reliable energy is the backbone of any modern society. It powers our homes, industries, and economies. But what happens when this essential …

Cybercriminals are quick to exploit seasonal events — and tax season is no exception. It’s a yearly honeypot for cybercriminals, who take …

Disclaimer: Don't get me wrong, I love using generative AI daily for research and writing. This is about how other users could be using it …

Illumio’s recent Global Cost of Ransomware Study found that 64% of Australian companies hit by ransomware had to shut down operations as a …

On March 6, I had the opportunity to speak and provide testimony at the SEC Investor Advisory Committee’s panel on Retail Investor Fraud in …

With this week being Identity Management Day on April 8th, it's the perfect reminder for organizations to focus on protecting their employees'…

The Russian threat actor Gamaredon is targeting Ukrainians with spear-phishing documents related to troop movements, according to researchers …

North Korea’s fraudulent employment operations have expanded to hit countries around the world, with a particular focus on Europe, according …

When it comes to secure email gateways (SEGs), the narrative is quite simple. For years, organizations have relied on SEGs as the foundation …

Check out the March updates in Compliance Plus so you can stay on top of featured compliance training content.

A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at …

Steam was the most impersonated brand in phishing attacks during the first quarter of 2025, according to a new report from Guardio. The …

Check out the 58 new pieces of training content added in March, alongside the always fresh content update highlights, new features and events. 

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field …

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42.

Internet memes and viral content have become a universal language of online culture. They're easily shareable, often humorous, and can spread …

It seems like only yesterday that we launched the Compliance Plus training library as a result of customers asking us to address their needs …

The Network and Information Systems Directive 2022 (NIS2) was designed to strengthen the cybersecurity resilience of critical infrastructure …

As of January 17, 2025, the Digital Operational Resilience Act (DORA) came into force across all European Union member states, with the …

99% of phishing emails that reached inboxes last year did not contain malware, according to a new report from Fortra.

INKY has published its annual report on email security, finding that phishing accounted for 30% of all reported cybercrimes last year.

A KnowBe4 Threat Lab PublicationAuthors: By James Dyer, Threat Intelligence Lead at KnowBe4 and Lucy Gee, Cybersecurity Threat Researcher at …

The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according …

We recently conducted research in Denmark and Sweden to understand security culture in local organizations better.

Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at …

In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and …

Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps.

Our latest Phishing Threat Trends Report explores the evolving phishing landscape in 2025, from renewed tactics to emerging attack techniques.

There are thousands of people worldwide trying to scam you, hoping they can make you a victim, steal your money, and harm you in some way. …

Threat actors are abusing Microsoft’s infrastructure to launch phishing attacks that can bypass security measures, according to researchers at…

Business email compromise (BEC) attacks rose 13% last month, with the average requested wire transfer increasing to $39,315, according to a …

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity and the eventual emergence of malicious agentic …

Our recent research reveals a concerning discrepancy between employees' confidence in their ability to identify social engineering attempts …

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at …

A KnowBe4 Threat Lab publicationAuthors: Martin Kraemer, Jeewan Singh Jalal, Anand Bodke, and James Dyer EXECUTIVE SUMMARY: We observed a 98% …

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical …

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that …

A KnowBe4 Threat Labs PublicationAuthors: James Dyer and Cameron Sweeney The KnowBe4 Threat Research team has observed a sustained increase in…

Artificial Intelligence (AI) is no longer just a tool—it is a game changer in our lives, our work as well as in both cybersecurity and …

Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal …

The U.S. Justice Department has charged ten Chinese nationals for acting as hackers-for-hire for the Chinese government.

In the realm of cybersecurity, perception often diverges from reality. A common misconception is that nation-state cybercriminals primarily …

I’ve been in the cybersecurity industry for over 36 years. Surprisingly, hackers and malware haven't changed all that much.

Check out the February updates in Compliance Plus so you can stay on top of featured compliance training content.

Check out the 58 new pieces of training content added in February, alongside the always fresh content update highlights, new features and …

Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated …

Ever since OpenAI publicly released ChatGPT in late 2022, people have been predicting the end of programmers.

A KnowBe4 Threat Lab PublicationAuthors: Martin Kraemer, James Dyer, and Lucy Gee Much like sending a phishing email from a compromised …

The European Union's AI Act is ushering in a new era of workplace requirements, with AI literacy taking center stage. Under Article 4, …

A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up.

