CyberheistNews Vol 16 #06 | February 10th, 2026
Trusted Platform but Same Old Phish: Now LinkedIn DMs Target Your Execs
A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool.
"A critical element of this attack was the use of a legitimate, open-source Python script designed for pentesting," ReliaQuest says. "Relying on publicly available tools means less effort for attackers and allows them to reduce costs and detection risks—all while lowering the technical barrier to entry."
The researchers stress that the abuse of legitimate tools makes the campaign more likely to bypass security defenses.
"In this campaign, attackers used WinRAR and Python, but similar tactics could extend to other widely used tools, such as PowerShell," the researchers write. "These tools are integral to daily operations, making it impractical for organizations to block them entirely.
"This highlights the ongoing challenge of distinguishing between legitimate activity and malicious behavior, leaving organizations vulnerable to similar attacks.
"What's more, as organizations increasingly rely on social media platforms for business and marketing purposes, these channels create new attack surfaces. Employees managing corporate social media accounts or engaging on these platforms are exposed to phishing attempts in environments with minimal security controls."
Employees need to maintain a healthy sense of suspicion across all online platforms to avoid falling for social engineering attacks.
"This campaign serves as a reminder that phishing isn't confined to email inboxes," the researchers write. "Phishing attacks take place over alternative channels like social media, search engines and messaging apps—platforms that many organizations still overlook in their security strategies.
"Social media platforms, especially those frequently accessed on corporate devices, provide attackers with direct access to high-value targets like executives and IT administrators, making them invaluable to cybercriminals."
Blog post with links:
https://blog.knowbe4.com/warning-a-linkedin-phishing-campaign-is-targeting-executives
Cyber CSI 2.0: Phishing Forensics in the Age of AI and Deepfakes
The phishing arms race has entered a dangerous new phase. Old detection methods no longer work in 2026. AI-generated phishing emails now mimic writing styles perfectly. Deepfake voice and video calls impersonate your CEO with ease. Even "safe" platforms like Microsoft Teams and protected domains aren't bulletproof.
Join Roger A. Grimes, CISO Advisor at KnowBe4, for a fresh look at modern phishing forensics. Roger will show you the latest tools and methods to catch high-tech social engineering before it hits your network.
In this session, you'll learn how to:
- Dissect AI-generated phishing emails and spot the subtle clues that reveal machine-crafted deception
- Understand what DMARC actually protects (and what it doesn't), plus how attackers bypass it
- Use practical methods to identify fake voice calls and video impersonations, and analyze phishing attempts through Microsoft Teams, Slack, SMS (smishing), voice calls (vishing) and social media
- Train your users to spot and report phishing attempts
Get inside the mind of a hacker and master the forensic skills that separate compromised organizations from protected ones, plus earn CPE for attending!
Date/Time: TOMORROW, Wednesday, February 11 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/cyber-csi-2.0-phishing-forensics?partnerref=CHN2
Attackers Can Use LLMs to Generate Phishing Pages in Real Time
Researchers at Palo Alto Networks' Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages.
"Once loaded in the victim's browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models)," the researchers write.
"Attackers can then trick the LLM into returning malicious JavaScript snippets using carefully engineered prompts that circumvent safety guardrails. These snippets are then assembled and executed in the browser's runtime to render a fully functional phishing page. This leaves behind no static, detectable payload."
While legitimate AI tools have measures to prevent misuse, the researchers found that they could rephrase their prompts to trick the AI into performing malicious actions.
"The attack's success hinged on careful prompt engineering to bypass the LLM's built-in safeguards," the researchers write. "We found simple rephrasing was remarkably effective. For instance, a request for a generic $AJAX POST function was permitted, while a direct request for 'code to exfiltrate credentials' was blocked.
"Furthermore, indicators of compromise (IoCs) for instance Base64-encoded exfiltration URLs could also be hidden within the prompt itself to keep the initial page clean."
