Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The human layer is not impacted by Anthropic's Mythos Preview announcement. If anything, it is reinforced, and for reasons that deserve to be spelled out clearly.

Public sector cybersecurity leaders are no longer measured solely on whether they stop attacks, they are measured on whether they can prove it. Across federal, state, local and education environments, compliance obligations continue to expand. Frameworks and mandates include: These are not annual checkbox exercises. They require auditable, continuous evidence of control effectiveness, and for already stretched teams, this creates a second job: compliance documentation.

A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET. “The ongoing campaign uses convincing phishing lures related to tax compliance violations, salary adjustments, job position changes, and employee stock ownership plans,” ESET says. “All emails share the same goal – trick the recipients into opening malicious links or attachments.

Threat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures,” the researchers write.

AI is making phishing attacks easier to create and scale. Tasks that once required manual effort can now be automated, allowing attackers to generate realistic messages, launch campaigns, and adapt tactics quickly to evade security controls. In fact, KnowBe4’s 2025 Phishing Threat Trends Report found that more than 73% of phishing emails analyzed in 2024 showed signs of AI involvement. As a result, phishing threats are becoming harder to detect using traditional methods alone.

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. “While email phishing often relies on volume and opportunistic delivery, interactive methods involve a live person steering the conversation in real-time,” Mandiant says.

In the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn't just tedious, it’s a drain on your most valuable resource: time. That is why we are introducing Campaign Mode for KnowBe4 Defend. It’s time to stop chasing individual emails and start managing at scale.

Human risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate employee behavior. Unlike traditional, one-size-fits-all security awareness training, human risk management focuses on changing employee behavior through monitoring and targeted reinforcement.

When it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging. Misdirected emails like these remain one of the most common and costly forms of accidental data exposure.

Email security often focuses on incoming threats such as phishing, malware, and malicious links, but outbound email security is just as important. According to KnowBe4’s 2025 State of Human Risk Report, nearly half of cybersecurity leaders say misdirected emails sent by employees have caused security incidents. These mistakes typically happen when employees send messages to the wrong recipient, attach the wrong file, or unintentionally share sensitive information.