Researchers at Juniper Threat Labs warn that phishing attacks are utilizing a new obfuscation technique to hide malicious JavaScript.

Recently, Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, Lecturer in Cybersecurity at King’s College …

If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming …

A KnowBe4 Threat Lab PublicationAuthors: Jeewan Singh Jalal, Anand Bodke, Daniel Netto and Martin Kraemer

We are very excited to announce the addition of audiocasts, a new content type now available in the ModStore to help strengthen your security …

ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic…

Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security …

KnowBe4 has been recognized in G2’s 2025 Best Software Awards, earning the top spot as the #1 Security Product and ranking #2 Overall Software…

A Chinese government-backed hacking group is using fake medical software to compromise hospital patients' computers, infecting them with …

Researchers at ReliaQuest have published a report on a phishing breach in the manufacturing sector that went from initial access to lateral …

It's no surprise that 18–29-year-olds are turning to social media for cybersecurity information. As digital natives, this age group naturally …

Several Russian state-sponsored threat actors are using QR code phishing (quishing) to compromise Signal accounts, according to researchers at…

You would think with all the global press we have received because of our public announcement of how we mistakenly hired a North Korean fake …

Researchers at Cyble warn that a phishing kit is abusing the Open Graph (OG) protocol to target social media users.

Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis.

Spear phishing was the top cybersecurity threat to the manufacturing sector over the past six months, according to a report from ReliaQuest. …

At KnowBe4, we constantly strive to stay ahead of emerging threats and create training content to warn users about the latest tactics used by …

Several Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 …

Authors: Martin Kraemer, Security Awareness Advocate at KnowBe4 and James Dyer, Threat Intelligence Lead at KnowBe4 This Valentine’s Day, …

Data theft extortion attacks increased by 46% in the fourth quarter of 2024, according to a new report from Nuspire.

I'm doing a quick poll because I find myself exactly where Sam is. But I would love to understand how that is for us IT pros here. Hence.. a …

SentinelOne warns that a phishing campaign is targeting high-profile X accounts, including those belonging to US political figures, leading …

Check Point warns that a large-scale phishing campaign is targeting Facebook accounts with phony copyright infringement notices.

2024 saw the highest-ever amount of ransomware attacks, according to a new report from NCC Group.

Dr. Martin J. Kraemer discusses learning from The Word Economics Forum Cybersecurity Outlook 2025 report Last year, the British multinational …

In the bustling world of 1960s Madison Avenue, a young advertising executive named Lester Wunderman was about to revolutionize the industry. …

Scammers are taking advantage of the newfound popularity of the China-based AI app DeepSeek, according to researchers at ESET.

A KnowBe4 Threat Lab publicationAuthors: Daniel Netto, Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer

The rise of agentic AI tools will transform the cybercrime landscape, according to a new report from Malwarebytes.

Recently, I started working with my children's school to enhance their online safety measures and develop a digital mindfulness course in …

Nearly half (46%) of businesses observed an increase in deepfakes and generative AI-related fraud last year, a new report from AuthenticID has…

Researchers at Cisco Talos warn that a new phishing campaign is targeting users in Germany and Poland in an attempt to deliver several strains…

Check out the January updates in Compliance Plus so you can stay on top of featured compliance training content.

Check out the 25 new pieces of training content added in January, alongside the always fresh content update highlights, new features and …

Researchers at Zimperium warn that a large phishing campaign is impersonating the US Postal Service (USPS) to target mobile devices with …

Our recent Africa Cybersecurity Awareness survey has revealed a startling surge in cybersecurity concerns among African users, with 58% of …

A KnowBe4 Threat Lab PublicationAuthors: Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer

Microsoft, Apple, and Google were the most commonly impersonated brands in phishing attacks last quarter, according to researchers at Check …

Deepfakes are no longer just the stuff of sci-fi thrillers—they’re here, and they’re deceptively good. From celebrity endorsements to …

AI is advancing at lightning speed, but it’s also raising some big questions, especially when it comes to security. The latest AI making …

Drivers across the U.S. are being bombarded with fraudulent text messages claiming to come from toll operators like E-ZPass.

73% of educational institutions in the UK have sustained at least one cyberattack or breach in the past five years, according to researchers …

Phishing attacks are the most common security issue for smartphone users, according to a new study by Omdia.