Unit 42 adds, "The dynamic nature of this attack, in combination with runtime assembly in the browser, makes it a formidable defense challenge. This attack model creates a unique variant for every victim. Each malicious payload is dynamically generated and unique, transmitted over a trusted domain."
Threat actors are always finding new ways to bypass security technologies. AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks that slip past your technical defenses.
Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/attackers-can-use-llms-to-generate-phishing-pages-in-real-time
Automate Incident Response and Maximize SOC Efficiency
Your security team is drowning in alerts, and threats are slipping through. With SOC teams facing more than 4,400 daily alerts, over 40% of which are false positives, the vast majority of organizations are drowning in backlogs.
The result? A five-hour response gap that leaves threats sitting in your employees' inboxes for days or weeks. Stop gambling with unaddressed alerts with technology that collapses the time-to-containment from hours to minutes.
During this demo, you'll discover how PhishER Plus eliminates the dangerous vulnerability window between threat detection and containment by combining triple-validated threat intelligence with human oversight:
- Accelerate Response times with AI-powered automation that allows you to code custom rules in plain-English, reduce manual email review time by up to 99%, and eliminates alert fatigue
- Leverage unmatched threat intelligence from 13+ million global users, KnowBe4 Threat Research Lab, and leading third-party integrations, catching zero-day threats that bypass SEGs and other ICES defenses
- Maintain complete visibility and control over AI-driven decisions with PhishML Insights, eliminating black-box uncertainty and reducing false positives that waste $875K annually
- Remove threats automatically from all mailboxes with Global PhishRIP before users can interact with them, eliminating the risk of employees otherwise falling for the attack
- Convert real attacks into targeted training opportunities with PhishFlip, reinforcing vigilant employee behavior while showcasing security awareness gaps
Discover how PhishER Plus customers achieve 650% ROI within the first year. Transform your employees into your most valuable defenders while meeting SOC efficiency targets.
Date/Time: Wednesday, February 18 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-2?partnerref=CHN
Report: One in Ten UK Companies Wouldn’t Survive a Major Cyberattack
A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major cyber incident, such as a ransomware attack, Infosecurity Magazine reports.
Additionally, 71% of business leaders believe at least one of their employees would fall for a convincing phishing attack, and fewer than half (45%) of organizations have ensured that all of their employees have received basic cyber awareness training.
The most common reasons why leaders believe their staff would fall for phishing emails are "a lack of awareness and training; staff being 'too busy'; and the absence of clear protocols for verifying and flagging suspicious messages."
Respondents also said their employees reuse their work password for nearly a dozen personal accounts, greatly increasing the risk of phishing and credential-stuffing attacks. If an attacker manages to steal a password for a personal account, then they can test that password against the user's work account.
Multifactor authentication can add a layer of defense against stolen passwords, but MFA can also be bypassed via social engineering.
"The poll paints a troubling picture of inadequate crisis preparedness, poor password practices and staff susceptibility to phishing scams – all of which leave businesses exposed to cyber-crime," Vodafone says.
"With nearly two thirds of business leaders (63%) reporting that their organization's risk of cyber-attack has risen over the past year, password reuse remains particularly prevalent. Employers estimate that, on average, staff use their work password for up to 11 other personal accounts, including social media and dating sites."
AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks.
Blog post with links:
https://blog.knowbe4.com/report-one-in-ten-uk-companies-wouldnt-survive-a-major-cyberattack
[Live Demo] Stop Inbound and Outbound Email Threats
With over 376 billion emails sent daily, your organization faces unprecedented risks from Business Email Compromise (BEC), misdirected sensitive communications and sophisticated AI-driven phishing attacks.
The human element, involved in the vast majority of data breaches, contributes to email-based threats that cost organizations like yours millions annually.
Discover how you can stop up to 97% more attacks and uncover 10x more potential data breaches in your Microsoft 365 environment before they happen.
