|
By Bryan Palma
You can add verified AI skills to your LinkedIn profile. Certifications proving you know how to use the latest tools. This shows progress, but it is only half the problem. While we are getting very good at verifying what people know, we still have almost no way to verify how they behave. In hiring, we obsess over skills and experience, and ponder cultural fit. We run background checks. We validate credentials.
|
By KnowBe4 Team
Organizations are rapidly deploying autonomous and semi-autonomous AI agents that can make decisions, execute tasks and interact directly with systems without constant human oversight. That shift is driving investment, with the global agentic AI in cybersecurity market projected to grow to $322.39 billion by 2033. The surge represents enormous gains in efficiency and agility — and also signals a dramatic increase in risk.
|
By KnowBe4 Team
AI-generated fraud schemes are now the dominant type of fraud, according to a new report from AU10TIX. AI-assisted forgeries overtook physical manipulation for the first time, as these tools allow attackers to fool humans and technology with very little manual effort.
|
By Haylea Reiner, MBA
Email is one of the primary ways people share information, connect with customers and get work done. It is also one of the easiest channels for risk to slip in. A mistyped address, an exposed attachment, a missed opt-out, or a rushed response to a phishing message can all lead to serious problems. That is why email compliance matters. It helps define how your organization handles email, what is allowed and how to report on activity when something goes wrong.
|
By KnowBe4 Team
Imagine you give an AI agent permission to triage support tickets. A few weeks later, it’s accessing a system no one intended it to reach, putting the data within at risk of exposure or misuse. Nothing dramatic happens at the moment. That’s what makes the risk tricky. AI agents don’t wait for approval the way traditional systems do, and they move faster than the controls you’ve set around them.
|
By Roger Grimes
Google recently released Device-Bound Session Credentials (DBSC) for Google Chrome and Google Workspace. It is a long-awaited new security enhancement to fight back against local cookie theft. But, yes, it can still be hacked and phished. Nothing alone in cybersecurity is a complete panacea.
|
By KnowBe4 Team
Researchers at Malwarebytes warn that a fake ChatGPT download site is delivering malware. The attackers use sponsored results and SEO manipulation to target users who search for “ChatGPT download.” The phishing page is a convincingly spoofed version of the legitimate ChatGPT website, which delivers malware tailored to Windows or Mac users.
|
By KnowBe4 Team
Cyberattacks are now the top concern of leading CEOs, overtaking fears over geopolitical turmoil or inflation, the Wall Street Journal reports. A survey by the Conference Board and the Business Council found that 65% of CEOs at blue-chip companies cited cyberattacks as their top worry in the second quarter of 2026, an increase from 56% in Q1 2026.
|
By KnowBe4 Team
We’re proud to share that KnowBe4 has once again been recognized as a leader in cybersecurity, receiving six 2026 TrustRadius Top Rated Awards across our platform. These awards are especially meaningful because they’re based entirely on customer feedback—making them a direct reflection of how our customers view the value and impact of our partnership.
|
By KnowBe4 Team
Spam and phishing are often used interchangeably in email security, but they serve distinct purposes and carry varying levels of risk. Understanding the difference between spam vs. phishing helps organizations better recognize threats and respond appropriately. This guide breaks down how spam and phishing differ, how to identify each, and what steps organizations can take to reduce risk.
Have you noticed a spike in sketchy job offers since starting your career search? Here is how automated bots turn your profile details against you, and the major red flags to watch out for.
POV: you finally found free cybersecurity training that doesn't make you want to fall asleep. CAPY offers bite-sized cyber safety lessons for your whole family. Under 4 minutes. No login. No cost. Just real tips that actually stick. Kids, parents, seniors — there's a path for everyone.
Creating urgency, triggering reactions, and bypassing logic—sound familiar? Whether it's a 3 a.m. meow or a fake security alert, the tactics are the same. Don't be the catch of the day. Learn to spot the "phish" before you click!
Think phishing is just a corporate email issue? Think again. Scammers use compromised accounts and lookalike profiles on social media to target you where you least expect it. Stay sharp, verify outside the app, and don't get reeled in by sketchy links!
A Flashy pop-up + a huge ransom demand = FAKE. "Your files aren't encrypted." It's theater designed to panic you into paying. Close the browser. Don't click and don't pay. Real ransomware doesn't need the dramatics. Fake ones do.
You just unboxed your child’s new device...now what? Default settings are built for clicks, not kids. Use these tips to set them up for safety success on day one.
In a world where anything can look real…sharing without checking is risky. AI is making it easier than ever for misinformation to blend in. Once it spreads, it’s hard to undo. Pause before you share. A few extra seconds can make all the difference.
Incognito mode is NOT a privacy shield. It may stop your roommates from seeing your history, but it doesn't stop your IP address or activity from being tracked elsewhere. If you want real privacy, use a VPN and strict browser settings.
You asked, we answered: How do you spot a fake QR code? Scammers are good at faking public QR codes. From crooked stickers to "typo" URLs, here’s exactly what to look for before you tap that link. Remember, trust your gut. If it looks off, skip the scan.
Your morning run might be sharing more than just your pace. Fitness apps like Strava are great for tracking, but default settings can leave your daily routine exposed to anyone. If you haven't checked your privacy tab lately, now is the time! Don't let your run become a roadmap for the wrong people.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
- June 2026 (21)
- May 2026 (39)
- April 2026 (28)
- March 2026 (50)
- February 2026 (26)
- January 2026 (22)
- December 2025 (31)
- November 2025 (31)
- October 2025 (42)
- September 2025 (26)
- August 2025 (24)
- July 2025 (17)
- June 2025 (26)
- May 2025 (24)
- April 2025 (31)
- March 2025 (31)
- February 2025 (24)
- January 2025 (24)
- December 2024 (21)
- November 2024 (29)
- October 2024 (37)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.