CyberheistNews Vol 15 #51 | December 23rd, 2025
[Heads Up] Crafty New Phishing Attacks Abuse Free Cloudflare Pages
Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners.
The attackers are building fake login pages impersonating banking, insurance and healthcare entities. The pages are designed to harvest credentials as well as security questions and multifactor authentication codes.
"From the victim's point of view, nothing seems unusual beyond an odd-looking link and a failed sign-in," the researchers write. "For the attackers, the mix of free hosting, compromised redirectors and Telegram-based exfiltration gives them speed, scale and resilience.
"The bigger trend behind this campaign is clear: by leaning on free web hosting and mainstream messaging platforms, phishing actors avoid many of the choke points defenders used to rely on, like single malicious IPs or obviously shady domains. Spinning up new infrastructure is cheap, fast and largely invisible to victims."
Malwarebytes offers the following advice to help users avoid falling for these attacks:
- Always check the full domain name, not just the logo or page design. Banks and health insurers don't host sign-in pages on generic developer domains like *.pages[.]dev, *.netlify[.]app, or on strange paths on unrelated sites.
- Don't click sign-in or benefit links in unsolicited emails or texts. Instead, go to the institution's site via a bookmark or by typing the address yourself.
- Treat surprise 'extra security' prompts after a failed login with caution, especially if they ask for answers to security questions, card numbers or email passwords.
- If anything about the link, timing or requested information feels wrong, stop and contact the provider using trusted contact information from their official site.
Keep training those users. They need a healthy sense of skepticism. Especially with deepfakes now being out there much more. Over 70,000 of your peers trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk. You should really see the webinar below, the new deepfake training is powerful and surprisingly easy to use.
Blog post with links:
https://blog.knowbe4.com/warning-phishing-attacks-abuse-free-cloudflare-pages
[Live Demo] Ridiculously Easy AI-Powered Security Awareness Training and Phishing
Phishing and social engineering remain the #1 cyber threat to your org, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.
Join us for a demo showcasing KnowBe4's leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.
See how easy it is to train and phish your users with KnowBe4' HRM+ platform:
- NEW! Deepfake Training Content - Generate hyperrealistic deepfakes of your own executives to prepare users to spot AI-driven manipulation and deepfakes
- SmartRisk Agent™ - Generate actionable data and metrics to help you lower your organization's human risk score
- Template Generator Agent - Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
- Automated Training Agent - Automatically identify high-risk users and assign personalized training
- Knowledge Refresher Agent and Policy Quizzes Agent - Reinforce your security program and organizational policies
See how these powerful AI-driven features work together to dramatically reduce your organization's risk while saving your team valuable time.
Date/Time: Wednesday, January 7 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/kmsat-demo-1?partnerref=CHN
WeChat Phishing Attacks a Growing Threat Outside China
By The KnowBe4 Threat Lab
"Super-app" WeChat offers a wealth of functionality—from instant messaging, text and voice messaging, and video calls to mobile payments, ride booking, ordering food deliveries, paying bills and even accessing government services.
Provided by Chinese technology conglomerate Tencent, WeChat has become deeply integrated into daily life in China and usage has been spreading globally. The app now boasts over 1.4 billion active users (24.8% of total internet users).
As well as appealing to legitimate users, the breadth of functionality (particularly WeChat's mobile payment capability) also makes it attractive to cybercriminals. An initial phishing email is used to move victims into WeChat where social engineering attacks and payment fraud can occur in an environment that it's more difficult to monitor and secure.
Much like WeChat usage, these attacks are on the rise outside of China.
In 2024, only 0.04% of phishing emails detected by KnowBe4 Defend in the U.S. and EMEA (including the UK) contained WeChat "Add Contact" QR codes. Since the start of 2025, this has risen to 1.43%, spiking in November at 5.1%.
While the overall volume remains relatively low, this represents a 3,475% increase across these regions. Additionally, 61.7% of these phishing emails were written in English and a further 6.5% were in languages other than Chinese or English, indicating a growing and targeted diversification.
