Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One of my first intentional “to-dos” this year has been spending time with the World Economic Forum’s Global Cybersecurity Outlook 2026, a report I was privileged to actively contribute to over the past year. For KnowBe4 customers, this report offers more than trend analysis. It provides a baseline of where organizations stand today, what separates resilient organizations from less resilient ones, and why the human factor is now central to cyber resilience.

With organizations collecting and storing massive amounts of personal data these days, much of which people share freely, we need to become better at protecting data on both the storing and sharing side of things. Organizations must have strong data protection measures in place and everyone should start being more digitally mindful when sharing their own personal data. Ultimately, being careful of what we put out there is the best way to reduce cyberattacks and data breaches.

Forty percent of employees have never received cybersecurity training, according to a new report from Yubico. That number rises to nearly sixty percent for employees working for small businesses. The report surveyed 18,000 employed adults from the US, the UK, Australia, India, Japan, France, Germany, Singapore, and Sweden. “Our research finds that 4 in 10 (40%) employees have never received training on cybersecurity in any form,” Yubico says.

Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports. QR code phishing (quishing) is already more difficult to detect, since these codes deliver links without a visible URL. Attackers are now using QR codes with colors, shapes, and logos woven into the code’s pattern. “Fancy QR codes further complicate detection,” Help Net Security says. “Their layouts no longer resemble the familiar black and white grid.

KnowBe4 Threat Labs recently examined a sophisticated dual-vector campaign that demonstrates the real-world exploitation chain following credential compromise. This is not a traditional virus attack. Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust. By stealing a “skeleton key” to the system, they turn legitimate Remote Monitoring and Management (RMM) software into a persistent backdoor.

For those of you who are like me, when I first heard about the new EU AI Act, I had flashbacks to the implementation of the General Data Protection Act (GDPR) back in 2018. There are certainly a lot of similarities with the EU leading the way in consumer protections that will likely lead to more, similar legislation across the globe. I’m also reminded of the iPhone when it was introduced in the consumer market and bled into the workplace (I for one held onto my Blackberry for as long as I could).

A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports. Threat actors are using bots to post the comments, which impersonate LinkedIn itself and inform the user that their account has been restricted due to policy violations. The comments contain links to supposedly allow the user to appeal the restriction.

A survey by the World Economic Forum (WEF) found that 47% of organizations cite the advancement of adversarial capabilities as their top concern surrounding generative AI. These capabilities include phishing, malware development, and deepfakes, all of which are increasingly accessible due to AI tools. Additionally, 42% of organizations experienced a successful social engineering attack last year, and the researchers expect this number to rise as AI-assisted social engineering grows more advanced.

While organizations invest heavily in stopping threats from entering their networks, a critical vulnerability often goes underprotected: sensitive data leaving the organization through email. Every day, employees send thousands of emails containing confidential information - patient records, financial data, legal documents, and personally identifiable information (PII). And every day, some of those emails go to the wrong recipient.

Scammers stole an estimated $17 billion worth of cryptocurrency in 2025, according to a new report from Chainalysis. Notably, the report found that AI-assisted scams stole 4.5 times more money than scams that didn’t leverage AI. “Our analysis reveals that, on average, scams with on-chain links to AI vendors extract $3.2 million per operation compared to $719,000 for those without an on-chain link — 4.5 times more revenue per scam,” the researchers write.

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This technique isn’t new, but Microsoft has observed a surge in these attacks since May 2025. “Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally,” the researchers write.

Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing industry. The phishing messages posed as legitimate business notifications, such as file access requests or voicemail alerts, and were designed to send users to credential-harvesting login pages. Notably, the campaign abused legitimate Google infrastructure and links to avoid being flagged by security tools.

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo, and Coinbase. “Scammers ramped up brand impersonation attacks throughout Q4 2025, timing their campaigns around when people are busiest online, shopping for deals, renewing subscriptions, or looking for jobs,” Guardio says.

WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations. Father Mike Schmitz, a priest who hosts a podcast with over a million followers, warned his listeners in November that AI-generated deepfakes were using his likeness to fraudulently solicit donations. WIRED found that several of these fake accounts are still active on TikTok, and they appear when a TikTok user searches for Father Schmitz.

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.

Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization. Phishing, Business Email Compromise (BEC) and supply-chain attacks continue to rise, with adversaries leveraging AI and compromised accounts to bypass legacy defenses. This presents many challenges for CISOs, IT Directors and SOC teams alike: it seems pretty clear that threats are evolving faster than traditional email security can keep up.

Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts. The attack begins with an unsolicited message stating, “Hey, I just found your photo!” along with a link to a spoofed Facebook login page. Instead of trying to steal users’ Facebook credentials, however, the attackers are attempting to gain access to victims’ WhatsApp accounts.

In the early hours following reports of a U.S. military operation involving Venezuela, social media feeds were flooded with dramatic images and videos that appeared to show the capture of Venezuelan president Nicolás Maduro. Within minutes, AI-generated photos of Maduro being escorted by U.S. law enforcement, scenes of missiles striking Caracas, and crowds celebrating in the streets racked up millions of views across various social media channels. The problem?