Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Report: AI-Enabled Social Engineering Attacks Are on the Rise

Threat actors are increasingly using AI-enabled social engineering to get around technical security measures, according to a new report from Visa. Social engineering attacks were behind the largest number of losses in the second half of last year. “From July to December 2025, Visa identified nearly $1 billion in scam-related activity, making scams the single largest category of consumer payment fraud,” Visa says.

The Silent Invitation: A Deep Dive into Calendar Invite Phishing

As reported in the latest Phishing Threat Trends Report (Vol. 7), attackers are increasingly using calendar invites to bypass traditional email defenses, with this vector surging 49% over the past six months. In this Threat Labs deep dive, our team goes behind the scenes to provide a detailed analysis of this escalating campaign. We break down the technical underpinnings and tactical shifts in a unique multi-vector attack that turns your trusted corporate schedule into an instrument of compromise.

How to Secure AI Adoption In Your Organization

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent webinar, Martin explores the transition from AI tools to AI agents.

FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts

The US Federal Bureau of Investigation (FBI) has warned that a new phishing-as-a-service (PhaaS) platform called “Kali365” is targeting OAuth tokens to gain direct access to users’ Microsoft 365 accounts without stealing credentials or multifactor authentication codes. “Through the Kali365 platform subscription, cyber threat actors can capture ‘OAuth’ tokens and gain persistent access to targeted individuals/entities' Microsoft 365 environments,” the Bureau says.

Cyber Insurance for MidMarket Organizations in Southeast Asia

Businesses increasingly identify cyber risk as a core operational concern. Yet many cyber incidents still stem from basic, preventable vulnerabilities such as susceptibility to phishing, weak passwords, unpatched software and misconfigured systems. Insurers can play an important role in helping to raise firms’ cybersecurity hygiene and enhancing overall cyber resilience. However, cyber insurance penetration in certain market segments and regions remains low.

Athletes Are Increasingly Targeted by Social Engineering Attacks

Scammers are increasingly targeting athletes with advanced social engineering attacks, the Guardian reports. The Guardian cites a recent report from Ernst & Young that found that athletes and teams have lost nearly $1 billion to fraud over the past twenty years, and more than 40% of these losses were reported in the past six years.

Warning: Scammers are Exploiting Geopolitical Unrest

Scammers are taking advantage of the conflicts in the Middle East and Ukraine to exploit people’s emotions, according to researchers at ESET. “Geopolitical turmoil often leads to human misery, which tends to pull at the heartstrings,” ESET says. “Legitimate charities may solicit donations to help their efforts to support innocent citizens caught in the crossfire.

Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers

Scammers are using legitimate hotel booking details to craft targeted phishing attacks, WIRED reports. Victims are far more likely to fall for a phishing attack if a message contains real information that they wouldn’t expect a scammer to know. According to researchers at Norton, this phishing campaign is targeting customers of at least 350 hotels and vacation rentals across 50 countries.

AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI

At the World Economic Forum cyber meeting in Geneva recently, I had an interesting conversation with Vinh Nguyen, who is a strategic security advisor and Senior Fellow for AI at CFR. I wanted to know from him how he sees runtime governance in agentic AI working out practically and what approaches actually work. One of the challenges he mentioned was that yes, we need runtime governance to provide continuous and real time assurance that agents are doing what they are supposed to be doing.

AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice

If AI agents are becoming organizational actors, then governance needs to move beyond principles and into operational structure. In Camille Stewart Gloster’s upcoming book The Insider You Build, she explains that governance is not defined by policies or structures, but by whether it can actually influence system behavior at runtime. In an agentic environment, governance only exists where it can shape, constrain, and intervene in decisions as they happen.