Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector. I have been teaching about the risks of Microsoft email rules, forms and connectors on email clients and servers for decades. Both can be created by an attacker learning your email address and logon credentials (e.g., password or MFA codes).

Managing the security gap between your technical defenses and user behavior just got easier! Introducing KnowBe4 SecurityCoach for Microsoft Edge for Business integration. As one of the only human risk management platforms with a native reporting connector in Microsoft Edge for Business, SecurityCoach now transforms your browser into a real-time coaching platform.

KnowBe4 is excited to announce that we have been recognized as an overall Customers’ Choice in the July 2025 Gartner Peer Insights Voice of the Customer for Email Security Platforms Report. The Gartner Peer Insights Customers’ Choice distinction is based on feedback and ratings from end-user professionals who have experience purchasing, implementing and/or using a product or service.

Africa's cybersecurity landscape presents a paradox: a widespread belief in preparedness among organisations, although significant blind spots continue to exist, particularly concerning their human layer - their employees. The KnowBe4 Africa Human Risk Management Report 2025, drawing insights from 124 senior cybersecurity decision-makers across 30 African countries, uncovers several concerns in the continent's cyber readiness.

Ransomware attacks increased by 63% year-over-year in the second quarter of 2025, with a total of 276 publicly disclosed incidents, according to a new report from BlackFog. Notably, there were far more ransomware attacks that weren’t publicly disclosed. The researchers note, “The figures also reveal that the scale of hidden activity remains significant, with 80.9% of all ransomware attacks going unreported.

I’ve been following ransomware since the first one, the AIDS Cop Trojan, was released in December 1989. It locked up victim computers and asked for $300 to be sent to a Panama P.O. Box. A lot has changed since then. The invention of cryptocurrencies, particularly Bitcoin in January 2009, was largely responsible for the explosion of ransomware by 2013. This was when CryptoLocker ransomware was released to the world. Ransomware gangs have been making many billions of dollars per year ever since.

More than one in ten people who were targeted by job scams this year fell victim, according to a report from Resume.org. Younger people, particularly young men, are more likely to fall victim. “In total, 14% of those who received a job scam text fell victim,” the report says. “Younger workers are more likely to have fallen victim to the scam. “Twenty percent of Gen Zers fell for a job scam, followed by 16% of millennials, 10% of Gen Xers, and just 4% of boomers.

The US Federal Trade Commission (FTC) has issued an advisory warning of job scams that impersonate well-known companies with tempting employment opportunities. The scammers are trying to steal users’ personal and financial information in order to steal their money or launch further attacks.

Scammers are using over 17,000 phony news sites to push investment fraud, according to a new report from CTM360. These websites, which the researchers call “Baiting News Sites (BNS),” spread via legitimate ad platforms such as Google or Meta. The sites impersonate well-known news providers, including CNN, the BBC, CNBC, News24, and ABC News. If a user clicks on one of these sites, they’ll be shown a fake news article about a well-known figure promoting a phony investment opportunity.

We are working tirelessly on our AI First strategy to better protect both humans and their AI tools. KnowBe4 and its advocates spend a lot of time talking to audiences about AI-enabled threats, and rightly so, as recently covered in dozens of previous posts, including this recent one. This year and next promise to be an explosion of cyber threats better enabled by AI. After years of saying AI attacks would be coming, they are here and will be the way that most cybercrime is committed forevermore.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation. However, this shift has also created a complex and vulnerable cyber threat landscape, making manufacturing the most targeted industry for cyberattacks for the past four years. Connected systems and legacy infrastructure are colliding, expanding the attack surface and exposing manufacturers to increased risks.

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time. "In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain.

AI is going to allow better, faster, and more pervasive attacks. For a few years, if you attended one of my presentations involving AI, I would tell you all about AI and AI threats…perhaps even scare you a bit…and then tell you this, “AI attacks are coming, but how you are likely to be attacked this year doesn’t involve AI. It will be the same old attacks that have worked for decades.” I always got lots of comforted smiles from those ending lines. But this year is different.

The US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation sectors, BleepingComputer reports. The group spent the past several months targeting companies in the retail and insurance sectors, and has now hit several airlines. Scattered Spider uses social engineering attacks to gain initial access, then steals data and/or deploys ransomware to extort their victims.

Employees are expected to behave securely, and the definition of “securely” is often written down in a myriad of security policies. Yet, people do not always comply with security policies or make use of available tools. Gartner documents in their research that 69% of all employees intentionally bypass cybersecurity guidance, and 93% behave consciously and deliberately insecurely when they have to. Is Non-Compliance a Question of Motivation?

Author: Bex Bailey Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of cybersecurity risk worldwide. In fact, Forrester reveals that organizations in Asia Pacific (APAC) experience an average of 3.5 breaches within a 12-month period versus 2.8 globally. Organizations in the region also experience a cumulative cost of US$2.8 million against the global mean of US$2.7 million.