Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.
Picture this: it's 2021. You're an IT professional, scrolling through LinkedIn, when a message pings. "Bastion Secure," a new cybersecurity company, is hiring. The pay? Excellent.
OpenAI has published a report looking at AI-enabled malicious activity, noting that threat actors are increasingly using AI tools to assist in social engineering attacks and influence ...
A criminal threat actor tracked as “UNC6040” is using voice phishing (vishing) attacks to compromise organizations’ Salesforce instances, according to researchers at Google’s Threat ...
Human risk remains one of the most underestimated threats in cybersecurity. Even with major advancements in defensive technology, human error still accounts for the majority of data ...
A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish).
The FBI is warning that the Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing emails.
A phishing campaign is targeting European countries with lures themed around copyright infringement, researchers at Cybereason warn.
Last year, KnowBe4's report "Exponential Growth in Cyber Attacks Against Higher Education Institutions" illustrated the growing cyber threats facing universities and colleges.
You know what's interesting about data breaches? Everyone focuses on credit card numbers and financial data, but the reality is that every piece of information has value to someone.
Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing.
The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One.
Human risk management involves more than security awareness training, but training is a huge part of the mix.
Commodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET.
Business email compromise (BEC) attacks and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, according to a new report from Coalition.
Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors.
Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool.
Email is still the most common attack vector for cyber threats, according to a new report from Barracuda.
Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. ...
Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point.
A social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to researchers at security firm Trail of Bits.
