Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When it comes to cybersecurity, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents. Industry studies consistently show that between 70% and 90% of data breaches involve some form of human-related cause—whether through social engineering, errors, or misuse.

A phishing campaign is targeting European countries with lures themed around copyright infringement, researchers at Cybereason warn. The phishing emails are designed to deliver the Rhadamanthys infostealer malware. “These campaigns often involve emails impersonating companies and their legal departments, falsely claiming recipients have violated copyright on social media or elsewhere and demanding content removal,” the researchers write.

The FBI is warning that the Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing emails. SRG is a cybercriminal gang that demands ransoms in exchange for not leaking stolen data. “SRG has been operating since 2022 and has primarily been known for their callback phishing emails, masquerading as well-known businesses who offer subscription plans,” the FBI explains.

Last year, KnowBe4's report "Exponential Growth in Cyber Attacks Against Higher Education Institutions" illustrated the growing cyber threats facing universities and colleges. The report highlighted the perfect storm of factors making educational institutions prime targets: vast data repositories, open networks, limited security resources, and decentralized governance structures.

Researchers at Certo warn that a new AI chatbot called “Veniceai” can allow cybercriminals to easily generate phishing messages or malware code. The tool, which only costs $18 per month, is growing in popularity on criminal forums. “One of the starkest contrasts between Veniceai and more mainstream AI systems like ChatGPT is how each responds to harmful or malicious requests,” Certo says.

Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing. IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link. “The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year,” IBM explains.

You know what's interesting about data breaches? Everyone focuses on credit card numbers and financial data, but the reality is that every piece of information has value to someone. The Legal Aid breach perfectly illustrates this point, with over two million pieces of information accessed including details about domestic abuse victims, family cases, and criminal proceedings.

The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One. The attacks are sent from compromised email accounts to help them evade reputation-based detection by native security and secure email gateways (SEGs). Once delivered, the attacks use stylized HTML templates and brand impersonation to trick the recipient into believing the communications are legitimate. Recipients who fall victim are directed to credential-harvesting websites.

Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, CNBC reports. Fraudsters may send texts or emails posing as retailers, delivery companies or government agencies, requesting tariff-related payments for purchases and deliveries. James Lee, president of the Identity Theft Resource Center, noted that scammers frequently take advantage of new government policies to launch phishing attacks.

I was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out whatever code we could on our keyboards. Our professor looked around at our screens and did something that seemed bizarre at the time – he asked everyone to stop typing. "You're all being incredibly inefficient," he said, "Some of the best programmers I know never start at the keyboard.