Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial Data”. As discussed in our previous blog, the human element is a critical part of the fake survey scam. However, the campaign's success is largely due to its advanced technical infrastructure.

Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42. In many cases, even when these services have safeguards in place to prevent abuse, criminals are able to bypass these measures in order to create phishing pages. Unit 42 tested a popular website generator to see how easy it was to spin up a spoofed website.

Endpoint visibility is fundamental to many of the processes that underpin effective endpoint security: data collection, monitoring, alerting (including alert analysis), and comprehensive threat detection and response. Trouble is, the number, types, locations, and use cases of endpoints are constantly in flux, due to user comings and goings, role changes, broad use of virtual instances and cloud-based workloads, Internet of Things (IoT) proliferation, hybrid work, and numerous other factors.

Data is moving faster than your controls. In 2024, AI privacy/security incidents jumped 56.4%, and 82% of breaches involve cloud systems; the same lanes your LLMs, agents, and RAG pipelines speed through every day. If you’re shipping GenAI inside a regulated org, you need guardrails that protect PII/PHI and IP without crushing context or tanking accuracy. Use this guide to.

Accounts with unnecessarily elevated – and standing – permissions to an organization’s critical infrastructure are prime targets for threat actors. This is the case for all industries, but especially organizations in the finance, healthcare and manufacturing industries. This heightened risk has made protecting privileged access a top priority for cybersecurity teams globally.

As you can tell I’m on a bit of a “migrate all the things” story arc here of late and today will be the latest installment. In my last post I covered using the VeeaMover capability to move backups between repositories or jobs but that is not an effective data migration mechanism if you’ve used the Capacity Tier “COPY” capability of a Veeam Scale Out Backup Repository (SOBR).

Data is moving faster than your controls. In 2024, AI privacy/security incidents jumped 56.4%, and 82% of breaches involve cloud systems; the same lanes your LLMs, agents, and RAG pipelines speed through every day. If you’re shipping GenAI inside a regulated org, you need guardrails that protect PII/PHI and IP without crushing context or tanking accuracy. Use this guide to.

When most people think about cybersecurity, they picture firewalls, anti-virus software, and complex passwords. But the weakest link isn’t a server or a laptop—it’s a person. Social engineering attacks exploit human behavior rather than technical vulnerabilities, and four techniques dominate the landscape today: phishing, smishing, vishing, and quishing.

Organizations gather massive volumes of threat feed data—IP addresses, hashes, domains, tactics—but these often remain siloed or poorly correlated, leaving high-value alerts buried in noise. When those raw indicators live in separate systems, you end up chasing every alert, missing the bigger picture of coordinated attacks. Your team feels stuck in reactive mode, firefighting low priority alerts while real attackers move freely.

Konstantin (Kostya) Ostrovsky is the Chief Architect at Torq, where he leverages over 18 years of experience in software engineering and architecture. He specializes in cybersecurity, with a background that began with writing Windows Kernel Drivers. Konstantin is also a frequent speaker at software engineering conferences globally. Phishing attacks have evolved significantly in recent years, rendering traditional, rule-based defenses ineffective against sophisticated threats.