Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Phishing Kits Are Growing More Sophisticated; Focused on Bypassing MFA

May 8, 2025 By KnowBe4 Team In KnowBe4
Researchers at Cisco Talos warn that major phishing kits continue to incorporate features that allow them to bypass multi-factor authentication (MFA). Commodity phishing kits like Tycoon 2FA and Evilproxy achieve this by using reverse proxies to intercept traffic from the authentication process during a phishing attack.
Read Post
knowbe4

Warning: Phishing Campaign Impersonates the US Social Security Administration

May 7, 2025 By Cindy Zhou In KnowBe4
Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool. ScreenConnect is a legitimate tool used for remote IT management, but it can be abused by hackers to take control of victims’ computers.
Read Post
knowbe4

Xfinity Scam Might Explain Similar Scams

May 1, 2025 By Roger Grimes In KnowBe4
Recently, I covered a T-Mobile scam where a friend of mine narrowly avoided losing money. In that scam, the attackers called up pretending to be from T-Mobile offering him a cannot-pass-up 30% discount on future T-Mobile bills. While he was initially suspicious of the unexpected callers, they gained his confidence by repeating the amounts of his last two T-Mobile bills, billing address, and knew that his wife was also on the account.
Read Post
knowbe4

Email Remains the Top Attack Vector for Cyberattacks

May 1, 2025 By Stu Sjouwerman In KnowBe4
Email is still the most common attack vector for cyber threats, according to a new report from Barracuda. The researchers found that one in four emails during February 2025 was either malicious or spam. HTML attachments were the most common file type used in phishing emails. “One of the most striking findings from the report is that 23% of HTML attachments are malicious, making them the most weaponized type of text file,” Barracuda says.
Read Post

Roger Grimes talks AI Deepfake Threats with theCUBE at RSAC 2025

May 1, 2025 By KnowBe4 In KnowBe4
Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, reveals how autonomous, and AI-powered deepfake malware is transforming the cybersecurity landscape in this eye-opening RSAC 2025 interview with @siliconangle. Discover why organizations must urgently prepare for sophisticated social engineering attacks that leverage AI technology to bypass traditional security measures. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
View Video
knowbe4

A Sneaky T-Mobile Scam and Lessons That Were Learned

Apr 30, 2025 By Roger Grimes In KnowBe4
A friend of mine got a call on his phone and he regrettably picked it up. The number was 267-332-3644. The area code is from Bucks County, PA, where he used to live many years ago. But since his multiple anti-scam phone filter apps did not flag the number as a scam, and it was from a place he used to live, he picked it up.
Read Post
knowbe4

Criminals Exploit the Death of Pope Francis to Launch Scams

Apr 29, 2025 By Stu Sjouwerman In KnowBe4
Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point. The researchers note that threat actors often take advantage of high-profile tragedies and crises to exploit victims’ emotions. “They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI,” the researchers write.
Read Post
knowbe4

What Is Device Code Phishing?

Apr 29, 2025 By Roger Grimes In KnowBe4
Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. This post will tell you what device code phishing is and how to defend against it. Here are some other related reports involving the recently reported device code phishing attacks.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.