This move reflects law enforcement crackdowns on domestic and near-border fraud networks in China, pushing scam operators to branch out. GenAI has been a key accelerator of this shift, removing the need for language proficiency to send a convincing phishing email or instant message.
Both global systems and domestic Chinese LLMs (such as Baidu's ERNIE Bot) make it easy for cybercriminals to create natural, high-quality phishing emails in non-Chinese languages.
[CONTINUED] Blog post with links and graphics;
https://blog.knowbe4.com/wechat-phishing-attacks-a-growing-threat-outside-china
The Outstanding ROI of KnowBe4’s Human Risk Management Platform
Reducing the risk of a data breach is paramount, and the overwhelming majority of data breaches are due to human error. According to Verizon's Data Breach Investigations Report, 74% of all data breaches involved the human element.
It's why security awareness training and security orchestration platforms are critical at reducing risk, protecting data and ensuring regulatory compliance. They now represent one of the best return on investments for your organization's infosec budget.
Download this guide to understand:
- The cost savings and productivity gains of KnowBe4's SAT, Compliance Plus and PhishER Plus products
- The overall risk reduction of a data breach or ransomware attack
- How you can decrease your cyber insurance premiums
- The three-year ROI and annual benefits
Download Now:
https://info.knowbe4.com/hobson-outstanding-roi-knowbe4-hrm-platform-chn
Unmasking the Deepfake Threat: A Game-Changer for Reducing Human Risk
By Roger Grimes
Today, anyone can find a picture of absolutely anybody and it is also not difficult to find a sample of their voice. By combining these it is shockingly easy to create a realistic AI deepfake video of that person.
The video may not be perfect, and an experienced AI deepfake enthusiast might be able to see signs of it not being real, but it will be good enough to fool 99% of people. Cybercriminals have been creating and using AI-enabled deepfake technologies since early 2024 to socially engineer people.
Although early on it was much harder to do and scammers only used it on selected, high-value targets, like in this $25 million heist.
Those days are gone and AI deepfake tools and services are now much more accessible. There are literally hundreds on the internet and most of them have free versions available. It will take the average person longer to sign up for the free account than to make their first AI-enabled, realistic deepfake.
AI deepfakes are increasingly being deployed by cybercriminals. A 2025 Gartner survey of cybersecurity leaders revealed a significant threat: 62% of orgs reported experiencing a deepfake attack involving social engineering or automated process exploitation, while 32% faced attacks against AI apps leveraging malicious application prompts.
In addition, chatbot assistants are susceptible to various adversarial prompting methods where attackers manipulate Large Language Models (LLMs) or multimodal models to produce biased or harmful output. Experts expect that by the end of 2026, these tactics will become commonplace against traditional, everyday targets.
Therefore, it's vital that we all get educated about AI-enabled deepfakes. KnowBe4 has already created a ton of good educational content on the topic to train employees, but we went one HUGE step further!
We now have deepfake training content which allows KnowBe4 Diamond-level customers with AIDA to easily and safely create and deploy simulated deepfake training videos to their teams, just like any other type of KnowBe4 training campaign.
All you have to do is follow a handful of step-by-step instructions, including uploading a short video and audio sample of the person you want to create a deepfake video of (e.g., yourself, CEO, CISO, CFO, etc.), select one of the predefined scenarios or scripts, preview and approve the simulated voice, preview and approve the simulated video, and run a training campaign.
With this feature, your users can experience firsthand how convincing deepfakes have become. They will also learn how to recognize manipulated media with practical cues on what to look out for when evaluating video or audio that appears to be from someone they know and trust.
This is a real game-changer in your plan to reduce human risk in your environment. You don't just have to talk about deepfakes, you can show employees one of someone they know and trust. Here is a screenshot of the current defined scenarios:
[CONTINUED] blog post with screenshots and webinar invite:
https://blog.knowbe4.com/unmasking-the-deepfake-threat-a-game-changer-for-reducing-human-risk
Big News: Cybersecurity tips on TikTok, Instagram, and YouTube Shorts!
