Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports.

QR code phishing (quishing) is already more difficult to detect, since these codes deliver links without a visible URL. Attackers are now using QR codes with colors, shapes, and logos woven into the code’s pattern.

Forty percent of employees have never received cybersecurity training, according to a new report from Yubico. That number rises to nearly sixty percent for employees working for small businesses.

A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports.

Threat actors are using bots to post the comments, which impersonate LinkedIn itself and inform the user that their account has been restricted due to policy violations. The comments contain links to supposedly allow the user to appeal the restriction.

For those of you who are like me, when I first heard about the new EU AI Act, I had flashbacks to the implementation of the General Data Protection Act (GDPR) back in 2018. There are certainly a lot of similarities with the EU leading the way in consumer protections that will likely lead to more, similar legislation across the globe.

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke

KnowBe4 Threat Labs recently examined a sophisticated dual-vector campaign that demonstrates the real-world exploitation chain following credential compromise.

While organizations invest heavily in stopping threats from entering their networks, a critical vulnerability often goes underprotected: sensitive data leaving the organization through email.

A survey by the World Economic Forum (WEF) found that 47% of organizations cite the advancement of adversarial capabilities as their top concern surrounding generative AI.

Scammers stole an estimated $17 billion worth of cryptocurrency in 2025, according to a new report from Chainalysis.  Notably, the report found that AI-assisted scams stole 4.5 times more money than scams that didn’t leverage AI.

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This technique isn’t new, but Microsoft has observed a surge in these attacks since May 2025.

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo, and Coinbase.

Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing industry.

WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations.

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.

Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts.

Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization.

The North Korean threat actor “Kimsuky” is using QR codes to trick users into installing malicious mobile apps, according to security researchers at ENKI. The phishing sites, which impersonate delivery services, inform users that the webpage cannot be viewed on a desktop.