Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re proud to share that KnowBe4 has once again been recognized as a leader in cybersecurity, receiving six 2026 TrustRadius Top Rated Awards across our platform. These awards are especially meaningful because they’re based entirely on customer feedback—making them a direct reflection of how our customers view the value and impact of our partnership.

Spam and phishing are often used interchangeably in email security, but they serve distinct purposes and carry varying levels of risk. Understanding the difference between spam vs. phishing helps organizations better recognize threats and respond appropriately. This guide breaks down how spam and phishing differ, how to identify each, and what steps organizations can take to reduce risk.

Cyberattacks are now the top concern of leading CEOs, overtaking fears over geopolitical turmoil or inflation, the Wall Street Journal reports. A survey by the Conference Board and the Business Council found that 65% of CEOs at blue-chip companies cited cyberattacks as their top worry in the second quarter of 2026, an increase from 56% in Q1 2026.

As Japan navigates the mid-point of the decade, its cybersecurity landscape is undergoing a fundamental transformation. Driven by escalating geopolitical tensions and the rapid proliferation of agentic AI, the nation is shifting its focus from purely technical defenses to a broader strategy of "Cognitive Security" and national resilience. The emergence of a hybrid workforce - where human employees work alongside autonomous AI agents - has redefined the traditional enterprise perimeter.

Threat actors are increasingly using AI-enabled social engineering to get around technical security measures, according to a new report from Visa. Social engineering attacks were behind the largest number of losses in the second half of last year. “From July to December 2025, Visa identified nearly $1 billion in scam-related activity, making scams the single largest category of consumer payment fraud,” Visa says.

As reported in the latest Phishing Threat Trends Report (Vol. 7), attackers are increasingly using calendar invites to bypass traditional email defenses, with this vector surging 49% over the past six months. In this Threat Labs deep dive, our team goes behind the scenes to provide a detailed analysis of this escalating campaign. We break down the technical underpinnings and tactical shifts in a unique multi-vector attack that turns your trusted corporate schedule into an instrument of compromise.

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent webinar, Martin explores the transition from AI tools to AI agents.

The US Federal Bureau of Investigation (FBI) has warned that a new phishing-as-a-service (PhaaS) platform called “Kali365” is targeting OAuth tokens to gain direct access to users’ Microsoft 365 accounts without stealing credentials or multifactor authentication codes. “Through the Kali365 platform subscription, cyber threat actors can capture ‘OAuth’ tokens and gain persistent access to targeted individuals/entities' Microsoft 365 environments,” the Bureau says.

Businesses increasingly identify cyber risk as a core operational concern. Yet many cyber incidents still stem from basic, preventable vulnerabilities such as susceptibility to phishing, weak passwords, unpatched software and misconfigured systems. Insurers can play an important role in helping to raise firms’ cybersecurity hygiene and enhancing overall cyber resilience. However, cyber insurance penetration in certain market segments and regions remains low.