Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation.

Cyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and investment scams were the most commonly reported attacks, with AI-related scams driving some of the costliest losses. Phishing was the top attack vector, with these attacks leading to more than $215 million in losses. Notably, AI-assisted business email compromise (BEC) attacks cost victims more than $30 million.

Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others.

Scams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders. On March 31, 2026, malicious hackers hijacked the development account of a lead maintainer of a popular open source product called Axios used by many companies. It has over 100 million downloads a week. Note: The Axios involved here is not Axios, the news media company.

A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says.

A new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.

Each year, Identity Management Day (IMD) serves as a global reminder that managing digital identities is more than a technical requirement; it is a cornerstone of modern trust. Now in its sixth year, IMD continues to emphasize how identity itself is evolving, stretching beyond human users to encompass machines, automated agents, and even AI-generated personas.

You often hear companies touting that they are AI enabled. But most do not give you the results of how that new AI stacks up with their previous non-AI offerings. We have some early data and want to share it. KnowBe4 was the first Human Risk Management (HRM) vendor to use AI. While our competitors have been touting the use of AI only since 2023 at the earliest, we have been using machine learning (ML), the backbone workhorse of AI, since early 2016 – for a decade!

By Roger A. Grimes and Matthew Duren AI agents can deliver incredible productivity gains, but their operational complexity makes effective threat modeling harder than ever, including for developers, administrators and especially end users. At the same time, both developers and non-developers are increasingly vibe-coding, or using AI to generate functional software from natural language prompts.

A new commodity phishing kit called “Venom Stealer” allows threat actors to automate ClickFix attacks, according to researchers at BlackFog. ClickFix is a social engineering technique that tricks users into executing malicious commands on their computer, usually resulting in malware installation.