Phishing Attacks Abuse Microsoft 365 to Bypass Security Filters

Mar 20, 2025 10:27:20 AM By Stu Sjouwerman

Threat actors are abusing Microsoft’s infrastructure to launch phishing attacks that can bypass security measures, according to researchers at Guardz.

The Cybersecurity Confidence Gap: Are Your Employees as Secure as They Think?

Mar 18, 2025 10:26:41 AM By Anna Collard

Our recent research reveals a concerning discrepancy between employees' confidence in their ability to identify social engineering attempts and their actual vulnerability to these attacks.

Booking.com Phishing Scam Targets Employees in the Hospitality Sector

Mar 18, 2025 10:25:44 AM By Stu Sjouwerman

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at Microsoft.

98% Spike in Phishing Campaigns Leveraging Russian (.ru) Domains

Mar 14, 2025 10:05:36 AM By KnowBe4 Threat Lab

A KnowBe4 Threat Lab publication Authors: Martin Kraemer, Jeewan Singh Jalal, Anand Bodke, and James Dyer EXECUTIVE SUMMARY: We observed a 98% rise in phishing campaigns hosted on Russian ...

Make Your Real Emails Less Phishy

Mar 13, 2025 9:14:05 AM By Roger Grimes

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately had all the hallmarks of a ...

245% Increase in SVG Files Used to Obfuscate Phishing Payloads

Mar 12, 2025 9:11:12 AM By KnowBe4 Threat Lab

A KnowBe4 Threat Labs Publication Authors: James Dyer and Cameron Sweeney The KnowBe4 Threat Research team has observed a sustained increase in the use of Scalable Vector Graphics (SVG) ...

AI and AI-agents: A Game-Changer for Both Cybersecurity and Cybercrime

Mar 12, 2025 9:10:02 AM By Anna Collard

Artificial Intelligence (AI) is no longer just a tool—it is a game changer in our lives, our work as well as in both cybersecurity and cybercrime.

Beware: Malvertising Campaign Hits Nearly a Million Devices

Mar 12, 2025 9:09:33 AM By Stu Sjouwerman

Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal streaming sites, impacted both consumer and ...

Autonomous Agentic AI-Enabled Deepfake Social Engineering Malware is Coming Your Way!

Mar 10, 2025 9:17:27 AM By Roger Grimes

I’ve been in the cybersecurity industry for over 36 years. Surprisingly, hackers and malware haven't changed all that much.

Invoice or Impersonation? 36.5% Spike in Phishing Attacks Leveraging QuickBooks’ Legitimate Domain in 2025

Mar 7, 2025 9:13:54 AM By KnowBe4 Threat Lab

A KnowBe4 Threat Lab Publication Authors: Martin Kraemer, James Dyer, and Lucy Gee Much like sending a phishing email from a compromised account, cybercriminals can boost the ...

Data at Risk: 96% of Ransomware Attacks Involve Data Theft

Mar 6, 2025 9:54:08 AM By Stu Sjouwerman

A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up.

[Heads Up] Sophisticated Phishing Attack Uses New JavaScript Obfuscation Trick

Mar 5, 2025 9:11:50 AM By Stu Sjouwerman

Researchers at Juniper Threat Labs warn that phishing attacks are utilizing a new obfuscation technique to hide malicious JavaScript.

Q&A with Martin Kraemer on Information Sharing in Cybersecurity

Mar 5, 2025 9:11:22 AM By Martin Kraemer

Recently, Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, Lecturer in Cybersecurity at King’s College London released a Whitepaper called: ...

Primary Refresh Tokens Aren’t Your Parent’s Browser Token

Mar 4, 2025 9:40:59 AM By Roger Grimes

If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers' theft target of choice.

School is in Session: Surge in Phishing Attacks Targeting the Education Sector

Mar 4, 2025 9:40:19 AM By Martin Kraemer

A KnowBe4 Threat Lab Publication Authors: Jeewan Singh Jalal, Anand Bodke, Daniel Netto and Martin Kraemer

Announcing: Audiocasts - A New Podcast-Like Training Content Type

Mar 3, 2025 9:00:00 AM By John Just

We are very excited to announce the addition of audiocasts, a new content type now available in the ModStore to help strengthen your security culture through an engaging audio format.

Protect Yourself from Job Termination Scams

Feb 28, 2025 9:13:46 AM By Stu Sjouwerman

ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic and act quickly to see if they’ve actually ...

Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures

Feb 28, 2025 9:13:19 AM By Stu Sjouwerman

Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security measures in order to breach organizations ...

Phishing Attack Leads to Lateral Movement in Just 48 Minutes

Feb 27, 2025 9:09:03 AM By Stu Sjouwerman

Researchers at ReliaQuest have published a report on a phishing breach in the manufacturing sector that went from initial access to lateral movement in just 48 minutes.

Warning: Russian Threat Actors Are Targeting Signal Accounts With Malicious QR Codes

Feb 25, 2025 9:17:03 AM By Stu Sjouwerman

Several Russian state-sponsored threat actors are using QR code phishing (quishing) to compromise Signal accounts, according to researchers at Google’s Threat Intelligence Group.

Security Awareness Training Blog

Phishing Blog

View Topics