Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Social Engineering Campaign Targets Microsoft Teams Users

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email addresses. “Microsoft Teams now allows users to send direct chat invitations to any email address, even if recipients aren’t part of a Teams tenant,” the researchers explain.

Your Digital Footprint and Why it Matters!

You know that trail of bread crumbs you leave across the internet? Cybercriminals love to eat them up! Every post. Every like. Every old username from 2012, it all sticks around. And scammers can use that info to guess passwords, target you, or piece together your whole life story. So post smart. Share less. Protect more.

Warning: Phishing Campaign Leveraging Evilginx Targets U.S. Universities

Threat actors are using the open-source phishing framework Evilginx to target universities across the United States, according to researchers at Infoblox. The attackers have targeted at least 18 universities and educational entities since April 2025, using phishing pages that spoofed student single sign-on (SSO) portals. “In the campaigns we analyzed, students were targeted via personalized emails that contained TinyURL links,” Infoblox says.

Notorious Cybercrime Group is Now Targeting Zendesk Users

ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” appears to be using social engineering attacks to target organizations’ Zendesk instances. This group was behind a widespread campaign earlier this year that used voice phishing attacks to compromise dozens of companies’ Salesforce portals.

KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius

KnowBe4 is proud to announce that three of its leading security products — Security Awareness Training, PhishER/PhishER Plus and Compliance Plus — have been recognized as 2026 Buyer's Choice award winners by TrustRadius, a HG Insights company and buyer intelligence platform for business technology.

Malicious AI Tools Assist in Phishing and Ransomware Attacks

Researchers at Palo Alto Networks’ Unit 42 are tracking two new malicious AI tools, WormGPT 4 and KawaiiGPT, that allow threat actors to craft phishing lures and generate ransomware code. These tools are criminal alternatives to mainstream AI tools like ChatGPT, with no safety guardrails to prevent users from using them for malicious activities. The latest version of WormGPT offers lifetime access for $220, or a monthly fee of $50.

Report: Sophisticated Fraud Attacks Are on the Rise

Sophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms, according to Sumsub’s latest Identity Fraud Report. “hile the volume of attacks remains staggering, the nature of fraud is shifting,” the researchers write.

The Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials

Since November 3, 2025, KnowBe4 Threat Labs has been monitoring a highly sophisticated, multi-stage phishing operation that is actively targeting organizations to steal employees’ Microsoft 365 credentials. The campaign has been engineered to bypass traditional email security defenses, such as secure email gateways (SEGs), and multi-factor authentication (MFA) tools.

2026 Phishing Threat Trends Report Preview

Ever wondered who answers when you call a cybercriminal? What happens in the aftermath of a Scattered Spider breach? Or why cybercriminals use legitimate platforms to send phishing emails? If so, this is the session for you. Join Jack Chapman, KnowBe4’s SVP of Threat Intelligence, as he pulls back the curtain on these topics. Jack will give you a first look at our latest Phishing Threat Trends Report, walking through attack scenarios and sharing the trends that are shaping the threat landscape.