Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Phishing Campaign Targets WhatsApp Accounts

Jan 8, 2026 By KnowBe4 Team In KnowBe4
Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts. The attack begins with an unsolicited message stating, “Hey, I just found your photo!” along with a link to a spoofed Facebook login page. Instead of trying to steal users’ Facebook credentials, however, the attackers are attempting to gain access to victims’ WhatsApp accounts.
Read Post

AI Compliance Training: EU AI Act & 90-Day Implementation Strategy

Jan 7, 2026 By KnowBe4 | Human Risk Management In KnowBe4
Executive Summary: A technical briefing on navigating the AI compliance landscape, focusing on the EU AI Act, US federal mandates, and state-level regulations. This session provides a structured 90-day roadmap for AI system governance, risk mitigation, and role-based training deployment. Key Knowledge Domains.
View Video
knowbe4

When Seeing Isn't Believing: AI Images, Breaking News and the New Misinformation Playbook

Jan 6, 2026 By KnowBe4 Team In KnowBe4
In the early hours following reports of a U.S. military operation involving Venezuela, social media feeds were flooded with dramatic images and videos that appeared to show the capture of Venezuelan president Nicolás Maduro. Within minutes, AI-generated photos of Maduro being escorted by U.S. law enforcement, scenes of missiles striking Caracas, and crowds celebrating in the streets racked up millions of views across various social media channels. The problem?
Read Post
knowbe4

New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

Dec 30, 2025 By KnowBe4 Team In KnowBe4
Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.” The technique, which the researchers call “ConsentFix,” tricks victims into copying and pasting a localhost URL containing an authorization token, then pasting it into a phishing page.
Read Post
knowbe4

Most Parked Domains Lead Users to Scams or Malware

Dec 29, 2025 By KnowBe4 Team In KnowBe4
Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox. “Parking threats are fueled by lookalike domains,” Infoblox explained. “No domain is immune. When one of our researchers tried to report a crime to the FBI’s Internet Crime Complaint Center (IC3), they accidentally visited ic3gov. Their phone was quickly redirected to a false “Drive Subscription Expired” page.
Read Post

When to Contact Your Bank About a Suspicious Charge

Dec 26, 2025 By KnowBe4 | Human Risk Management In KnowBe4
Fraud doesn’t start big. It starts quiet. Those small, unfamiliar charges (even $1) are often “test” charges scammers use to see what they can get away with. Contact your bank if: You see a charge you don’t recognize (even a small one) Your card suddenly declines mid-purchase You get alerts or texts about “unusual activity” Always verify through your bank’s official app or by calling the number on the back of your card.
View Video
knowbe4

New BlackForce Phishing Kit Bypasses Multifactor Authentication

Dec 22, 2025 By KnowBe4 Team In KnowBe4
Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, the kit “features a vetting system to qualify targets, after which a live operator takes over to orchestrate a guided compromise.” Additionally, the phishing kit uses mostly legitimate code in order to avoid detection by security scanners.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.