Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

The Rise of Kratos: How the New Phishing-as-a-Service Kit Industrializes Cybercrime

Feb 27, 2026 By KnowBe4 Threat Lab In KnowBe4
By the end of 2026, over 90% of all credential compromise attacks are estimated to be enabled by modular Phishing-as-a-Service (PhaaS) kits like the sophisticated, global threat, Kratos. This aggressive platform has already begun reshaping the threat landscape. At its core, Phishing-as-a-Service (PhaaS) is a malicious cloud-based service that allows easier deployment of phishing attacks and faster updating of features as compared to traditional phishing and malware attacks.
Read Post
knowbe4

Common Facebook Scam Method

Feb 27, 2026 By Roger Grimes In KnowBe4
A friend posted this on Facebook and it came up on my feed. I know this person and I was so sorry to read. How horrific! I had no idea who was killed in the accident, so I clicked on the news story. It took me to a site that posted this: This is a real reCAPTCHA posted to filter out anti-malware and content filtering services. When I saw this I knew that this was a fake news story and that my friend’s Facebook account had been taken over by a scammer.
Read Post
knowbe4

Nation-State Threat Actors Incorporate AI to Streamline Attacks

Feb 26, 2026 By KnowBe4 Team In KnowBe4
Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential components of their operations. The threat actors are using tools to conduct research and reconnaissance, target victims, and rapidly create phishing lures.
Read Post
knowbe4

Fake Video Meeting Invites Trick Users Into Installing RMM Tools

Feb 24, 2026 By KnowBe4 Team In KnowBe4
Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope. The invites lead to convincingly spoofed landing pages for fake video meetings, complete with a list of coworkers who have supposedly already joined the call. The page instructs the user to install a software update in order to join the video meeting.
Read Post
knowbe4

Introducing the AIDA Orchestration Agent: Always-On Human Risk Management Has Arrived

Feb 24, 2026 By KnowBe4 Team In KnowBe4
Social engineering remains the most reliable way into an organization—and attackers are getting better at it every day. According to the 2025 Verizon Data Breach Investigations Report, up to 68% of breaches involve social engineering. AI has only widened the gap. More than 95% of cybersecurity professionals say AI-generated phishing is harder to detect, and Microsoft reports that AI-generated phishing emails are 4.5x more successful than manually created ones.
Read Post
knowbe4

What Happens If I Click A Phishing Link?

Feb 21, 2026 By James Dyer In KnowBe4
Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices. Phishing can result in cybercriminals gaining unauthorized access to organizations’ data, network systems, or applications. People can be understandably alarmed once they realize they’ve clicked on a phishing link.
Read Post
knowbe4

Humans Will Give AI Anything If You Make It Sound Cool Enough

Feb 20, 2026 By Javvad Malik In KnowBe4
There's a beautiful moment happening right now, and by "beautiful" I mean "horrifying in that can't-look-away-from-the-car-crash sense”. People are giving OpenClaw access to, well, pretty much their entire lives. The results are exactly what you'd expect… One user gave his agent $500 and watched it create 25 trading strategies, generate 3,000+ reports, build 10 new algorithms, scan every post on X, and trade 24/7 non-stop. The result? It lost everything. Not most of it. Everything.
Read Post
knowbe4

Report: AI-Driven Fraud Surged by 1200% in December 2025

Feb 19, 2026 By KnowBe4 Team In KnowBe4
AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI to assist in every stage of the attack, from deploying bots to conduct reconnaissance to using deepfakes to trick humans. “According to Pindrop internal data, AI fraud (or non-live fraud) surged 1210% by December 2025,” the researchers write.
Read Post
knowbe4

AI-Assisted Social Engineering Attacks Continue to Rise

Feb 19, 2026 By KnowBe4 Team In KnowBe4
Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026. “Deepfake voice, image, and video impersonation now requires minimal expertise and only a handful of reference images or seconds of audio,” the researchers write.
Read Post
knowbe4

Welcome to the Blur: Designing Security That Works With, Not Against, AI Adoption

Feb 17, 2026 By Javvad Malik In KnowBe4
There's a moment in every security professional's career when they realise the game has fundamentally changed. Mine came last Tuesday at 3:47 PM, watching my colleague Erich argue with an AI agent about expense policy while simultaneously being phished by what I'm 87% certain was another AI agent pretending to be from IT. We’ve spent decades building security models around a simple premise: humans work here, threats exist out there, and our job is to build bigger walls between the two.
Read Post
knowbe4

Warning: Attackers Are Using DKIM Replay Attacks to Bypass Security Filters

Feb 17, 2026 By KnowBe4 Team In KnowBe4
Cybercriminals are abusing legitimate invoices and dispute notifications from popular services to send scam emails that bypass security filters, according to researchers at Kaseya’s INKY. The attackers have used this technique to impersonate PayPal, Apple, DocuSign, HelloSign, and others. “These platforms often allow users to enter a ‘seller name’ or add a custom note when creating an invoice or notification,” the researchers write.
Read Post
knowbe4

Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA

Feb 12, 2026 By KnowBe4 Threat Lab In KnowBe4
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA).
Read Post
knowbe4

Voice Phishing Kits Give Threat Actors Real-Time Control Over Attacks

Feb 12, 2026 By KnowBe4 Team In KnowBe4
Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication. “The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,” Okta says.
Read Post

Training Humans and AI Agents

Feb 11, 2026 By KnowBe4 | Human Risk Management In KnowBe4
Managing the risks associated with the increasing use of AI agents and co-pilots is critical for every organization. A key challenge is that AI agents draft documents and influence decisions but they operate without a true understanding of a company's rules, culture, or risk. Like humans, AI agents are susceptible to failure. Humans are socially engineered, while AI agents are prompt engineered, and AI agents may "hallucinate" when context is missing, similar to how humans guess.
View Video
knowbe4

New Malware Kit Promises Guaranteed Publication in the Chrome Web Store

Feb 6, 2026 By KnowBe4 Team In KnowBe4
A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s security verification process, according to researchers at Varonis. “For $2,000 to $6,000, Stanley provides a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising guaranteed publication on the Chrome Web Store,” Varonis says.
Read Post
knowbe4

Attackers Can Use LLMs to Generate Phishing Pages in Real Time

Feb 5, 2026 By KnowBe4 Team In KnowBe4
Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages. “Once loaded in the victim's browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models),” the researchers write.
Read Post

Mastering Post-Quantum Cryptography and AI-Driven Cyber Threats

Feb 4, 2026 By KnowBe4 | Human Risk Management In KnowBe4
The cybersecurity landscape is undergoing a paradigm shift driven by two unstoppable forces: Generative AI and Shor’s Algorithm-capable Quantum Computing. As we approach "Q-Day," the window for organizations to transition to quantum-resistant architectures is closing. Modern threat actors are no longer just using brute force; they are utilizing Quantum-AI convergence to automate vulnerability discovery and bypass legacy encryption. This session provides a roadmap for transitioning from traditional cybersecurity to a Post-Quantum Cryptography (PQC) framework.
View Video
knowbe4

Report: One in Ten UK Companies Wouldn't Survive a Major Cyberattack

Feb 4, 2026 By KnowBe4 Team In KnowBe4
A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major cyber incident, such as a ransomware attack, Infosecurity Magazine reports. Additionally, 71% of business leaders believe at least one of their employees would fall for a convincing phishing attack, and fewer than half (45%) of organizations have ensured that all of their employees have received basic cyber awareness training.
Read Post
knowbe4

Warning: A LinkedIn Phishing Campaign is Targeting Executives

Feb 3, 2026 By KnowBe4 Team In KnowBe4
A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool. “A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.