A new survey by cybersecurity vendor Netwrix found that 84% of healthcare organizations spotted a cyberattack in the past twelve months, with …

Human risk management (HRM) is now the primary approach to addressing the ongoing need for strong security cultures in organizations of all …

The Russian threat actor “Star Blizzard” has launched a spear-phishing campaign attempting to compromise WhatsApp accounts, according to …

Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses …

Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at …

An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against …

Interpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such …

Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software…

Check out the December updates in Compliance Plus so you can stay on top of featured compliance training content.

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim …

I have helped people detect romance scams for decades. It is still very common for romance scammers to leverage both pictures of celebrities …

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner® Magic Quadrant for Email Security …

Check out the 52 new pieces of training content added in December, alongside the always fresh content update highlights, new features and …

Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor …

The UK government decided to wage war on explicit deepfakes. About time, right? But before we start celebrating, let's take a closer look.

A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. …

Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial …

Kim S. Nash, the Deputy Bureau Chief at the Wall Street Journal who owns the cybersecurity beat wrote in her newsletter today: "Forget trade …

A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes.

Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext. Phishing attacks overall saw a 202%…

Securonix warns that tax-themed phishing emails are attempting to deliver malware via Microsoft Management Console (MSC) files.

The Federal Trade Commission (FTC) has issued an urgent warning about a surge in immigration scams targeting immigrants and their families on …

Trend Micro warns that the Russian state-sponsored threat actor Earth Koshchei (also known as “APT29” or “Cozy Bear”) is using spear phishing …

KnowBe4 is a big believer in focusing on decreasing human risk as the best way to decrease cybersecurity risk in most environments.

A threat actor is abusing HubSpot’s Free Form Builder service to craft credential-harvesting phishing pages, according to Palo Alto Networks’ …

There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post …

ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users.

Some of our customers are reporting “Threat Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to send email …

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media …

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The …

Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate …

The U.S. Justice Department revealed indictments against 14 North Korean nationals for their involvement in a long-running scheme designed to …

Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, …

A new report makes it clear that U.K. organizations need to do more security awareness training to ensure their employees don’t fall victim to…

A widespread phishing campaign is attempting to steal credentials from employees working at dozens of organizations around the world, …

Researchers at Zimperium warn that a phishing campaign is targeting Android phones to deliver the Antidot banking trojan.

For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not.

A new report from Hornetsecurity has found that 427.8 million emails received by businesses in 2024 contained malicious content.

Researchers at Silent Push warn that a phishing campaign is using malicious Google Ads to conduct payroll redirect scams.

New analysis of ransomware attacks shows that phishing is the primary delivery method and organizations need to offer more effective security …

Check out the November updates in Compliance Plus so you can stay on top of featured compliance training content.

In recent years, the world of cybersecurity has witnessed a concerning trend: a significant increase in phishing attacks.

The US Internal Revenue Service (IRS) has issued an advisory warning taxpayers to be on the lookout for holiday-themed shopping scams.

Frequently, when a cybersecurity training manager sends out a controversial simulated phishing attack message that angers a bunch of employees…

It is the holiday season. Think twinkling lights, the scent of pine, and cyber threats lurking in the shadows, waiting to pounce quicker than …

The US Federal Bureau of Investigation (FBI) warns that threat actors are increasingly using generative AI to increase the persuasiveness of …

Check out the 84 new pieces of training content added in November, alongside the always fresh content update highlights, events and new …

Scammers are abusing Google ads to target users searching for help with printer problems, according to researchers at Malwarebytes.

The latest data on brand phishing trends shows one brand dominating quarter over quarter, but also continuing to take on a larger share of the…

It’s been several weeks since the exciting premiere of The Inside Man - Season 6 in St. Petersburg, Fl. If you missed my post, I talked about …

Researchers at Trend Micro warn that the China-aligned threat actor Earth Kasha has launched a new spear phishing campaign targeting …

Cybercriminals are constantly evolving their tactics to exploit our vulnerabilities. A recent phishing campaign has taken this to a new low, …

Technological advances in artificial intelligence (AI) are only making the ongoing problem of social engineering worse.

Researchers at McAfee warn of a surge in malicious loan apps targeting Android users across South America, Southern Asia, and Africa.

A new survey of hackers shows that AI is not only empowering hackers to be more effective, but that AI itself is “ripe for exploitation.”

