Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last year, KnowBe4's report "Exponential Growth in Cyber Attacks Against Higher Education Institutions" illustrated the growing cyber threats facing universities and colleges. The report highlighted the perfect storm of factors making educational institutions prime targets: vast data repositories, open networks, limited security resources, and decentralized governance structures.

Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing. IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link. “The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year,” IBM explains.

You know what's interesting about data breaches? Everyone focuses on credit card numbers and financial data, but the reality is that every piece of information has value to someone. The Legal Aid breach perfectly illustrates this point, with over two million pieces of information accessed including details about domestic abuse victims, family cases, and criminal proceedings.

The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One. The attacks are sent from compromised email accounts to help them evade reputation-based detection by native security and secure email gateways (SEGs). Once delivered, the attacks use stylized HTML templates and brand impersonation to trick the recipient into believing the communications are legitimate. Recipients who fall victim are directed to credential-harvesting websites.

Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, CNBC reports. Fraudsters may send texts or emails posing as retailers, delivery companies or government agencies, requesting tariff-related payments for purchases and deliveries. James Lee, president of the Identity Theft Resource Center, noted that scammers frequently take advantage of new government policies to launch phishing attacks.

I was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out whatever code we could on our keyboards. Our professor looked around at our screens and did something that seemed bizarre at the time – he asked everyone to stop typing. "You're all being incredibly inefficient," he said, "Some of the best programmers I know never start at the keyboard.

Human risk management involves more than security awareness training, but training is a huge part of the mix. How else are you going to best fight a cyberthreat that is responsible for 70% to 90% of all successful data breaches after already bypassing every technical cybersecurity defense you threw in its way? At some point, a harmful scam message will make it to a user, and that user will be called upon to evaluate its importance and treatment.

The FBI is warning that threat actors are impersonating senior US officials in phishing attacks designed to compromise users’ accounts. Notably, the attackers are using AI-generated audio to convincingly spoof the voices of real people.

Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign impersonating social media platform giant Meta.

Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise. It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years.