Human Risk Management Blog

CyberheistNews Vol 16 #06 Trusted Platform but Same Old Phish: Now LinkedIn DMs Target Your Execs

New Malware Kit Promises Guaranteed Publication in the Chrome Web Store

A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s security verification process, according to ...

Attackers Can Use LLMs to Generate Phishing Pages in Real Time

Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on ...

The Phishing-as-a-Service Economy is Thriving

Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry ...

Report: One in Ten UK Companies Wouldn’t Survive a Major Cyberattack

A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major cyber incident, such as a ransomware attack, ...

CyberheistNews Vol 16 #05 [Heads Up] New “Fancy” QR Codes Are Making Quishing More Dangerous

CyberheistNews Vol 16 #05 | February 3rd, 2026 [Heads Up] New “Fancy” QR Codes Are Making Quishing More Dangerous QR code phishing scammers are increasingly using visually stylized QR ...

CyberheistNews Vol 16 #04 The Skeleton Key: How Attackers Weaponize Trusted RMM Tools for Backdoor Access

The Skeleton Key: How Attackers Weaponize Trusted RMM Tools for Backdoor Access

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs recently examined a sophisticated dual-vector campaign that demonstrates the real-world ...

Report: Scammers Stole $17 Billion Worth of Crypto Last Year

Scammers stole an estimated $17 billion worth of cryptocurrency in 2025, according to a new report from Chainalysis. Notably, the report found that AI-assisted scams stole 4.5 times more ...

CyberheistNews Vol 16 #03 [New Scam] AI Deepfakes Religious Leaders to Steal Your Money

Threat Actors Exploit Misconfigurations to Spoof Internal Emails

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This technique isn’t new, but Microsoft has observed a ...

AI Deepfakes Are Impersonating Religious Figures to Solicit Donations

WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations.

CyberheistNews Vol 16 #02 When You Can't Believe Your Eyes: AI and the New Misinformation Playbook

ConsentFix Attacks Fake Cloudflare Prompts

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are ...

CyberheistNews Vol 16 #01 AI & Cybersecurity in 2026: Top 10 Predictions for Threats and Defenses

Amazon Warns of Fraudulent North Korean Job Applicants

Amazon has blocked more than 1,800 suspected North Korean applicants from joining the company since April 2024, TechRadar reports. Amazon’s Chief Security Officer, Stephen Schmidt, said ...

New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.”

Most Parked Domains Lead Users to Scams or Malware

Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox.

CyberheistNews Vol 15 #51 [Heads Up] Crafty New Phishing Attacks Abuse Free Cloudflare Pages

Phishing Campaign Targets Executives With Phony Awards

A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their ...