Everyone deserves cybersecurity knowledge that's quick, clear and easy to apply. That's why we've launched bite-sized content on TikTok, Instagram and YouTube Shorts.
Why this matters to you:
Get quick, actionable cybersecurity tips you can actually use, whether you're protecting yourself at work, keeping your family safe online, or helping friends avoid costly scams.
What you'll learn:
- How to spot romance scams
- What to do when your password gets compromised
- How hackers deepfake voices to target your loved ones
- Why that "unpaid toll" text is probably a trap
- And much more practical security tips and best practices
The best part? Each tip takes less than 60 seconds to watch and is designed for everyone, from tech-savvy professionals to your parents who "just want their phone to work."
Follow us for security knowledge that actually sticks:
TikTok
@KnowBe4Inc
Instagram
@KnowBe4Inc
YouTube
@KnowBe4
P.S. For in-depth cybersecurity trends and industry news, subscribe to the KnowBe4 blog at
https://blog.knowbe4.com/
[HRM+ ENHANCEMENTS] Redesigned Risk Score and Updated Thresholds
What's Changing: A New Look for Risk Score - We've redesigned the interface with a modern, intuitive layout that makes it easier to understand organizational human risk. The enhanced data visualizations will help quickly spot trends and priorities that need attention.
Updated Risk Level Thresholds - We're refining how we classify risk levels based on comprehensive analysis across our customer base. This means the label associated with a customer's Risk Score (such as Yellow-Medium or Orange-High) may shift to better reflect industry benchmarks and give a more accurate picture of where they stand.
What Customers Need to Do:
The new look is available as an opt-in experience, so customers can explore the updated interface whenever they are ready. The threshold updates took effect on December 15, and only affect the labels, not the actual Risk Score number.
Resources
Learn more about these design changes here:
https://support.knowbe4.com/hc/en-us/articles/204218028-Dashboard-Overview#h_01HDSAGC9WSS2SC3CANFY27X7M
Learn more about new range thresholds here:
https://support.knowbe4.com/hc/en-us/articles/40003728753171-FAQ-SmartRisk-Agent-and-Risk-Score-Guide#h_01JQY7FXMVVCHNE0K00XJQDGEG:~:text=regarding%20physical%20security.-,What%20is%20the%20available%20range%20for%20Risk%20Score%3F,-The%20Risk%20Score
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.
PS: You can now pre-order my new book: Agent-Powered Growth, or... forward to your Marketing and Growth team!:
https://stu-sjouwerman.multiscreensite.com/
PPS: President Trump signs $901B 2026 National Defense Authorization Act:
https://therecord.media/trump-signs-ndaa-cyber-command
- René Descartes - Philosopher (1596 - 1650)
- Elon Musk - Entrepreneur and Innovator (1971 - present)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-51-heads-up-crafty-new-phishing-attacks-abuse-free-cloudflare-pages
Happy Holidays! CHN will be back January 6th, 2026
Social Engineering and Ransomware Were Top Threats in H2 2025
ESET has published its Threat Report for the second half of 2025, finding that all types of threat actors are now using AI tools in varying degrees to assist in their campaigns.
The use of AI to improve social engineering attacks remains the most common application of these tools.
Juraj Jánošík, ESET's Director of Automated Systems and Intelligent Solutions, stated, "We expect direct use of AI for generating malware and scripts to remain limited and specific, with the real transformation in the threat landscape happening in the area of social engineering.
"The most significant challenge will be the continuous surge in high-quality, AI-generated attack vectors, such as convincing deepfakes, emails and ads, enable even low-skilled attackers to orchestrate sophisticated scams at scale and low cost.
