Monthly Archives: March 2025

INKY has published its annual report on email security, finding that phishing accounted for 30% of all reported cybercrimes last year.

A KnowBe4 Threat Lab PublicationAuthors: By James Dyer, Threat Intelligence Lead at KnowBe4 and Lucy Gee, Cybersecurity Threat Researcher at KnowBe4 On March 3, 2025, the KnowBe4 Threat Labs team observed a massive influx of phishing attacks originating from legitimate Microsoft … Read More

The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group’s (APWG’s) latest report.

Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at Barracuda.

We recently conducted research in Denmark and Sweden to understand security culture in local organizations better.

Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps.

In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is something as simple as a password.

Threat actors are abusing Microsoft’s infrastructure to launch phishing attacks that can bypass security measures, according to researchers at Guardz.

There are thousands of people worldwide trying to scam you, hoping they can make you a victim, steal your money, and harm you in some way. While some of it is done by individuals or small gangs of people, a … Read More

Our latest Phishing Threat Trends Report explores the evolving phishing landscape in 2025, from renewed tactics to emerging attack techniques.

Business email compromise (BEC) attacks rose 13% last month, with the average requested wire transfer increasing to $39,315, according to a new report from Fortra.

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at Microsoft.

Our recent research reveals a concerning discrepancy between employees’ confidence in their ability to identify social engineering attempts and their actual vulnerability to these attacks.

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity and the eventual emergence of malicious agentic AI malware.

A KnowBe4 Threat Lab publicationAuthors: Martin Kraemer, Jeewan Singh Jalal, Anand Bodke, and James Dyer EXECUTIVE SUMMARY: We observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used … Read More

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures.

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately had all the hallmarks of a malicious phishing attack.

Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal streaming sites, impacted both consumer and enterprise devices across a wide range of industries.