A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing malware.
Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners.
-1.png)
| "Good information. Everyone who owns a computer should do this training across the country. It should be mandatory!โ "Wow, I had no idea of the detail and advanced interrogation these criminals use! This was the most eye-opening session I've seen in a long time and VERY timelyโ "This was a valuable video. I love the practical tips for how to spot the fake video images - especially the shadows and the lack of glare on the glasses. Thank you!โ |
KnowBe4 is here to help you prepare for the evolving AI security landscape. As AI becomes more prevalent in the workplace, new threats and vulnerabilities are emerging. Now is the time to train your users on AI-related security risks! We have 80+ pieces of content in our library specifically addressing AI threats. Here are a few of our most used and highest-rated compliance modules:
We have even more AI security content on the roadmap, so stay subscribed to this newsletter for new releases to help you protect your organization against emergingย AI-driven threats. |
Deepfake attacks have become more compelling and realistic than ever before.
A friend of mine, John D., received this outreach on Threads (seeย below).
At first, he thought it was the standard fake employer scam, but it is more than that. It is very likely part of a North Korean fake employee scam. ย
.png)
| "Good information. Everyone who owns a computer should do this training across the country. It should be mandatory!โ "Wow, I had no idea of the detail and advanced interrogation these criminals use! This was the most eye-opening session I've seen in a long time and VERY timelyโ "This was a valuable video. I love the practical tips for how to spot the fake video images - especially the shadows and the lack of glare on the glasses. Thank you!โ |
KnowBe4 is here to help you prepare for the evolving AI security landscape. As AI becomes more prevalent in the workplace, new threats and vulnerabilities are emerging. Now is the time to train your users on AI-related security risks! We have 80+ pieces of content in our library specifically addressing AI threats. Here are a few of our most used and highest-rated security awareness modules:
We have even more AI security content on the roadmap, so stay subscribed to this newsletter for new releases to help you protect your organization against emerging AI-driven threats. |
.jpg)
Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' โChat with Anyoneโ feature, which lets external users send direct messages via email addresses.
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.
Threat actors are using the open-source phishing framework Evilginx to target universities across the United States, according to researchers at Infoblox. The attackers have targeted at least 18 universities and educational entities since April 2025, using phishing pages that spoofed student single sign-on (SSO) portals.
ReliaQuest warns that the cybercriminal collective โScattered Lapsus$ Huntersโ appears to be using social engineering attacks to target organizationsโ Zendesk instances.
Researchers at Palo Alto Networksโ Unit 42 are tracking two new malicious AI tools, WormGPT 4 and KawaiiGPT, that allow threat actors to craft phishing lures and generate ransomware code.
KnowBe4 is proud to announce that three of its leading security products โ Security Awareness Training, PhishER/PhishER Plus and Compliance Plus โ have been recognized as 2026 Buyer's Choice award winners by TrustRadius, a HG Insights company and buyer intelligence platform for business technology.
Sophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms, according to Sumsubโs latest Identity Fraud Report.
Since November 3, 2025, KnowBe4 Threat Labs has been monitoring a highly sophisticated, multi-stage phishing operation that is actively targeting organizations to steal employeesโ Microsoft 365 credentials. The campaign has been engineered to bypass traditional email security defenses, such as secure email gateways (SEGs),ย and multi-factor authentication (MFA) tools.
A new criminal platform called โMatrix Push C2โ is using browser notifications to launch social engineering attacks, according to researchers at BlackFog.
.png)
Following its launch in 2024, Gartnerยฎ has now published the second Magic Quadrantโข for Email Security โand KnowBe4 is delighted to once again be named a Leader!
Users should be particularly wary of holiday-themed scams over the next few weeks, according to researchers at Malwarebytes.
โMobile-first shopping has become second nature, and during the holidays, itโs faster and more frantic than ever,โ Malwarebytes says. โFifty-five percent of people get a scam text message weekly, while 27% are targeted daily.
Login
