Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

The 3 Biggest Email Security Challenges Facing Legal Organizations

Sep 30, 2025 By KnowBe4 Team In KnowBe4
Law firms really are under constant pressure to meet tight deadlines, maintain client confidentiality and protect privileged communications. And like most aspects of life with technology so deeply intertwined, the same tools that make work possible can also be significant sources of risk. Consider something as basic as email; likely the most commonly used tool in the profession.
Read Post
knowbe4

The Behavioral Science Behind the Click

Sep 26, 2025 By Javvad Malik In KnowBe4
Welcome back. In our last blog post, we talked about the great divide between tech-focused and people-focused security. Now, let’s get nerdy and talk about the fascinating, complex, and occasionally infuriating operating system at the heart of the problem: the human brain. Ever wondered why that "Urgent Invoice" email from a brand-new supplier creates an immediate jolt of anxiety that makes you want to click? That’s not a logic failure; it’s a feature.
Read Post
knowbe4

Attackers Use AI Development Tools to Craft Phony CAPTCHA Pages

Sep 25, 2025 By KnowBe4 Team In KnowBe4
Attackers are abusing AI-powered development platforms like Lovable, Netlify and Vercel to create and host captcha challenge websites as part of phishing campaigns, according to researchers at Trend Micro. “Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms,” the researchers write.
Read Post
knowbe4

New AI-Driven Phishing Platform Automates Attack Campaigns

Sep 25, 2025 By KnowBe4 Team In KnowBe4
Researchers at Varonis warn of a new phishing automation platform called “SpamGPT” that “combines the power of generative AI with a full suite of email campaign tools.” While previous phishing kits have automated parts of the attack chain, SpamGPT’s sophistication sets it apart from the rest “SpamGPT’s interface and features imitate a professional email marketing service, but for illegal purposes,” Varonis writes.
Read Post
knowbe4

Attackers Abuse Google's AppSheet to Send Phishing Emails

Sep 23, 2025 By KnowBe4 Team In KnowBe4
Hackread reports that attackers are abusing Google’s AppSheet platform to send phishing emails. The campaign was spotted by researchers at Raven, who warn that attackers are sending messages that impersonate AppSheet, informing users of phony trademark violations. Notably, the emails are sent from AppSheet’s legitimate infrastructure, making them more likely to bypass security controls and appear legitimate to human recipients.
Read Post
knowbe4

Why Your Security Strategy Needs a Human Upgrade

Sep 19, 2025 By Javvad Malik In KnowBe4
Let’s be brutally honest. For years, our industry has been locked in a civil war. In one camp, the technologists have been building higher walls and smarter traps, arguing that the right AI-powered, next-gen firewall will solve all our problems. In the other camp, the behaviorists have been calling for more training and better awareness, convinced that if we just make people understand the risks, they’ll stop clicking on things.
Read Post
knowbe4

AI-Assisted Phishing Attacks Are an Increasingly Serious Threat

Sep 18, 2025 By KnowBe4 Team In KnowBe4
AI-assisted phishing attacks pose a significant and increasing threat to organizations, according to Matt Weidman, partner and vice president of Commercial Property & Casualty at USIA. In an article for CBIA, Weidman explains that attackers can use AI tools to craft targeted, convincing phishing messages that are almost indistinguishable from the real thing.
Read Post

Level Up Your Strategies for Cybersecurity Awareness Month

Sep 16, 2025 By KnowBe4 | Human Risk Management In KnowBe4
Cybersecurity Awareness Month is just around the corner, and it's time to plan your October campaign! While it's an exciting opportunity, it can also be challenging. How do you turn mandatory security awareness into a fun and engaging campaign that actually reduces human risk? Join Erich Kron, CISO Advisor at KnowBe4, as he shows you exactly how to do it. You'll discover how to leverage KnowBe4's ready-to-use kit to run a complete themed campaign throughout October.We've done the heavy lifting so you can focus on what matters most: building a stronger security culture that lasts.
View Video
knowbe4

Report: AI-Powered Phishing Fuels Ransomware Losses

Sep 12, 2025 By KnowBe4 Team In KnowBe4
AI-powered social engineering attacks are significantly more successful than traditional attacks, according to a new report from cyber risk management firm Resilience. The researchers state, “Social engineering attacks fueled 88% of material losses, with AI-powered phishing achieving a 54% success rate compared to just 12% for traditional attempts.” AI allows attackers to easily craft sophisticated phishing emails, as well as voice and video deepfakes.
Read Post
knowbe4

FBI Issues Guidance for Avoiding Deepfake Scams

Sep 11, 2025 By KnowBe4 Team In KnowBe4
The FBI and the American Bankers Association (ABA) have issued a joint advisory warning of the growing threat posed by AI-generated deepfake scams. “Criminals may pose as loved ones, government officials, law enforcement personnel, or even celebrities, often using fear and urgency to convince victims to send money or share sensitive information,” the advisory says.
Read Post
knowbe4

