Researchers at Palo Alto Networks’ Unit 42 are tracking two new malicious AI tools, WormGPT 4 and KawaiiGPT, that allow threat actors to craft phishing lures and generate ransomware code.

KnowBe4 is proud to announce that three of its leading security products — Security Awareness Training, PhishER/PhishER Plus and Compliance Plus — have been recognized as 2026 Buyer's Choice award winners by TrustRadius, a HG Insights company and buyer intelligence platform for business technology.

Sophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms, according to Sumsub’s latest Identity Fraud Report.

A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog.

Users should be particularly wary of holiday-themed scams over the next few weeks, according to researchers at Malwarebytes.

“Mobile-first shopping has become second nature, and during the holidays, it’s faster and more frantic than ever,” Malwarebytes says. “Fifty-five percent of people get a scam text message weekly, while 27% are targeted daily.

A large phishing campaign is using phony seasonal party invites to trick users into installing remote management and monitoring (RMM) tools, according to researchers at Symantec.

A new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, instances of deepfaked selfies have increased by 58% over the past year.

Users and organizations should be prepared for a surge in phishing attacks over the next several weeks, as attackers take advantage of the holiday shopping season, according to a new report from Zimperium.

Ransomware attacks spiked in October 2025, with more than 700 organizations sustaining attacks, according to a new report from Cyfirma.

A new phishing kit is impersonating the Italian IT and web services provider Aruba, according to researchers at Group-IB. The kit is designed to trick users into entering their Aruba credentials, granting attackers access to sensitive accounts.

Researchers at Zimperium are tracking a new malware-as-a-service platform designed to target Android phones with banking Trojans. The platform, dubbed “Fantasy Hub,” allows unskilled threat actors to launch sophisticated malware campaigns that trick victims into granting access to their bank accounts.

We’re thrilled to announce KnowBe4 Studios, uniting our world-class creative teams under one powerful brand for our Compliance Plus library. Leveraging the latest AI technologies and the expertise of our global content creators, we’re set to produce more engaging compliance training than ever before—including fresh microcontent, interactive games and expanded storytelling experiences. This evolution marks the next phase in our quest to disrupt compliance training, which in combination with our security awareness training, helps your organization rise above risk. 

Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is known for its ability to bypass multi-factor authentication measures.

Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social engineering technique that tricks the victim into copying and pasting a malicious command, then running it on their computer. 

AI-fueled cyberattacks are increasingly targeting entities across Africa, according to Robert Lemos at Dark Reading.

Lemos cites two recent reports from Microsoft and Group-IB that warned of a rise in attacks targeting African organizations, with threat actors using AI to assist in various steps of the attack chain.

Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these apps simply collect user data to be sold to advertising services, while others act as full-fledged malware.