Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Capital One Customers Targeted By Credential Harvesting Phishing Campaign

May 29, 2025 By KnowBe4 Threat Lab In KnowBe4
The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One. The attacks are sent from compromised email accounts to help them evade reputation-based detection by native security and secure email gateways (SEGs). Once delivered, the attacks use stylized HTML templates and brand impersonation to trick the recipient into believing the communications are legitimate. Recipients who fall victim are directed to credential-harvesting websites.
Read Post
knowbe4

Scammers Exploit Uncertainty Surrounding US Tariffs

May 29, 2025 By KnowBe4 Team In KnowBe4
Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, CNBC reports. Fraudsters may send texts or emails posing as retailers, delivery companies or government agencies, requesting tariff-related payments for purchases and deliveries. James Lee, president of the Identity Theft Resource Center, noted that scammers frequently take advantage of new government policies to launch phishing attacks.
Read Post
knowbe4

The Lost Art of Writing Things Down

May 27, 2025 By Javvad Malik In KnowBe4
I was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out whatever code we could on our keyboards. Our professor looked around at our screens and did something that seemed bizarre at the time – he asked everyone to stop typing. "You're all being incredibly inefficient," he said, "Some of the best programmers I know never start at the keyboard.
Read Post
knowbe4

If I Had Only 20 Seconds To Teach People How To Avoid Scams

May 27, 2025 By Roger Grimes In KnowBe4
Human risk management involves more than security awareness training, but training is a huge part of the mix. How else are you going to best fight a cyberthreat that is responsible for 70% to 90% of all successful data breaches after already bypassing every technical cybersecurity defense you threw in its way? At some point, a harmful scam message will make it to a user, and that user will be called upon to evaluate its importance and treatment.
Read Post
knowbe4

Impersonating Meta, Powered by AppSheet: A Rising Phishing Campaign Exploits Trusted Platforms to Evade Detection

May 23, 2025 By KnowBe4 Threat Lab In KnowBe4
Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign impersonating social media platform giant Meta.
Read Post
knowbe4

The Ransomware Threat: Still Alive and Kicking

May 22, 2025 By Javvad Malik In KnowBe4
Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise. It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years.
Read Post
knowbe4

Phishing Campaign Targets International Students in the US

May 22, 2025 By KnowBe4 Team In KnowBe4
The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US. The campaign has targeted students from the United Arab Emirates (UAE), Saudi Arabia, Qatar, and Jordan. The scammers impersonate government officials and claim there is an issue with the student’s visa.
Read Post
knowbe4

Warning: Phishing Kits Can Auto-Generate Tailored Login Pages

May 19, 2025 By KnowBe4 Team In KnowBe4
Commodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET. These kits allow unskilled threat actors to launch sophisticated attacks tailored to individual users. ESET describes one of these attacks, using a phishing email that informed the user of an unfamiliar sign-in to their account.
Read Post
knowbe4

Beware of Coinbase Scams

May 19, 2025 By Roger Grimes In KnowBe4
I got this Coinbase-related scam in my personal inbox last week. Coinbase is one of the world’s largest cryptocurrency exchange sites. So big and trusted, it’s the first cryptocurrency exchange to be added to the US S&P 500. I’ve been a Coinbase member from the beginning, so this email got my attention. I was pretty skeptical from the start, and upon further exploration, it was definitely a scam.
Read Post
knowbe4

KnowBe4 Leads the Charge Against Cybersecurity Threats with Unmatched AI Capabilities

May 16, 2025 By KnowBe4 Team In KnowBe4
When it comes to artificial intelligence (AI) and human risk management (HRM), not all AI is created equal. You need an approach to AI that demonstrably enhances your security posture, integrates seamlessly with your existing processes and operates as an extension of your team. AI should be in service of a larger goal rather than exist for its own sake.. We’re talking benefits, not just features. An established history of innovation, not capabilities that are too little, too late.
Read Post
knowbe4

Email-based Attacks Accounted for Most Cyber Insurance Claims Last Year

May 16, 2025 By KnowBe4 Team In KnowBe4
Business email compromise (BEC) attacks and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, according to a new report from Coalition. “Business email compromise is an event in which cyber criminals gain access to an organization’s email account to execute a cyber attack,” the cyber insurance provider explains. “Attackers often leverage email access to find sensitive data, including login credentials, financials, and other private information.
Read Post
knowbe4