We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend …

Three out of four Black Friday-themed spam emails are scams, according to researchers at Bitdefender. Most of these scams are targeting users …

You do not want to miss this one! You can now see our AI Defense Agents (AIDA) live in a demo, now that they are released. Customers can now …

Researchers at EclecticIQ warn that the financially motivated Chinese threat actor “SilkSpecter” has launched a phishing campaign targeting …

Analysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated.

Phishing emails are increasingly using Scalable Vector Graphics (SVG) attachments to display malicious forms or deliver malware, …

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT.

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, …

The Association of Certified Fraud Examiners (ACFE) recently released a report Occupational Fraud 2024: A Report to the Nations, where they …

A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, …

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques …

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great …

As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing …

The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland …

Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest…

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions,"…

KnowBe4, the leading platform for security awareness training, is excited to bring the award-winning original series, "The Inside Man,” back …

Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception …

New data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom.

We’re thrilled to announce the long-awaited sixth season of the award-winning KnowBe4 Original Series - “The Inside Man” is now available in …

In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has …

Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications …

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique.

Learn how to step-by-step create your first realistic deepfake video in a few minutes.

Isn’t it typical for bad actors to strike when we’re distracted and busy during this time of year?

Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search …

Cybercriminals are using artificial intelligence (AI) and generative AI in open source intelligence (OSINT) activities to target your …

The latest trend in cybercrime is that attackers don't really focus on “hacking” in; they’re logging in.

Cybercriminals are impersonating OpenAI in a widespread phishing campaign designed to trick users into handing over financial information. The…

As society grapples with the rapid advancement of AI and synthetic media, we've been asking the wrong question. The focus on whether content …

Threat actors are abusing DocuSign’s API to send phony invoices that appear “strikingly authentic,” according to researchers at Wallarm.

Tick tock, the countdown is on! KB4-CON APJ starts in just 10 days, and you still have time to register!

ReliaQuest warns that the BlackBasta ransomware gang is using new social engineering tactics to obtain initial access within corporate networks.

Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks …

When you think of KnowBe4, you might immediately picture phishing simulations, password security modules, or other security awareness training…

Over a decade ago, I noticed that social engineering was the primary cause for all malicious hacking. It has been that way since the beginning…

Check out the October updates in Compliance Plus so you can stay on top of featured compliance training content.

In the ever-evolving landscape of cybersecurity threats, we've recently encountered a sophisticated phishing attempt targeting one of our …

Cybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else)…

Chief Information Security Officers (CISOs) are facing unprecedented challenges. The combination of increasingly sophisticated cyber threats, …

Threat actors are targeting people who have recently lost their jobs with employment scams on LinkedIn, according to researchers at …

Check out the 60 new pieces of training content added in October, alongside the always fresh content update highlights, events and new features.

Sophos describes a QR code phishing (quishing) campaign that targeted its employees in an attempt to steal information.

As generative AI evolves and becomes a mainstream part of cyber attacks, new data reveals that deepfakes are leading the way.

Halloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to…

Analysis of phishing emails in the second quarter of this year paints a picture of what security teams and vigilant recipients should expect …

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos.

Cybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext.

A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise …

Despite the belief that today’s SOC should be doing the lion’s share of protecting an organization, new data shows reliance on more than just …

European Organizations Can't Afford to Wait: Critical Cybersecurity Threats Demand Immediate Action

A recent analysis of the ransomware group Meow raises the notion that groups are evolving from using encryption as a tactic to more profitable…

Researchers at Trustwave observed a 140% increase in callback phishing attacks between July and September 2024. Callback phishing is a social …

Action Fraud, the UK’s national fraud and cyber crime reporting service, warns that more than 33,000 people have reported that their online …

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same …

It's October 10th, 2024, and I've just stepped out of KB4-CON EMEA, my head buzzing with insights and my notebook filled with scribbles. I …

With 16+ billion mobile devices in use worldwide, new data sheds light on how cyber attackers are shifting focus and tactics to put attacks …

New York City's iconic Barnes & Noble on 5th Avenue recently featured the newly released books of two of KnowBe4's leading cybersecurity …

KnowBe4 was asked what changes were made in the hiring process after the North Korean (DPRK) fake IT worker discovery. Here is the summary and…

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme.

Microsoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to …

In a shocking turn of events, an unnamed company based in the UK has fallen victim to a sophisticated cyber attack after inadvertently hiring …

AI is quickly becoming the basis for more cyber attacks, leading organizations to realize the risk it presents. A new report now shows that …

OpenAI has disclosed that its employees were targeted by spear-phishing attacks launched by a suspected Chinese state-sponsored threat actor.