"As demonstrated by 2025's investment scams, attackers increasingly rely on the appearance of trustworthiness rather than genuine functionality, leveraging AI to mimic professional-grade presentations and interactions – making social engineering one of the primary battlegrounds in cyberdefense."
Attackers are also using deepfakes in scam ads, which serve as lures for phishing operations. "Looking closer at the scam ads, there have been notable upgrades over the last year," ESET says. "Deepfakes of popular personalities, used as initial hooks for phishing forms or websites, now use higher resolution, have significantly reduced unnatural movements and breathing, and have also improved their A/V sync. All of these changes make it more difficult for potential victims to spot the deception"
The researchers also observed a significant increase in ransomware attacks, as threat actors continue to refine their tactics. "On the ransomware scene, victim numbers surpassed 2024 totals well before year's end, with ESET Research projections pointing to a 40% year-over-year increase," they write.
"Akira and Qilin now dominate the ransomware-as-a-service market, while low-profile newcomer Warlock introduced innovative evasion techniques. EDR killers continued to proliferate, highlighting that endpoint detection and response tools remain a significant obstacle for ransomware operators."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
ESET has the story:
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2025/
81% of Small Businesses Sustained a Cyber Incident Over the Past Year
81% of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise their prices as a result, a report from the Identity Theft Resource Center (ITRC) has found.
The report notes that external hackers have overtaken malicious insiders as the most common root cause of these incidents. This trend is partially driven by AI-assisted social engineering attacks, which were cited as a root cause by more than 41% of victims.
"The emergence of AI as a primary attack vector aligns with extensive industry analysis on the weaponization of generative AI for creating hyper-realistic phishing emails, deepfake audio and video, and adaptive malware," the report says.
"These tools are effectively democratizing advanced attack capabilities that were once the domain of highly skilled actors. The primary advantage of a malicious insider has always been their intimate knowledge of internal processes, communication styles and organizational hierarchies, allowing them to bypass defenses through trust and familiarity.
"AI tools now allow external actors to replicate this advantage at scale." Users should be aware of this trend, as many red flags associated with social engineering, such as typos or odd grammar, will no longer be present.
"Employee security training must be updated to address these new threats," the report says. "Staff should be educated on the tell-tale signs of AI generated content, such as subtle visual artifacts in deepfake videos, the lack of emotional nuance in a cloned voice, or the unnaturally perfect grammar of an AI-crafted email.
"Fostering a culture of healthy skepticism, where employees feel empowered to question and verify unusual or urgent requests, is vitally important."
AI-powered security awareness training gives your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.
Infosecurity Magazine has the story:
https://www.infosecurity-magazine.com/news/twofifths-smbs-raise-prices-after/
What KnowBe4 Customers Say
"Hello Bryan, everything is going well. I think the platform is pretty useful for us. Our success managers (Jara K. and Alexandre D.) have been wonderful giving assistance and helping us to solve our problems and get the full value of the tool."
- N.A., Ciberseguridad
"Hi Bryan, Thanks for reaching out and for the personal message, it really means a lot. So far very happy here. The onboarding assistance that I received from Bruna L. from KnowBe4 was really really valuable and assisted majorly in getting us up and running."
- B.T., IT Director
"Hi Bryan, Thank you so much for reaching out and making sure everything is going smoothly. I'm happy to report that we are indeed very pleased with KnowBe4. We officially launched the platform last month, and the feedback from both our Senior Leadership Team (SLT) and end users has been very positive.
"I also wanted to take this opportunity to highlight the exceptional job Mia has done in ensuring a smooth onboarding process. Her efforts have made a significant difference, and we truly appreciate her dedication and support. Thank you again for following up, it means a lot to us!"
