Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

knowbe4

[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets

May 21, 2026 By KnowBe4 Team In KnowBe4
GitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,800 repositories being “directionally consistent” with its investigation. GitHub also said it found no evidence that customers’ own enterprises, organizations or repositories were impacted.
Read Post
knowbe4

Attackers Continue to Pose as Help Desks in Social Engineering Attacks

May 6, 2026 By KnowBe4 Team In KnowBe4
Researchers at Google’s Threat Intelligence Group (GTIG) are tracking a new threat actor that’s impersonating help desks to trick users into installing malware. The threat actor, which GTIG tracks as “UNC6692,” begins by sending a large volume of spam emails to the victim, then initiates contact via Microsoft Teams to ostensibly help the user block the spam.
Read Post
Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games

Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games

Apr 28, 2026 By SecuritySenses In SecuritySenses
Massively multiplayer online real-time strategy games occupy a specific and underexamined position in the gaming security landscape. Unlike session-based games where a match ends and the state resets, MMORTS titles run continuous worlds where player-built empires, alliances, and resource stockpiles exist around the clock, whether or not the player is logged in. That persistence creates a threat model significantly closer to financial services platforms than most people in either the security or gaming industries tend to acknowledge.
Read Post
knowbe4

Voice Phishing is a Growing Social Engineering Threat

Apr 8, 2026 By KnowBe4 Team In KnowBe4
Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. “While email phishing often relies on volume and opportunistic delivery, interactive methods involve a live person steering the conversation in real-time,” Mandiant says.
Read Post
bluevoyant

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

Mar 6, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) continue to track an activity cluster that uses email bombing and IT-support impersonation over Microsoft Teams to obtain Quick Assist access, then pivot to a deeper attack. This research shows that once on the victim’s host, the actors sideload a malicious DLL to deliver a new backdoor BlueVoyant has dubbed the A0Backdoor.
Read Post
knowbe4

AI-Assisted Social Engineering Attacks Continue to Rise

Feb 19, 2026 By KnowBe4 Team In KnowBe4
Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026. “Deepfake voice, image, and video impersonation now requires minimal expertise and only a handful of reference images or seconds of audio,” the researchers write.
Read Post
bitsight

Inside the Rise of Clone Phishing and CAPTCHA-Based Social Engineering

Jan 22, 2026 By Emma Stevens In BitSight
In our previous two posts, The ABC’s of Ishing and From Lure to Breach, we broke down the foundational tactics used by cybercriminals to deceive users and gain unauthorized access. This follow-up report expands on that foundation by exploring three evolving phishing threats that go beyond traditional email lures: clone phishing, deepfake phishing, and Captcha phishing.
Read Post
knowbe4

AI-Assisted Social Engineering is a Growing Concern

Jan 21, 2026 By KnowBe4 Team In KnowBe4
A survey by the World Economic Forum (WEF) found that 47% of organizations cite the advancement of adversarial capabilities as their top concern surrounding generative AI. These capabilities include phishing, malware development, and deepfakes, all of which are increasingly accessible due to AI tools. Additionally, 42% of organizations experienced a successful social engineering attack last year, and the researchers expect this number to rise as AI-assisted social engineering grows more advanced.
Read Post
safeaeon

8 Ways Organizations Reduce Exposure to Social Engineering Attacks

Jan 19, 2026 By SafeAeon Inc. In SafeAeon
It is not always malware or a sophisticated tool that results in cyber threats. Sometimes, this happens through a convincing email or a request that appears trustworthy. There have been occasions where attackers created a moment of urgency to lead someone into clicking, sharing, or approving without realizing the consequences. This is social engineering. Social engineering threats are becoming more dangerous.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.