New research shows that less malicious emails are getting past security scanners to the inbox, but also provides details about how phishing …

A North Korean threat actor is launching social engineering attacks against job seekers in the tech industry, according to researchers at Palo…

We are excited to announce that KnowBe4 has been named a leader in the Fall 2024 G2 Grid Report for Security Orchestration, Automation, and …

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) …

It was a Saturday morning, and I had grand plans. By "grand plans," I mean sitting on the sofa, watching reruns of "The IT Crowd," and …

As ransomware becomes more pervasive, new data provides insight into how well organizations are responding and the attack vector being used …

Depending on who you ask, between 70 and 90 percent of cyber risk has human error as the root cause. That's why Human Risk Management (HRM) is…

A partnering of European and Latin American law enforcement agencies took down the group behind the mobile phone credential theft of 483,000 …

We live in a world where, despite the sharing of information online, we feel like those interactions will never reach home.  But a new scam – …

The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory …

Cybercriminals have found a new way of leveraging legitimate web services for malicious purposes, this time with the benefit of added …

As the recent hurricane Helene caused major damage and as hurricane Milton is expected to make landfall in Florida soon, deepfakes are …

Attackers continue to exploit URL rewriting to hide their phishing links from email security filters, according to researchers at Abnormal …

As remote work and connecting while traveling has become the norm, mobile device security responsibilities have also increased.

A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past …

During World War II, a group of brilliant minds led by Alan Turing gathered at Bletchley Park in England to crack the German Enigma code. This…

Organizations around the world are unknowingly recruiting and hiring fake employees and contractors from North Korea. These sophisticated …

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an …

New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in…

This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share…

A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial …

Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against …

The U.K.’s National Cyber Security Centre (NCSC) and the U.S. FBI have released an advisory warning of Iranian state-sponsored spear-phishing …

The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security …

When Walt Disney first unveiled the Magic Kingdom, he made a decision that would revolutionize theme park design - and inadvertently offer a …

In an era where technology continues to blur the lines between reality and fiction, a recent incident involving U.S. Senator Ben Cardin serves…

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to …

Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received …

In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a …

The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and …

Check out the September updates in Compliance Plus so you can stay on top of featured compliance training content.

Once upon a time, security awareness training resembled a never-ending game of Tetris. Threats cascaded down, demanding swift action and …

Netcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries.

Check out the 40 new pieces of training content added in September, alongside the always fresh content update highlights, events and new …

Artificial intelligence (AI) is revolutionizing most, if not all, industries worldwide. AI systems use complex algorithms and large datasets …

Researchers at ReliaQuest have published a report looking at cyber threats surrounding the upcoming US presidential election, warning that …

A new wave of concern has surfaced around the security of Automated Tank Gauges (ATGs), critical systems that monitor and manage liquid levels…

AI and AI-generated deepfakes are proving to be the most intriguing, and in some ways troubling, recent advances in technology.  

A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to …

Threat actors are abusing virtual shopping lists to trick Walmart customers into transferring money or disclosing personal information, …

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and…

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social …

Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques …

New analysis of blockchain activity shows scammers are needing less time to obtain crypto payments and are seeing higher payoffs per scam.

Researchers at Barracuda have observed an increase in phishing attacks that abuse popular content creation and collaboration platforms. These …

Analyst reports aim to provide market insights. But when it comes to Human Risk Management (HRM), we’ve noticed that they often fall short of …

We are halfway through our annual The Inside Man Biggest Fan Contest, and we already have some amazing entries! Encourage your users to get …

The U.S. Justice Department has indicted a Chinese national, Song Wu, for allegedly sending spear phishing emails to employees at various U.S.…

As a valued KnowBe4 customer and partner, we're thrilled to bring you exciting news about our upcoming KB4-CON EMEA 2024 in London.

Researchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews.

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has…

Statista projects that the total cost of cybercrime will increase from $6.4 trillion between 2024 and 2029, reaching a staggering $15.63 …

Phishing Attack Takes a Two-Step Approach to Leverage Legitimate Sites and Evade Detection. [4-Minute Survey] Share Your …

Mark Shepherd, the Inside Man, is on a mission.  

