|
By Anna Collard
In 2024, we talked to AI. In 2026, AI is talking to our systems, our customers, and increasingly, acting on our behalf. With AI agents, we are moving AI from a tool to an actor, from assistance to agency and from outputs to actions. And that changes the nature of risk. AI agents plan, execute, and interact with the world on our behalf. They send emails, move data, trigger workflows, and increasingly operate across systems without human intervention.
|
By KnowBe4 Team
Threat actors are increasingly augmenting their attacks with AI tools, according to researchers at Google’s Threat Intelligence Group (GTIG). For the first time, GTIG observed a threat actor using a zero-day exploit developed by AI, although Google blocked the attack before it succeeded. Threat actors also continue to use Large Language Models (LLMs) for research, reconnaissance, and malware development.
|
By KnowBe4 Team
The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent deep-dive webinar, Martin explored the transition from AI tools to AI agents.
|
By Haylea Reiner, MBA
2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. The reality by the numbers: To close this window, your defense strategy must evolve into a two-step strategy of accuracy and automation.
|
By Erich Kron
There is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot match. Unfortunately, the same technology helping defenders is also being adopted by cybercriminals just as quickly. For cybersecurity professionals, keeping up with AI and agentic developments is no longer optional.
|
By KnowBe4 Team
GitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,800 repositories being “directionally consistent” with its investigation. GitHub also said it found no evidence that customers’ own enterprises, organizations or repositories were impacted.
|
By KnowBe4 Team
In the world of security awareness training, a comprehensive library of relevant and engaging content is a necessity. But even the best training can feel limited when you need to talk about your specific VPN rules, a policy that changed this morning, or a novel threat uniquely targeting your industry today. When you need exactly the right training at the right time customized to your organization, what do you do?
|
By KnowBe4 Team
A phishing campaign exploited a glitch in Robinhood’s account creation process to send phishing emails from the investment platform’s own systems, SecurityWeek reports.
|
By KnowBe4 Team
UK residents lost £102 million ($138 million US) to romance scams in 2025, according to a new report from the City of London Police. “Data shows 10,784 reports of romance fraud were made to Report Fraud last year - a 29 percent increase compared with 2024,” the report says. “Police believe this rise is partly driven by increased awareness and confidence in reporting, but it also highlights the ongoing scale and impact of a crime that often unfolds over weeks or months.
|
By KnowBe4 Team
Researchers at Guardo Labs are tracking a major phishing campaign that abused Google AppSheet as a relay to send phishing emails. The researchers identified more than 30,000 Facebook accounts that were compromised by this campaign. Since the emails are sent from Google’s legitimate infrastructure, they’re much more likely to land in users' inboxes.
Creating urgency, triggering reactions, and bypassing logic—sound familiar? Whether it's a 3 a.m. meow or a fake security alert, the tactics are the same. Don't be the catch of the day. Learn to spot the "phish" before you click!
Think phishing is just a corporate email issue? Think again. Scammers use compromised accounts and lookalike profiles on social media to target you where you least expect it. Stay sharp, verify outside the app, and don't get reeled in by sketchy links!
A Flashy pop-up + a huge ransom demand = FAKE. "Your files aren't encrypted." It's theater designed to panic you into paying. Close the browser. Don't click and don't pay. Real ransomware doesn't need the dramatics. Fake ones do.
You just unboxed your child’s new device...now what? Default settings are built for clicks, not kids. Use these tips to set them up for safety success on day one.
In a world where anything can look real…sharing without checking is risky. AI is making it easier than ever for misinformation to blend in. Once it spreads, it’s hard to undo. Pause before you share. A few extra seconds can make all the difference.
Incognito mode is NOT a privacy shield. It may stop your roommates from seeing your history, but it doesn't stop your IP address or activity from being tracked elsewhere. If you want real privacy, use a VPN and strict browser settings.
You asked, we answered: How do you spot a fake QR code? Scammers are good at faking public QR codes. From crooked stickers to "typo" URLs, here’s exactly what to look for before you tap that link. Remember, trust your gut. If it looks off, skip the scan.
Your morning run might be sharing more than just your pace. Fitness apps like Strava are great for tracking, but default settings can leave your daily routine exposed to anyone. If you haven't checked your privacy tab lately, now is the time! Don't let your run become a roadmap for the wrong people.
POV: You get that “I found your photo” WhatsApp message. It’s a trap! Scammers are sneaky: they don’t want your password, they want to link your account to their device. WhatsApp will never ask you to link a device just to view a photo. Always be sure to check linked devices and verify before clicking to stay safe.
Let’s put your cyber knowledge to the test. Do you know when the first computer virus was created? We hit the halls at KnowBe4 to test the team’s history knowledge in cybersecurity and the answers could surprise you... Let us know how you did in the comments!
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
- May 2026 (32)
- April 2026 (28)
- March 2026 (50)
- February 2026 (26)
- January 2026 (22)
- December 2025 (31)
- November 2025 (31)
- October 2025 (42)
- September 2025 (26)
- August 2025 (24)
- July 2025 (17)
- June 2025 (26)
- May 2025 (24)
- April 2025 (31)
- March 2025 (31)
- February 2025 (24)
- January 2025 (24)
- December 2024 (21)
- November 2024 (29)
- October 2024 (37)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.