Phishing Campaign Abuses iCloud Calendar Invites

Sep 11, 2025 By KnowBe4 Team In KnowBe4
Attackers are abusing iCloud Calendar invites to send phishing messages that pose as PayPal notifications, BleepingComputer reports. Since the messages are sent from Apple’s infrastructure, they’re more likely to bypass security filters. BleepingComputer explains, “This email is actually an iCloud Calendar invite, where the threat actor included the phishing text within the Notes field and then invited a Microsoft 365 email address that they controlled.
Read Post
knowbe4

"Yep, I got pwned. Sorry everyone, very embarrassing."

Sep 10, 2025 By Martin Kraemer In KnowBe4
In essence, that is the disclosure and notification message that the open-source developer "qix" sent to the world when he was social engineered to give up access credentials to his GitHub account. Using his account, the attackers inserted malware in a series of popular NPM packages to direct cryptocurrency payments to their own wallets.
Read Post
knowbe4

Report: Shadow AI Poses an Increasing Risk to Organizations

Sep 10, 2025 By KnowBe4 Team In KnowBe4
The use of “shadow AI” is an increasing security risk within organizations, according to a new report from Netskope. Shadow AI is a newer variant of shadow IT, in which employees use unauthorized technology without the knowledge of the IT department. This is generally driven by a desire for increased productivity rather than malicious motives, but employees are often unaware of the risks introduced by unauthorized tools.
Read Post
knowbe4

Advanced Educational Competition - Ask Your Employees To Submit Their Best Phishing

Sep 5, 2025 By Roger Grimes In KnowBe4
I occasionally get human risk management (HRM) administrators asking me to help them with ideas of “contests” to better educate their end-users. They have usually done the traditional recommendations, which means at least monthly-to-weekly security awareness training (SAT) and simulated phishing. They are working to educate their end-users about social engineering and phishing attacks as best as they can without being overly annoying.
Read Post
knowbe4

Smishing Campaign Targets California Taxpayers With Phony Refund Offers

Sep 5, 2025 By KnowBe4 Team In KnowBe4
The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports. The FTB stated, “These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information.
Read Post

KnowBe4: The Most Advanced Human Risk Management Platform

Sep 5, 2025 By KnowBe4 | Human Risk Management In KnowBe4
Strengthen your organization's security with the KnowBe4 human risk management platform! KnowBe4 helps you manage and reduce cyber risk by focusing on the human layer of security. Traditional security measures often overlook the fact that people are the biggest variable in your defense. KnowBe4's comprehensive platform goes beyond simple training, providing a full suite of tools to build a strong security culture and transform your employees from a potential vulnerability into your strongest line of defense.
View Video
knowbe4

Warning: New Spear Phishing Campaign Targets Executives

Sep 5, 2025 By KnowBe4 Team In KnowBe4
Researchers at Stripe warn of a wave of spear phishing attacks targeting C-suite employees and senior leadership across a wide range of industries. The emails pose as OneDrive document-sharing notifications with subject lines like “Salary amendment” or “FIN_SALARY.” If a user clicks the link, they’ll be taken to a spoofed Microsoft Office/OneDrive login page designed to steal their credentials.
Read Post
knowbe4

Hospitals Need to Prepare for AI-Powered Phishing Attacks

Sep 4, 2025 By KnowBe4 Team In KnowBe4
Healthcare organizations need to be prepared for an increase in AI-assisted phishing attacks, according to Zack Martin, Senior Policy Advisor at Venable. In an article for HIT Consultant, Martin explained that AI has made phishing attacks more convincing and easier to launch, posing a heightened risk to healthcare organizations.
Read Post
knowbe4

Report: AI Can Now Automate Entire Attack Chains

Sep 4, 2025 By KnowBe4 Team In KnowBe4
Threat actors can now use AI tools to automate entire attack operations, according to a new report from Anthropic. The company says an attacker abused its Claude AI tool to create a hacking and extortion campaign that compromised at least seventeen organizations. The attacker used Claude to conduct reconnaissance, initial access, malware development, data exfiltration, and extortion analysis.
Read Post
knowbe4

Beyond the Audit Box: Building Security That Works in the Real World

Sep 4, 2025 By Javvad Malik In KnowBe4
Many years ago, a friend of mine worked as a security director at a firm and had what they called an “audit box.” It was a pre-prepared box filled with policies, network diagrams, security controls and checkboxes. Basically, all the things an auditor would want to see during a visit. Except they weren’t always a true reflection of reality. That's a tidy version of cybersecurity. You purchase a tool, deploy it, tick the box and the problem goes away.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.