Agentic AI Ransomware Is On Its Way

May 16, 2025 By Roger Grimes In KnowBe4
Agentic AI-enabled ransomware is not here yet, but likely will be very soon. I am talking this year or by 2026. Here is why. What is Agentic AI? First, it helps to define what agentic AI is. To do that, we have to start by defining what Artificial Intelligence (AI) is…and doing that is a bit like trying to nail the proverbial Jello to a wall.
Read Post
knowbe4

The Clock Is Ticking: Why Phishing Remains The Fastest-Moving Cyber Threat in 2025

May 13, 2025 By KnowBe4 Team In KnowBe4
Cybersecurity professionals face an increasingly aggressive phishing threat landscape, and the 2025 KnowBe4 Phishing By Industry Benchmarking Report makes one thing crystal clear: transforming your largest attack surface - your workforce - into your biggest security asset is critical. 49 Seconds to Disaster According to the Verizon Data Breach Investigations Report (DBIR), the median time it takes someone to click a malicious link is a staggering 21 seconds.
Read Post
knowbe4

How to Protect Your Business from Scattered Spider's Latest Attack Methods

May 13, 2025 By KnowBe4 Team In KnowBe4
Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors. Specifically, the group targets “organizations with large help desk and outsourced IT functions which are susceptible to their social engineering tactics.” The threat actors impersonate employees and attempt to trick IT workers into granting them access. The group also poses as IT workers to target employees.
Read Post
knowbe4

Cybercriminals Use Telegram Bots to Exfiltrate Data In Phishing Kit Campaign

May 12, 2025 By KnowBe4 Threat Lab In KnowBe4
KnowBe4 ThreatLabs has identified and analyzed a sophisticated cross-platform phishing campaign that utilizes Telegram as its primary exfiltration channel. The campaign uses a combination of security-themed phishing emails, branded phishing websites to harvest credentials, and Telegram bots to exfiltrate data.
Read Post
knowbe4

You Are Still Vulnerable to Password Attacks When Using Passkeys

May 9, 2025 By Roger Grimes In KnowBe4
Just because you’re using a passkey doesn’t mean your password is gone. Microsoft is going passwordless in a new big push. As part of that new initiative, they are strongly pushing FIDO passkeys. I am a big fan of FIDO passkeys and FIDO in general. FIDO authentication offerings, including passkeys, are phishing-resistant, which makes them a HUGE improvement over passwords and most other multi-factor authentication products.
Read Post
knowbe4

Phishing Kits Are Growing More Sophisticated; Focused on Bypassing MFA

May 8, 2025 By KnowBe4 Team In KnowBe4
Researchers at Cisco Talos warn that major phishing kits continue to incorporate features that allow them to bypass multi-factor authentication (MFA). Commodity phishing kits like Tycoon 2FA and Evilproxy achieve this by using reverse proxies to intercept traffic from the authentication process during a phishing attack.
Read Post
knowbe4

Warning: Phishing Campaign Impersonates the US Social Security Administration

May 7, 2025 By Cindy Zhou In KnowBe4
Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool. ScreenConnect is a legitimate tool used for remote IT management, but it can be abused by hackers to take control of victims’ computers.
Read Post
knowbe4

Xfinity Scam Might Explain Similar Scams

May 1, 2025 By Roger Grimes In KnowBe4
Recently, I covered a T-Mobile scam where a friend of mine narrowly avoided losing money. In that scam, the attackers called up pretending to be from T-Mobile offering him a cannot-pass-up 30% discount on future T-Mobile bills. While he was initially suspicious of the unexpected callers, they gained his confidence by repeating the amounts of his last two T-Mobile bills, billing address, and knew that his wife was also on the account.
Read Post
knowbe4

Email Remains the Top Attack Vector for Cyberattacks

May 1, 2025 By Stu Sjouwerman In KnowBe4
Email is still the most common attack vector for cyber threats, according to a new report from Barracuda. The researchers found that one in four emails during February 2025 was either malicious or spam. HTML attachments were the most common file type used in phishing emails. “One of the most striking findings from the report is that 23% of HTML attachments are malicious, making them the most weaponized type of text file,” Barracuda says.
Read Post

Roger Grimes talks AI Deepfake Threats with theCUBE at RSAC 2025

May 1, 2025 By KnowBe4 In KnowBe4
Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, reveals how autonomous, and AI-powered deepfake malware is transforming the cybersecurity landscape in this eye-opening RSAC 2025 interview with @siliconangle. Discover why organizations must urgently prepare for sophisticated social engineering attacks that leverage AI technology to bypass traditional security measures. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.