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are …

Business email compromise (BEC) attacks have caused more than $55 billion in losses between 2013 and 2023, according to an advisory from the …

Can you help me with your input? I'd love your thoughts about AI in InfoSec. This is a super short survey that asks about any AI tools you use…

Research from The Financial Ombudsman Service, a U.K. based organization dedicated to helping citizens with free financial advice, has found …

Researchers at Palo Alto Networks’ Unit 42 warn that attackers are using refresh entries in HTTP response headers to automatically redirect …

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers …

South Africa’s cybersecurity workforce shortage mirrors global trends, but also faces local factors like underinvestment in basic education, …

The Better Business Bureau (BBB) has observed a six-fold increase in losses from investment scams over the past three years. The BBB has …

In July 2024, KnowBe4 revealed that we had unknowingly hired a North Korean who was pretending to be someone else. We locked down the laptop …

Researchers at Malwarebytes warn of a surge in election-themed scams ahead of November’s presidential election in the US. These attacks can be…

Threat actors are opting for malicious links over attachments in email-based attacks because it gives them a critical advantage that many …

Analysis of a new phishing attack demonstrates how attackers may take a longer path to reach their malicious goals while staying “under the …

A new attack runs slow and steady, focused on compromising large manufacturing companies using contextual social engineering to trick victims …

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering …

The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at …

In cybersecurity, technology often takes center stage. From the latest AI-driven defenses to sophisticated encryption techniques, it's easy to…

A social engineering campaign is targeting entities in the Middle East using malware that impersonates Palo Alto Networks’ GlobalProtect VPN, …

Researchers at Palo Alto Networks’ Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news …

Check out the August updates in Compliance Plus so you can stay on top of featured compliance training content.

In a new low for cybercriminals, a new scam attempts to take advantage of those grieving the loss of a loved one, and charges their credit …

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human …

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway.

New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry.

Check out the 29 new pieces of training content added in August, alongside the always fresh content update highlights, events and new features.

Analysis of cryptocurrency payments made on the blockchain highlights shifts in the size and frequency of ransomware attacks and may paint a …

Researchers at Meta have published details on Iranian spear-phishing attacks targeting WhatsApp accounts. The activity is attributed to APT42,…

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with…

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the …

This blog was co-written by Perry Carpenter and Roger A. Grimes. As I sit in the 2024 Seattle Convene conference this week and listen to …

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a…

Can you believe it’s already back-to-school time for many? Where has the summer gone?

New research on email threats points to AI-based tools to assist in generating BEC content. And the overwhelming targeted role may or may not …

New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of …

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The …

As artificial intelligence (AI) technology advances, its influence on social media has become more and more pervasive and riddled with …

Researchers at Recorded Future’s Insikt Group warn that the Iranian state-sponsored threat actor “GreenCharlie” is launching spear phishing …

Analysis of a phishing campaign targeting thousands of government contractors, dubbed “Operation Uncle Sam,” takes advantage of some …

Threat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at …

As Europe is returning from summer breaks, it is time to reflect on the first half of 2024 and look forward to the rest of the year.

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly …

Highlights from a new survey focused on employee compliance reveals just how targeted and susceptible U.K. businesses are to phishing attempts.

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by …

Heads-up: I just proved that unsuspecting call recipients are super vulnerable to AI vishing

File-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security.

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access …

Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to …

Threat actors continue to target job seekers with phony employment offers on job search platforms like Indeed, researchers at Bitdefender warn.

DavidB, the KnowBe4 VP of Asia Pacific and Japan, recently experienced a sophisticated social engineering attack via WhatsApp.

For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award! This recognition is a testament to our unwavering …

Summer. The season of sun, sand, and romance scams. As the weather heats up, so does the activity of romance scammers, who prey on the …

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer …

Cyber risks abound, inside and out. Threats to your organization can come in many forms; from a suspicious email with a dodgy attachment to …

Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters.

Most people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial …

Excellent reporting by the Wall Street Journal! They wrote about a disturbing trend. "Amid a deluge of election news and memes on TikTok, WSJ …

In a startling revelation at Black Hat 2024, SafeBreach security researcher Alon Leviev demonstrated a critical vulnerability in Windows …

Just when we thought we had something special with our very own North Korean hacker, it turns out this type of fraud has made it to the …

A new phishing campaign is targeting Israeli organizations to deliver the RHADAMANTHYS information-stealing malware, Cyber Security News …

The financial repercussions of the May 2024 ransomware attack on the electronics manufacturing services firm Key Tronic underscores just how …

Your secret weapon to combat cyber threats might be just under your nose! Cybercriminals continue to exploit vulnerabilities while upping …

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order…

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker.

