Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A KnowBe4 Threat Lab Publication Authors: By James Dyer, Threat Intelligence Lead at KnowBe4 and Lucy Gee, Cybersecurity Threat Researcher at KnowBe4 On March 3, 2025, the KnowBe4 Threat Labs team observed a massive influx of phishing attacks originating from legitimate Microsoft domains. KnowBe4 Defend detected activity starting on February 24th, with a peak on March 3rd, when 7,000 attacks from microsoft-noreply@microsoft.com were recorded within a 30-minute window.

Networking and infrastructure and operations (I&O) teams often feel that they are facing contradictory challenges. They are expected to manually maintain the complex legacy infrastructure that keeps the business running, while also finding capacity and licence to help their organizations innovate at a time of rapid technological change.

A critical improper authorization vulnerability (CVSS 9.1) in Next.js, tracked as CVE-2025-29927, was publicly disclosed on March 21, 2025. Next.js is a popular React-based web framework used for building full-stack applications. This vulnerability impacts applications that utilize middleware for authorization checks. Middleware functions used to implement access control, session validation, redirects, or security headers on incoming HTTP requests.

By James Rees, MD, Razorthorn Security.

Grep (Global Regular Expression print) command is a powerful text searching utility in Unix/Linux systems. Grep takes a pattern such as a regular expression or string and searches one or more input files for the lines that contain the expected pattern. Grep command can be significantly used for text searching and filtering, log analysis, code scanning, configuration management, data extraction etc.

Microsoft 365 provides a security solution called the Microsoft 365 Security & Compliance Center, which provides solutions to many types of threats. These features include next-generation threat protection, identity and access control, information governance, data loss prevention, encryption, compliance solutions, security management, and device control, which offer an extensive security mechanism for organizations.

For a long time, people have used signatures to verify documents. But now everything is going digital, and so are the signatures. According to a report by Fortune Business Insights, the global digital signature market is projected to reach $66.01 billion by 2032. All credit goes to the seamless functionality, security, and time-saving qualities they provide. In this blog, we are going to explain everything about digital signatures, their types, and what purpose they serve. Interested to find out more?

Given today’s reality of cyber security, healthcare organizations are always at risk of getting attacked. A Sophos‘s study outlines that out of the surveyed organizations, 59% have been impacted by ransomware attacks in 2024. What is more – only 22% have actually fully recovered in less than a week. However, for 37% of those institutions, it took over a month to recover. This is why it is crucial to adhere to regulatory frameworks and keep your data secured to the highest standard.

Read also: police crackdown on cybercrime across Africa results in over 300 arrests, alleged Snowflake hacker consents to be extradited to the US, and more.

Earlier this year I joined the team at CultureAI, and like many, I shared the news on LinkedIn. Within weeks, I found myself at the receiving end of multiple phishing emails impersonating our CEO designed to exploit new employees. But rather than ignoring them, I thought it could be fun to play along, see where the rabbit hole led, and deep dive into the world of BCE and Gift Card scams.