Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 9th, Codewall.ai disclosed how it had hacked McKinsey & Company’s AI platform called Lilli, a purpose-built system for 43,000+ employees to analyze documents, chat, and access decades of proprietary research. The researchers unleashed an AI agent which quickly scanned 200 endpoints, identified 22 that did not require authentication, and one that wrote user search queries into a database including non-parameterized JSON keys which were concatenated directly into SQL.

The number of publicly reported unique vulnerabilities has risen year after year. There was a brief decrease and stabilization in 2015 - 2016, but those are the only years in the over two decades (1999 - on) I have been following vulnerability metrics. Other than that, it has been up, up, up.

The old rules for spotting a phishing email are changing. Remember looking for bad grammar and clumsy spelling? Thanks to AI, hackers' emails are increasingly polished and hard to spot. But a new poll from KnowBe4 reveals the modern worker's most reliable alarm bell for a cyberattack isn't a typo; it's a sense of manufactured urgency.

Digital Cleanup Day might be seen as a digital chore: delete old files, clear the inbox, reduce your carbon footprint. It’s framed as a technical exercise. But digital cleanup isn't only about your hard drive; it’s also about your mind. We are currently drowning in "Digital Toxicity" vast amounts of redundant, obsolete, and trivial data. This isn't just a storage issue. It’s a security crisis. Why? Because you cannot protect data you don’t remember you have.

I am very proud of our customer community here at KnowBe4. It is a place where customers can discuss our products amongst each other and interface with KnowBe4’s developers and product managers. Allowing customers to interface with other customers allows them to hear suggestions and solutions that people using our product have discovered and used, and if they have a problem that a fellow customer can’t answer, our team is there.

A surge in shipping-related phishing scams is targeting the Middle East and Africa (MEA) region, according to researchers at Group-IB. “To deliver the scam, the attacker sends a phishing link to victims via SMS using various spoofing or bulk-message techniques,” the researchers write. “These links are typically optimized for mobile devices, since most victims open SMS messages on their phones.

Integrated cloud email security (ICES) is a term coined by industry analyst, Gartner, in their 2021 Market Guide for Email Security. The guide was reissued in 2023 and stated that ‘by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platform, up from less than 5%” at the time of publication’.

Anyone who knows me knows I’m passionate about mindfulness. Because I genuinely believe it makes us better humans. But also, because I have one of those brains that desperately needs it. I’m easily distracted and I start new ideas before finishing old ones. My attention can scatter in a hundred directions. I wrote before how I clicked on a phishing test because I was multitasking and running on autopilot. And that moment really changed the direction of my career and my research.