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator.

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social …

On August 6th, 2024, we celebrate National Social Engineering Day – a new national day established by KnowBe4 and officially recognized by …

When it comes to creating a strong cybersecurity culture, one of the most powerful tools we have at our disposal is the Phish Alert Button …

The use of the Microsoft brand in phishing attacks demonstrates both its widespread credibility as well as the continued success of attacks …

Analysis of current phishing attacks by security researchers have uncovered an increase in the use of trusted shortlink services.

Included among the U.S. prisoners being sent back to Russia in the swap are two prominent convicted hackers, both of whom were serving lengthy…

Researchers at Barracuda have found that smaller companies tend to receive a higher rate of phishing attacks spread across the organization, …

New analysis of Q2 2024 cyber attacks shows the number of attacks experienced weekly by organizations globally is on the rise.

We are excited to announce that KnowBe4 has been named a leader in the Summer 2024 G2 Grid Report for Security Orchestration, Automation, and …

Researchers at Bitdefender have found that half of all travel-themed spam emails contain scams.

New data shows that cyber attacks have resulted in double the number of data breaches in 2024 than throughout all of 2023.

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) …

New data on how the threat of AI in cyber crime is being seen as a growing risk provides insight into how organizations are shifting from …

A new cybercriminal group is selling “a sophisticated AI-powered phishing-as-a-service platform” that targets 36 Spanish banks, according to …

In the ever-evolving world of cybercrime, ransomware attacks continue to be a lucrative business for cybercriminals.

Researchers at Palo Alto Networks’s Unit 42 are tracking phishing attacks exploiting interest in generative AI tools. The researchers observed…

The Internet of Things (IoT) has slowly but surely weaved its way into our homes and places of work. From smart homes to industrial control …

Fortinet’s Threat Intelligence Report covering the Paris Olympics provides some very detailed coverage of how threat actors are taking …

Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro.

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to …

In this post, I'll share two fascinating hacking stories I've experienced: one involving a sophisticated scam that targeted a major U.S. …

Wow. Last week's blog post went viral, hitting major media outlets and receiving over 100K hits in just a few days. Most responses, coming …

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate.

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports.

Declared “dead” by the U.S. Attorney’s Office in 2023, the Russian cyber crime group Fin7 is impersonating some of the top global brands.

Check out the 26 new pieces of training content added in July, alongside the always fresh content update highlights, events and new features.

Check out the July updates in Compliance Plus so you can stay on top of featured compliance training content.

Frequently Asked Questions About KnowBe4's Fake IT Worker Blog   July 23, 2024, I wrote a blog post about how KnowBe4 …

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s …

Protecting your financial information has never been more crucial. With the rise of sophisticated scams, it's becoming increasingly difficult …

According to security researchers at Cisco Talos, emails impersonating legitimate officers at the Cyprus Securities and Exchange Commission …

Incident Report Summary: Insider Threat TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received …

Does the challenge of keeping up with cybersecurity trends sound familiar? You may have been told to update your antivirus software and hope …

Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports.

I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called "CEE". As…

New data puts the spotlight on the frequency and impact of modern ransomware attacks, highlighting the overconfidence organizations are …

Phishing is used to completely compromise the victim’s environment after other repeated methods failed.

Our friends at the CyberWire reported: "ZeroFox and Fortinet have both published reports on threats facing the 2024 Olympics in Paris. ZeroFox…

The ransomware attack against UnitedHealth Group’s Change Healthcare platform is expected to cost the company up to $2.45 billion, more than a…

Chile took a major step toward a more resilient cyber landscape for its citizens and the Latin American region on Tuesday, March 26, 2024, …

Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well… and having …

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, …

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use …

Cybercriminals are maximizing the potential damage to your organization to boost their profits. A staggering 91% of reported ransomware …

Analysis of new ransomware group Volcano Demon provides a detailed look into how and why calling victims ups the chances of ransomware payment.