Join our live demo to see how KnowBe4's Cloud Email Security seamlessly integrates into Microsoft 365 to enhance its native protection while providing the tools needed to identify risky communications before they lead to breaches.
See KnowBe4's Cloud Email Security in action as we show you how to:
- Defend your organization against sophisticated inbound threats including BEC, supply chain attacks and ransomware
- Prevent costly outbound mistakes with real-time alerts that stop misdirected emails and unauthorized file sharing
- Enforce information barriers that keep you compliant with industry regulations
- Detect and block data exfiltration attempts before sensitive information leaves your organization
- Customize incident response workflows to match your security team's needs
Strengthen your security posture with AI-native intelligent email security that reduces human-activated risk and safeguards your organization from inbound and outbound threats.
Date/Time: Wednesday, February 18 @ 1:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/ces-demo-month-2?partnerref=CHN
OpenClaw’s AI-Skills Marketplace Turns Into a Malware Pipeline
Agent security just crossed from "theoretical" to "headline-grade operational risk." New research and coverage stack up around OpenClaw's skill marketplace being used as a malware distribution channel and leaking secrets (API keys and creds).
In just a few weeks, OpenClaw (the open-source AI "agent" that can execute terminal commands and connect to email, calendars and cloud services) surged past 100,000 GitHub stars, drawing two million weekly visitors, and is now being packaged as hosted instances.
But the same autonomy that makes it useful is now a security liability. Sources warned that default or poorly secured OpenClaw deployments, especially those exposed to the public internet, face elevated risks of hacking and data leaks, urging organizations to audit exposure and tighten identity and access controls.
The bigger alarm is ClawHub, its skill marketplace. Investigations found attackers uploading skills masquerading as productivity tools or crypto apps, then using social engineering to get users to run obfuscated terminal commands that fetch infostealers.
With OpenClaw often granted broad device permissions, a single malicious skill can read files, execute scripts and harvest browser passwords, crypto wallet keys, SSH logins and API credentials.
Meanwhile, Snyk reported that a scan of nearly 4,000 skills found roughly 7% contained flaws that could expose sensitive credentials—showing that even "non-malicious" skills can leak secrets.
Agent security requires curated + permissioned agent ecosystems: verified publishers, code signing, automated secret scanning, sandboxing and runtime permission prompts that enforce least privilege. In this world, "skills" aren't cute add-ons. They're executable supply-chain components that demand governance.
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.
PS: [NEW] Your KnowBe4 Product Roadmap - See what's next for KnowBe4's industry-leading HRM+ platform:
https://www.knowbe4.com/products/product-roadmap
PPS: Your KnowBe4 Fresh Content Updates from January 2026:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-january-2026
- Voltaire - Philosopher (1694 - 1778)
- Arthur Helps - Historian (1813 - 1875)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-05-trusted-platform-but-same-old-phish-now-linkedin-dms-target-yourexecs
The Phishing-as-a-Service Economy is Thriving
Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.
"Modern kits often include advanced features such as reverse proxy, real-time MFA bypass, dynamic logo replacement, bot detection, Telegram exfiltration and automated victim tracking, making them one of the most widely used and scalable tools in the cybercrime ecosystem," Flare says.
"A newer evolution of this model is Phishing-as-a-Service (PhaaS), where operators sell subscriptions to ready-made phishing infrastructures, so customers never touch the underlying code. Such service often includes hosting services, lures, dashboards and automatic updates.
"This turns phishing into a scalable, low-skill, high-impact service economy, dramatically increasing the volume and sophistication of global phishing campaigns."
Users need to be made aware of evolving social engineering techniques, since these advanced attacks are becoming the norm.
"The intelligence here about sophisticated phishing kits shows that user training must evolve," the researchers write. "Telling users 'check the URL bar' is no longer sufficient when kits can spoof the browser window convincingly.
"Security awareness programs should include examples of AiTM and BitB and advise things like 'If an MFA prompt or login appears at an unusual time, be skeptical even if it looks normal.' Also emphasize the use of password managers, since they can be a backstop against fake forms.
