Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.

A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at Malwarebytes. Notably, the emails contain "mailto" links rather than traditional URLs, which help the phishing messages avoid being flagged by security filters. "Instead of linking to a phishing website, which is most common with emails like this, both the ‘Report this user’ and ‘Remove your email address’ links are mailto links," the researchers write.

There is no other way to say it clearer, social engineering is going to be a lot, lot worse soon and far more successful than it is today. And that’s saying a lot. It’s already pretty bad. As I’ve been touting for over 20 years…in hundreds of articles…social engineering is involved in more successful data breaches than any other single hacker method.

Attackers are using Microsoft Teams calls to trick users into installing the Matanbuchus malware loader, which frequently precedes ransomware deployment, according to researchers at Morphisec. Matanbuchus is a malware-as-a-service offering that allows threat actors to install additional payloads onto infected Windows systems. “Over the past nine months, Matanbuchus has been used in highly targeted campaigns that have potentially led to ransomware compromises,” Morphisec says.

Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector. I have been teaching about the risks of Microsoft email rules, forms and connectors on email clients and servers for decades. Both can be created by an attacker learning your email address and logon credentials (e.g., password or MFA codes).

Managing the security gap between your technical defenses and user behavior just got easier! Introducing KnowBe4 SecurityCoach for Microsoft Edge for Business integration. As one of the only human risk management platforms with a native reporting connector in Microsoft Edge for Business, SecurityCoach now transforms your browser into a real-time coaching platform.

KnowBe4 is excited to announce that we have been recognized as an overall Customers’ Choice in the July 2025 Gartner Peer Insights Voice of the Customer for Email Security Platforms Report. The Gartner Peer Insights Customers’ Choice distinction is based on feedback and ratings from end-user professionals who have experience purchasing, implementing and/or using a product or service.

Africa's cybersecurity landscape presents a paradox: a widespread belief in preparedness among organisations, although significant blind spots continue to exist, particularly concerning their human layer - their employees. The KnowBe4 Africa Human Risk Management Report 2025, drawing insights from 124 senior cybersecurity decision-makers across 30 African countries, uncovers several concerns in the continent's cyber readiness.

Ransomware attacks increased by 63% year-over-year in the second quarter of 2025, with a total of 276 publicly disclosed incidents, according to a new report from BlackFog. Notably, there were far more ransomware attacks that weren’t publicly disclosed. The researchers note, “The figures also reveal that the scale of hidden activity remains significant, with 80.9% of all ransomware attacks going unreported.

I’ve been following ransomware since the first one, the AIDS Cop Trojan, was released in December 1989. It locked up victim computers and asked for $300 to be sent to a Panama P.O. Box. A lot has changed since then. The invention of cryptocurrencies, particularly Bitcoin in January 2009, was largely responsible for the explosion of ransomware by 2013. This was when CryptoLocker ransomware was released to the world. Ransomware gangs have been making many billions of dollars per year ever since.