Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

The Rise of Kratos: How the New Phishing-as-a-Service Kit Industrializes Cybercrime

Feb 27, 2026 By KnowBe4 Threat Lab In KnowBe4
By the end of 2026, over 90% of all credential compromise attacks are estimated to be enabled by modular Phishing-as-a-Service (PhaaS) kits like the sophisticated, global threat, Kratos. This aggressive platform has already begun reshaping the threat landscape. At its core, Phishing-as-a-Service (PhaaS) is a malicious cloud-based service that allows easier deployment of phishing attacks and faster updating of features as compared to traditional phishing and malware attacks.
Read Post

Ep. 47 - APT42 & Iran's AI Social Engineering: Deepfakes, Phishing & Hack-and-Leak

Feb 25, 2026 By SafeBreach In SafeBreach
Iran’s APT42 — also known as Charming Kitten or Mint Sandstorm — is redefining social engineering with generative AI, deepfake voice cloning, and long-term phishing campaigns. In this episode of the Cyber Resilience Brief, we break down how Iranian state-sponsored threat actors are using AI-powered phishing, MFA fatigue attacks, credential harvesting, and hack-and-leak operations to target journalists, political campaigns, academics, and enterprise executives.
View Video
sendmarc

Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr

Feb 24, 2026 By Sendmarc
In a recent DMARCbis fireside chat, email authentication leaders discussed upcoming DMARC changes and how teams can plan for 2026. Sendmarc has released a new fireside chat featuring Todd Herr, Principal Solutions Architect at GreenArrow Email and co-editor of DMARCbis, on the upcoming update to DMARC (Domain-based Message Authentication, Reporting, and Conformance).
Read Post
knowbe4

What Happens If I Click A Phishing Link?

Feb 21, 2026 By James Dyer In KnowBe4
Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices. Phishing can result in cybercriminals gaining unauthorized access to organizations’ data, network systems, or applications. People can be understandably alarmed once they realize they’ve clicked on a phishing link.
Read Post
Phishing Kit Attacks Are Now Everywhere: How SOC Analysts Can Detect Them

Phishing Kit Attacks Are Now Everywhere: How SOC Analysts Can Detect Them

Feb 18, 2026 By SecuritySenses In SecuritySenses
Phishing kits have changed the speed of compromise. Attackers no longer need malware or complex tooling. With ready-made phishing platforms, they can launch large-scale credential theft campaigns that bypass MFA and deliver valid sessions almost instantly. By the time an alert reaches the SOC, the attacker may already be inside. Stopping these attacks now depends on seeing the full phishing chain early, before stolen access turns into business damage.
Read Post
bitsight

A Match Made in Heaven: How Valentine's Day Fuels Seasonal Phishing Attacks

Feb 12, 2026 By Emma Stevens In BitSight
Valentine’s Day runs on emotion. Surprise, urgency, curiosity, trust, love. For threat actors, that combination is hard to beat. Every year in mid-February, security teams see the same pattern. Phishing campaigns pick up. Brand impersonation increases. Fraud attempts follow close behind. It is not because attackers suddenly developed new techniques.
Read Post
knowbe4

Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA

Feb 12, 2026 By KnowBe4 Threat Lab In KnowBe4
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA).
Read Post
knowbe4

Voice Phishing Kits Give Threat Actors Real-Time Control Over Attacks

Feb 12, 2026 By KnowBe4 Team In KnowBe4
Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication. “The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,” Okta says.
Read Post

The browser blind spot: Phishing evolution and shadow AI risk with Cody Pierce

Feb 10, 2026 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as we explore browser security, phishing evolution, and the risks of shadow AI with Cody Pierce, CEO at Neon Cyber. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.