"To better train your organization against the latest phishing tricks (like QR code phishing, AiTM, BitB windows), incorporate them into phishing simulations for employees, to inoculate them somewhat and measure risk."
AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/the-phishing-as-a-service-economy-is-thriving
Phishing Campaign Tells Users Their Cloud Storage Will Be Deleted
BleepingComputer reports that a major phishing campaign is telling users that they need to renew their cloud storage subscriptions or else their data will be deleted.
"Based on numerous emails seen by BleepingComputer, the campaign has escalated over the past few months, with people receiving multiple versions of the scam each day, all appearing to be sent by the same scammers," BleepingComputer says "The messages all attempt to create a sense of urgency by claiming a payment problem or storage issue must be resolved immediately, or people's files will be deleted or blocked."
If the user clicks the link in the email, they'll be taken to a webpage that impersonates a popular cloud service, such as Google Drive or Microsoft's OneDrive.
"After clicking the update storage button, instead of being taken to a legitimate cloud services page, you are redirected to affiliate marketing pages promoting unrelated products," BleepingComputer says. "Products promoted in this phishing campaign include VPN services, little-known security software and other subscription-based offerings with no connection to cloud storage.
"The pages ultimately lead to checkout forms designed to collect credit card details and generate affiliate revenue for the threat actors behind the campaign. Unfortunately, many people who receive these emails may not realize they're scams and purchase a product they don't need, thinking it will solve the fake cloud storage issues."
Users should be wary of scare tactics designed to make them act quickly. Major cloud services will wait months or years before deleting your data if you stop making payments.
"Legitimate cloud providers do not send emails that lead to storage scans or third-party security or VPN products to resolve billing issues," BleepingComputer says. "Furthermore, most legitimate cloud storage providers will block access to your additional storage when you fail to make a payment, rather than deleting your files immediately."
AI-powered security awareness training can give your employees a healthy sense of skepticism.
BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/cloud-storage-payment-scam-floods-inboxes-with-fake-renewals/
What KnowBe4 Customers Say
"Just a quick note to say/commend Kim G. on what a stellar job she did today on our launch/implementation call. This is an important client of ours who are very technical/detailed and Kim is the perfect fit for that team. I know that this client feels cared for and is confident in this launch. It is greatly appreciated. Have a great rest of your day and a wonderful weekend!"
- M.L., Client Success Representative
"I wanted to pass on positive feedback about Erika. I absolutely love having her as our CSM! She goes above and beyond to inform me of new features, she has even built example reports for me to learn from and is so quick to reply to my every email!
"It all started with a simple email to understand why our phishing simulation number seemed off last month. She immediately identified the cause and opened a ticket for me with all the necessary details!
"I went on to ask her a question on how to rerun the campaign against those that had the email bounce, and she literally gave me step by step instructions with screenshots. Her attention to detail and responsiveness is unreal.
"I truly trust her and value her expertise. Her personality and demeanor go a long way along with her willingness to help. It is a major bonus that she has so much knowledge and if she doesn’t have the answer she ensures I get assistance from support. She even follows up afterward to see how my experience was!!
"I’m sure you knew how great she is, but I wanted to provide this feedback anyway! She is a rare find!"
