Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Scammers are increasingly targeting athletes with advanced social engineering attacks, the Guardian reports. The Guardian cites a recent report from Ernst & Young that found that athletes and teams have lost nearly $1 billion to fraud over the past twenty years, and more than 40% of these losses were reported in the past six years.

Scammers are taking advantage of the conflicts in the Middle East and Ukraine to exploit people’s emotions, according to researchers at ESET. “Geopolitical turmoil often leads to human misery, which tends to pull at the heartstrings,” ESET says. “Legitimate charities may solicit donations to help their efforts to support innocent citizens caught in the crossfire.

Scammers are using legitimate hotel booking details to craft targeted phishing attacks, WIRED reports. Victims are far more likely to fall for a phishing attack if a message contains real information that they wouldn’t expect a scammer to know. According to researchers at Norton, this phishing campaign is targeting customers of at least 350 hotels and vacation rentals across 50 countries.

At the World Economic Forum cyber meeting in Geneva recently, I had an interesting conversation with Vinh Nguyen, who is a strategic security advisor and Senior Fellow for AI at CFR. I wanted to know from him how he sees runtime governance in agentic AI working out practically and what approaches actually work. One of the challenges he mentioned was that yes, we need runtime governance to provide continuous and real time assurance that agents are doing what they are supposed to be doing.

If AI agents are becoming organizational actors, then governance needs to move beyond principles and into operational structure. In Camille Stewart Gloster’s upcoming book The Insider You Build, she explains that governance is not defined by policies or structures, but by whether it can actually influence system behavior at runtime. In an agentic environment, governance only exists where it can shape, constrain, and intervene in decisions as they happen.

False positives can disrupt inbound email security as much as missed threats by slowing business workflows and eroding trust in security controls. As phishing attacks become more convincing, many systems respond by tightening filtering thresholds. But without enough context, this can lead to overblocking, where everyday business communication is misclassified as suspicious. Reducing false positives requires more than adjusting filters.

With over 10 years of experience in implementing AI, KnowBe4 has a ton of agents on its platform which customers can use to significantly lower risk. They help to secure the digital workforce (humans + AI agents). But five of them, all based and driven by risk scoring metrics, have become my favorites.

Cyber insurance claims surged by 40% over the past eighteen months, while ransomware payments have dropped by 44%, according to a new report from Cowbell Cyber. The three most common incident types were data breaches, cybercrime (including phishing and business email compromise), and extortion attacks (including ransomware).