Human Risk Management Blog

Voice Phishing is a Growing Social Engineering Threat

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving ...

CyberheistNews Vol 16 #14 [Heads Up] Clever Hackers Use Custom Fonts to Bypass AI Defenses

Phishing Attacks Are Exploiting the War in Iran

Criminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a ...

CyberheistNews Vol 16 #13 The 'Urgency Trap': Why Time Pressure is Your Biggest Email Red Flag

Report: There Are Nearly 66 Billion Stolen Identity Records on Criminal Forums

Researchers at SpyCloud warn that the number of stolen identity records on criminal forums rose to 65.7 billion in 2025, a 23% increase from the previous year.

Criminals Are Selling Stolen Tax Forms for Cheap on the Dark Web

Researchers at Malwarebytes warn that cybercriminals are peddling stolen tax documents for as low as $4 per identity, with freshly stolen forms selling for $20 each. These documents allow ...

CyberheistNews Vol 16 #12 [Keep An Eye Out] Why Unsecured Outlook Email Is Risky

CyberheistNews Vol 16 #11 Must-Know Best Practices for Email Security

CyberheistNews Vol 16 #10 How to Spot a Phishing Website Before It Steals Your Data

CyberheistNews Vol 16 #09 Fake Video Meeting Invites Trick Users Into Installing RMM Tools

Nation-State Threat Actors Incorporate AI to Streamline Attacks

Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential components of their operations. The ...

Google Reports On Adversarial Use of AI in Late 2025

Google Threat Intelligence Group recently released its latest report, “GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Us,” on how ...

CyberheistNews Vol 16 #08 Do Passwords Need to Be 25+ Characters Due to AI and Quantum Attacks?

Warning: Attackers Are Using DKIM Replay Attacks to Bypass Security Filters

Cybercriminals are abusing legitimate invoices and dispute notifications from popular services to send scam emails that bypass security filters, according to researchers at Kaseya’s INKY. ...

CyberheistNews Vol 16 #07 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA

CyberheistNews Vol 16 #07 | February 17th, 2026 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA KnowBe4 Threat Labs has detected a sophisticated phishing campaign ...

Voice Phishing Kits Give Threat Actors Real-Time Control Over Attacks

Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass ...

CyberheistNews Vol 16 #06 Trusted Platform but Same Old Phish: Now LinkedIn DMs Target Your Execs

New Malware Kit Promises Guaranteed Publication in the Chrome Web Store

A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s security verification process, according to ...

Attackers Can Use LLMs to Generate Phishing Pages in Real Time

Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on ...

The Phishing-as-a-Service Economy is Thriving

Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry ...