Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of most-clicked templates in 2025. Out of the top 10 templates people interacted with between May 1 - June 30, 2025, an incredible 98.4% had subject lines relating to internal topics - with HR mentioned in 45.2%.

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120% surge in these attacks reported via our PhishER product versus the previous three months. These attacks have remained at elevated levels since peaking in February. (FYI in our previous post, we explored the psychology that makes these attacks so effective.

Modern Security Operations Centers (SOCs) face a persistent challenge: managing threats across multiple security tools while maintaining operational efficiency. While single-vendor approaches offer simplicity, they often leave gaps that sophisticated attackers are quick to exploit. The reality is that today's threat landscape demands a more nuanced approach—one that combines the best capabilities from multiple specialized vendors.

For any small- to medium-sized enterprise (SME), the cybersecurity landscape can be intimidating. You are informed of a variety of threats, reliable expertise is scarce, and there is limited (if any) budget available. To help with this, the European Union (EU) has funding available to help SME’s improve their cyber defences. But what does this funding actually entail, and how can it practically help your organisation? Let's break it down.

The Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear as a guest on popular celebrity podcasts. The scammer poses as the podcast’s production manager, offering the target $2,000 for the appearance. If the victim agrees, the attacker will ask them to hop into a virtual meeting to test their setup before the podcast.

In a world so full of digital online scams, it’s hard to remember that scammers abuse our postal mailing systems as well. Scams are as old as humanity. And most of the scams we see today on the internet have been occurring for decades or even centuries before the internet was the internet. Nigerian scams have been documented back to the 1700s.

The FBI has issued an advisory warning that scammers are distributing QR code phishing (quishing) links via unsolicited packages sent by snail mail. Recipients may scan the code to find out where the package came from, which will land them on a phishing page. This is a variation of a “brushing scam,” where unscrupulous vendors send packages designed to harvest information that can be used in phony positive reviews.

I hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a substantial monthly discount (30% or more) if you pay some fee ahead of time. Sometimes they take the advance fee using your credit card, and sometimes they tell you that you have to get store gift cards. Who would possibly believe that a legitimate vendor would want them to pay with store gift cards? Hundreds of thousands of people.

In today's world, cyberattacks are a constant threat. While technical defenses are crucial, people often remain the easiest attack vector for cybercriminals. To gauge the resilience of French employees against cyberattacks, we looked at the impact of security awareness training (SAT) and phishing simulations in strengthening their defenses. Our latest report, "Go Phish: How Susceptible Are French Employees To Malicious Attacks?", aims to provide some insight.

Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a new report from LevelBlue. Business email compromise (BEC) remains the most common method for initial access, but non-BEC tactics rose by 214%. The researchers observed a major surge in social engineering attacks, driven by the recent popularity of the ClickFix tactic.