- O/A., IT Security and Compliance
- Threat actors begin launching Winter Olympics-themed scams:
https://www.welivesecurity.com/en/cybersecurity/slippery-slope-winter-olympics-scams-cyberthreats/ - Major cyberespionage campaign targets 37 countries with spear phishing emails:
https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/ - From Clawdbot to OpenClaw: This viral AI agent is evolving fast - and it's nightmare fuel for security pros:
https://www.zdnet.com/article/clawdbot-moltbot-openclaw-security-nightmare/ - AI deepfakes are reshaping cyber risk – and insurance must keep pace:
https://www.insurancebusinessmag.com/uk/news/cyber/ai-deepfakes-are-reshaping-cyber-risk--and-insurance-must-keep-pace-563906.aspx - Exclusive: U.S. used cyber weapons to disrupt Iranian air defenses during 2025 strikes:
https://therecord.media/iran-nuclear-cyber-strikes-us - CISA official says CIRCIA cyber reporting update is 'weeks' away:
https://therecord.media/cisa-pfficial-says-circia-update-weeks-away - Notepad++ update feature hijacked by Chinese state hackers for months:
https://www.bleepingcomputer.com/news/security/notepad-plus-plus-update-feature-hijacked-by-chinese-state-hackers-for-months/ - Infostealers without borders: macOS, Python stealers, and platform abuse:
https://www.microsoft.com/en-us/security/blog/2026/02/02/infostealers-without-borders-macos-python-stealers-and-platform-abuse/ - Malicious virtual hard disks pose as PDFs:
https://www.malwarebytes.com/blog/news/2026/02/open-the-wrong-pdf-and-attackers-gain-remote-access-to-your-pc - New adversary-in-the-middle framework facilitates malware delivery:
https://blog.talosintelligence.com/knife-cutting-the-edge/
- Virtual Vaca #1 Backpacking the Kalalau Trail Kauai Hawaii:
https://youtu.be/r_xWoeYOSog - Virtual Vaca #2 Top 25 Places To Visit in Italy - Travel Guide:
https://youtu.be/eq7pkma3RgA - Virtual Vaca #3 10 Awesome Things To Do In & Around Osaka, Japan:
https://youtu.be/92OFkoyEMk0 - Superhuman Skills! | Best of the Week:
https://youtu.be/PX45uKLs5ek - If you like rollercoasters, you won't want to miss our latest video testimonial for Intamin:
https://www.youtube.com/watch?v=ZtK0r6_Q0fA - Why Colombia's $4BN Dam Broke:
https://youtu.be/nOdeymwoZIk - XPENG's humanoid robot IRON isn't learning kung fu to fight. It's learning how to move like a human. Scary anyway:
https://www.instagram.com/reel/DUQyXVxEaqM/?igsh=ejA0c2dlejlza2V2 - This 21-second clip shows the new electric Boston Dynamics Atlas robot moving with extreme control:
https://www.instagram.com/reel/DUa_iIpk_QV/?igsh=MW41ZHE4MXZkYm1mdg%3D%3D - What if Monet Painted the Titanic? | Visual Poems:
https://youtu.be/rVSqueX32Vs - Fastest Battery-Powered Remote-Controlled Car | Guinness World Records:
https://youtu.be/BGIzPsH2hEY - Hera, Queen of the Greek gods, is forced to live a mundane existence among modern day humans. In an effort to cope with this reality she visits a therapist:
https://www.flixxy.com/the-mundane-goddess-starring-uma-thurman.htm?utm_source=chn&utm_medium=email - The Power of Pure Color - Dolby Vision in 8K Ultra HD HDR 60fps:
https://youtu.be/rXFrohZKtLs - WIBMER IMPOSSIBLE - An Urban Freeride Adventure / Gabriel Wibmer:
https://youtu.be/dhe7wRlA-kI - For Da Kids #1 - Tiny Horse With An Underbite Comes To Life When He Meets Golden Retriever Siblings:
https://youtu.be/aw8rVJBiLzM - For Da Kids #2 - Golden Retriever And Bunny Are The Happiest When They're Together:
https://youtu.be/aUHNcBigQNM - For Da Kids #3 - Pittie Breaks Stigmas When She Plays With Kids:
https://youtu.be/PwdcPfHfpEw - For Da Kids #4 - Two Humpback Whales Fall in Love with my Dog!:
https://youtu.be/WPR-GpwoTvE - For Da Kids #5- Tiny 13kg deer takes on 1.7-tonne rhino at Wroclaw Zoo:
https://youtu.be/jNNm8fTzxOw