Researchers at Malwarebytes warn that a malvertising campaign is targeting Mac users with phony Microsoft Teams ads. The ads are meant to …

As cyber threats evolve, the target has become crystal clear: your data.  A staggering 90% of ransomware attacks now include a data …

According to the filing, the organization in question failed to devise controls to adequately detect, respond to, and disclose an attack that …

A new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of …

The US Internal Revenue Service (IRS) has issued an advisory warning of phishing campaigns targeting car dealerships. The IRS says car dealers…

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past …

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least …

Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear …

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in …

Analysis of the latest phishing-as-a-service (PhaaS) platform ONNX Store highlights just how successful these platforms can be.

Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. …

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents …

In an interview at the Collision technology conference in Toronto, Booking.com’s CISO sounds the alarm on what she calls “supercharged …

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human …

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the …

As social media becomes more intertwined with our daily routines, cybercriminals are using it to trick people with fake job offers. What are …

As popularity grows for these proven methods of weight loss, scammers have taken note and have placed a significant focus on separating …

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate …

A few weeks ago I was privileged to visit the 8th grade of a high-school here in Cape Town and talk to the students about cybersecurity, …

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law …

A hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, …

Researchers at ESET warn that malvertising campaigns are impersonating AI tools to trick users into installing malware. The Rilide …

In a world where cyber espionage has become as common as a rainy day in London, the recent events surrounding the UK armed forces' payroll …

Check out the June updates in Compliance Plus so you can stay on top of featured compliance training content.

It's a great honor for KnowBe4 to be named the Cyber Security Educator of the Year at the prestigious IT Europa Channel Awards 2024.

Check out the 29 new pieces of training content added in June, alongside the always fresh content update highlights, events and new features.

In a concerning development, TeamViewer, one of the world's leading remote access software providers, has disclosed a cyber attack that …

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record …

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign …

Singapore has become the latest target for cybercriminals looking to steal digital identities and exploit them for nefarious purposes.

The BBC recently reported that Booking.com is warning that AI is driving an explosion in travel scams. Up to 900% in their estimation - making…

If you had to choose between regular cybersecurity training and simulated phishing testing, the data shows you should choose simulated …

A crafty group of cybercriminals has been relentlessly pursuing Mexican banks, cryptocurrency platforms and other organizations in an extended…

Over 11 million phishing attacks have been reported to the UK’s Suspicious Email Reporting Service (SERS) over the past year, according to new…

We’re here to help you and your users stay secure from the scourge of ransomware for Ransomware Awareness Month this July with a kit full of …

The current landscape of artificial intelligence (AI) bears a striking resemblance to the early days of the internet. Just as the internet was…

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email …

My hacker story does not paint me in the best light, and it is not intended to. I am a firm believer in sharing one's mistakes and being open …

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield …

Scammers are now impersonating legitimate services like Booking.com and Kayak to target people planning their summer vacations. One out of …

Happy 1st birthday to our KnowBe4 Community! We’re so excited to celebrate our community's first anniversary. It’s been filled with so many …

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity …

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has …

Cybercriminals are broadening their targets to include even local political candidates, as an escalating series of phishing attacks was …

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML …

Increasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails.

Japan has a large number of Forbes Global 2000 corporations--more than the UK, Germany, and France combined. Despite this economic strength, …

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic …

Based on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world …

A new phishing-as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of …

My hacker story occurred not too long ago at the Hong Kong office of an undisclosed multinational corporation. The hackers pulled off a …

Cybercriminals never sleep, and their aim keeps getting better. According to new research from Abnormal Security, phishing attacks targeting …

Just when you thought the disinformation landscape couldn't get any worse, an alarming new report from Democracy Reporting International …

Job seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a …

A phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos.

A new phishing campaign is exploiting the eSignature platform Yousign.

Wow. It does not happen often that the godfather of infosec comes out this strong about phishing risks. He co-published new research in the …

Social engineering and phishing are not just IT buzzwords; they are potent threats capable of devastating damage to your organization.

The PhishER Plus platform just got smarter with the addition of the new PhishER Plus Threat Intel feature that integrates web reputation data …

New data highlights just how dangerous Business Email Compromise attacks are.

The Minnesota Judicial Branch has issued an advisory warning that scammers are messaging Minnesotans with phony arrest warrants for missing …

I have created a comprehensive webinar, based on my recent book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and …

When the news first broke about a potential data breach at Ticketmaster, the details were murky. The Department of Home Affairs confirmed a …

Social engineering scams can come through any communications channel (e.g., email, web, social media, SMS, phone call, etc.). They can even …

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and …

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey …