|
By KnowBe4 Team
A phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation.
|
By KnowBe4 Team
Cyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and investment scams were the most commonly reported attacks, with AI-related scams driving some of the costliest losses. Phishing was the top attack vector, with these attacks leading to more than $215 million in losses. Notably, AI-assisted business email compromise (BEC) attacks cost victims more than $30 million.
|
By KnowBe4 Team
Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others.
|
By Roger Grimes
Scams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders. On March 31, 2026, malicious hackers hijacked the development account of a lead maintainer of a popular open source product called Axios used by many companies. It has over 100 million downloads a week. Note: The Axios involved here is not Axios, the news media company.
|
By KnowBe4 Team
A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says.
|
By KnowBe4 Team
A new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.
Each year, Identity Management Day (IMD) serves as a global reminder that managing digital identities is more than a technical requirement; it is a cornerstone of modern trust. Now in its sixth year, IMD continues to emphasize how identity itself is evolving, stretching beyond human users to encompass machines, automated agents, and even AI-generated personas.
|
By Roger Grimes
You often hear companies touting that they are AI enabled. But most do not give you the results of how that new AI stacks up with their previous non-AI offerings. We have some early data and want to share it. KnowBe4 was the first Human Risk Management (HRM) vendor to use AI. While our competitors have been touting the use of AI only since 2023 at the earliest, we have been using machine learning (ML), the backbone workhorse of AI, since early 2016 – for a decade!
|
By KnowBe4 Team
By Roger A. Grimes and Matthew Duren AI agents can deliver incredible productivity gains, but their operational complexity makes effective threat modeling harder than ever, including for developers, administrators and especially end users. At the same time, both developers and non-developers are increasingly vibe-coding, or using AI to generate functional software from natural language prompts.
|
By KnowBe4 Team
A new commodity phishing kit called “Venom Stealer” allows threat actors to automate ClickFix attacks, according to researchers at BlackFog. ClickFix is a social engineering technique that tricks users into executing malicious commands on their computer, usually resulting in malware installation.
A Flashy pop-up + a huge ransom demand = FAKE. "Your files aren't encrypted." It's theater designed to panic you into paying. Close the browser. Don't click and don't pay. Real ransomware doesn't need the dramatics. Fake ones do.
You just unboxed your child’s new device...now what? Default settings are built for clicks, not kids. Use these tips to set them up for safety success on day one.
In a world where anything can look real…sharing without checking is risky. AI is making it easier than ever for misinformation to blend in. Once it spreads, it’s hard to undo. Pause before you share. A few extra seconds can make all the difference.
Incognito mode is NOT a privacy shield. It may stop your roommates from seeing your history, but it doesn't stop your IP address or activity from being tracked elsewhere. If you want real privacy, use a VPN and strict browser settings.
You asked, we answered: How do you spot a fake QR code? Scammers are good at faking public QR codes. From crooked stickers to "typo" URLs, here’s exactly what to look for before you tap that link. Remember, trust your gut. If it looks off, skip the scan.
Your morning run might be sharing more than just your pace. Fitness apps like Strava are great for tracking, but default settings can leave your daily routine exposed to anyone. If you haven't checked your privacy tab lately, now is the time! Don't let your run become a roadmap for the wrong people.
POV: You get that “I found your photo” WhatsApp message. It’s a trap! Scammers are sneaky: they don’t want your password, they want to link your account to their device. WhatsApp will never ask you to link a device just to view a photo. Always be sure to check linked devices and verify before clicking to stay safe.
Let’s put your cyber knowledge to the test. Do you know when the first computer virus was created? We hit the halls at KnowBe4 to test the team’s history knowledge in cybersecurity and the answers could surprise you... Let us know how you did in the comments!
Before you hit “send” on Zelle, Venmo, or CashApp — pause. Most peer-to-peer payment apps work like digital cash. Once the money is sent, it’s often gone for good. No undo button. No guaranteed fraud protection. Don’t let a quick payment turn into a permanent loss.
Friends asking about your crypto posts? Bestie, you got hacked. Here's how you recover quickly.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
- April 2026 (26)
- March 2026 (50)
- February 2026 (26)
- January 2026 (22)
- December 2025 (31)
- November 2025 (31)
- October 2025 (42)
- September 2025 (26)
- August 2025 (24)
- July 2025 (17)
- June 2025 (26)
- May 2025 (24)
- April 2025 (31)
- March 2025 (31)
- February 2025 (24)
- January 2025 (24)
- December 2024 (21)
- November 2024 (29)
- October 2024 (37)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.