- P.H., Senior Manager, Information Technology
- MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin:
https://therecord.media/mi6-chief-speech-russia-threats-warning - Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks:
https://www.securityweek.com/amazon-russian-hackers-now-favor-misconfigurations-in-critical-infrastructure-attacks/ - Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow:
https://www.securityweek.com/militant-groups-are-experimenting-with-ai-and-the-risks-are-expected-to-grow/ - Principles for the Secure Integration of Artificial Intelligence in Operational Technology:
https://www.ic3.gov/CSA/2025/251215.pdf - FBI dismantles alleged $70M crypto laundering operation:
https://www.justice.gov/usao-edmi/pr/fbi-disrupts-virtual-money-laundering-service-used-facilitate-criminal-activity - Critical Amazon Kindle Hack Confirmed — What You Need To Know:
https://www.forbes.com/sites/daveywinder/2025/12/16/critical-amazon-kindle-hack-confirmed---what-you-need-to-know/ - Google sues alleged Chinese scam group behind massive U.S. text message phishing ring:
https://www.nbcnews.com/tech/security/google-sues-chinese-scam-ring-e-zpass-usps-phishing-texts-rcna249469 - Deepfakes are no longer just a disinformation problem. They are your next supply chain risk:
https://www.fastcompany.com/91460661/deepfakes-business-supply-chain-risk-executives - FBI warns of virtual kidnapping scams using altered social media photos:
https://www.ic3.gov/PSA/2025/PSA251205 - More than half of Christmas-themed spam emails are scams:
https://www.bitdefender.com/en-us/blog/hotforsecurity/over-half-of-christmas-themed-spam-emails-in-2025-are-scams-bitdefender-antispam-labs-warns
- Virtual Vaca #1 GREENLAND in 4K – Arctic Expedition to East Greenland's Fjords and Icebergs:
https://youtu.be/lQUCbqP1SzE - Virtual Vaca #2 Patagonia in 4K - Incredible Scenes & Uncovering Hidden Gems:
https://youtu.be/z8Gw2p2vRr0 - Virtual Vaca #3 2025 Year of Travel in Review: Amazing Places on Our Planet:
https://youtu.be/5hBjVP3b96c - GoPro | Best of 2025 — The World, Unfiltered:
https://www.flixxy.com/gopro-best-of-2025-the-world-unfiltered.htm?utm_source=4&utm_medium=email - Is Colorado's Massive Dam Expansion in Trouble?:
https://youtu.be/5uh6qLtPpV8 - Travel back to New York City in 1911 - Restored Footage:
https://youtu.be/aE3fng1Zyfw?si=PlvUr53DTCdGgbyK - Sylvain Juzan returns to Penn & Teller ... and FOOLS them!:
https://www.flixxy.com/doing-nothing-and-fooling-everyone-sylvain-juzan-outsmarts-penn-and-teller.htm?utm_source=4&utm_medium=email - Falling through a 60 foot hole in the mountains. Yikes:
https://youtu.be/y19QQJCHOj0 - A Monster Wingsuit Flight | We Flew Off GODZILLA:
https://youtu.be/SjzhyW7XOSw - F1 The Movie — Sound of Speed | Behind the Scenes | Apple TV:
https://youtu.be/_8MFDDlRkVs - Danny MacAskill - Trialsing Around with Bosch:
https://youtu.be/_PYMhI06zQ0 - 86 Feet / 26.21 Meters | Sebastian Steudtner Breaks Guinness World Record for Largest Surfed Wave:
https://youtu.be/yFEh_-tYTS0 - For Da Kids #1 - Cat Screams At Mom To Watch Him Do Flips:
https://youtu.be/2Y1iM5ycl34 - For Da Kids #2 - Orphan Baby Lamb Gets Adopted By Her New Big Sister:
https://youtu.be/WuZd15zrLg4 - For Da Kids #3 - Raising a moose in the kitchen:
https://youtu.be/FlX6OZo7iMs - For Da Kids #4 - Lonely Bird Finally Meets The Best Friend He Always Wanted:
https://youtu.be/igiT0ba6q2E - For Da Kids #5 - Tiny Donkey Was Shy and Scruffy! Now He's The King Of The Farm:
https://youtu.be/Cj1bUPT-iiQ
