Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

Defending Against Modern Email Threats With Layered, AI-Driven Security

Jan 8, 2026 By KnowBe4 Team In KnowBe4
Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization. Phishing, Business Email Compromise (BEC) and supply-chain attacks continue to rise, with adversaries leveraging AI and compromised accounts to bypass legacy defenses. This presents many challenges for CISOs, IT Directors and SOC teams alike: it seems pretty clear that threats are evolving faster than traditional email security can keep up.
Read Post
knowbe4

Phishing Campaign Targets WhatsApp Accounts

Jan 8, 2026 By KnowBe4 Team In KnowBe4
Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts. The attack begins with an unsolicited message stating, “Hey, I just found your photo!” along with a link to a spoofed Facebook login page. Instead of trying to steal users’ Facebook credentials, however, the attackers are attempting to gain access to victims’ WhatsApp accounts.
Read Post
knowbe4

New BlackForce Phishing Kit Bypasses Multifactor Authentication

Dec 22, 2025 By KnowBe4 Team In KnowBe4
Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, the kit “features a vetting system to qualify targets, after which a live operator takes over to orchestrate a guided compromise.” Additionally, the phishing kit uses mostly legitimate code in order to avoid detection by security scanners.
Read Post
Arctic Wolf

CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

Dec 19, 2025 By Julian Tuin In Arctic Wolf
On December 17, 2025, Cisco published an advisory detailing a new threat campaign identified on December 10, affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The campaign is exploiting an unpatched zero-day vulnerability, which only affects deployments with the Spam Quarantine feature enabled. It allows threat actors to execute arbitrary commands with root privileges on affected devices. This feature is not enabled by default.
Read Post

ICS phishing with Jon Gaulding

Dec 19, 2025 By LimaCharlie In LimaCharlie
Join us for this week's Defender Fridays as we explore ICS phishing and calendar invite abuse with John Gaulding, Full Stack Engineer at Sublime Security. John examines how attackers are weaponizing calendar invites to bypass email security defenses and create persistent attack vectors. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
View Video
knowbe4

WeChat Phishing Attacks a Growing Threat Outside China

Dec 18, 2025 By KnowBe4 Threat Lab In KnowBe4
“Super-app” WeChat offers a wealth of functionality—from instant messaging, text and voice messaging, and video calls to mobile payments, ride booking, ordering food deliveries, paying bills and even accessing government services. Provided by Chinese technology conglomerate Tencent, WeChat has become deeply integrated into daily life in China and usage has been spreading globally. The app now boasts over 1.4 billion active users (24.8% of total internet users).
Read Post
graylog

Understanding Ransomware Email Threats

Dec 18, 2025 By Jeff Darrington In Graylog
The Ransomware-as-a-Service (RaaS) ecosystem has changed the look and shape of modern day ransomware attacks. Malicious actors typically view their cybercrimes as a business, hoping to make the most amount of money with the least amount of effort. For example, according to research, AI-automated phishing attacks performed similarly to human generated ones and 350% better than the ones sent to the control group.
Read Post
Enhancing Digital Security: How ClarityCheck Supports Cyber Awareness

Enhancing Digital Security: How ClarityCheck Supports Cyber Awareness

Dec 17, 2025 By SecuritySenses In SecuritySenses
In today's digital-first world, personal and business information is constantly at risk. Cybersecurity threats are no longer limited to large corporations-individuals face data breaches, phishing attempts, and identity theft on a daily basis. One emerging solution that has gained attention in online communities, including a positive review on Reddit, is ClarityCheck. This innovative service allows users to search for information linked to phone numbers and email addresses, providing an extra layer of digital visibility and protection.
Read Post

Phish No More: Instant Defense with Cato SASE

Dec 16, 2025 By Cato Networks In Cato Networks
Phishing remains one of the most common ways attackers try to breach enterprise environments. Traditional tools often detect these attempts too late, giving attackers time to gain a foothold. In this demo, you’ll see how the Cato SASE Cloud Platform stops phishing attempts in real time. Cato inspects every click, evaluates threats instantly, and blocks malicious sites before they load, without slowing users down.
View Video
knowbe4

Phishing Campaign Targets Executives With Phony Awards

Dec 16, 2025 By KnowBe4 Team In KnowBe4
A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing malware. “The campaign uses a high-value executive recognition lure, ‘Cartier Recognition Program,’ to target executives,” the researchers write.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.