Posts

KnowBe4 - 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk

Image
Every year, KnowBe4 analyzes millions of simulated phishing tests to measure one thing: how likely is your workforce to fall for a phishing attack? The results, published in the 2026 Phishing by Industry Benchmarking Report , paint a clear picture of where human risk concentrates — and what organizations can do about it. from KnowBe4 Blog https://blog.knowbe4.com/2026-phishing-industry-benchmarking-report

The Hacker News - What Changes When Your Software Supply Chain Includes AI Writing Your Code?

Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds, Log4Shell, and XZ Utils all taught the same lesson: the risk lives less in the code a from The Hacker News https://thehackernews.com/2026/07/what-changes-when-your-software-supply.html

KnowBe4 - Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis

Image
When we think about email security , our minds almost always jump to the inbound threats: the sophisticated phishing lures, the AI-generated business email compromise (BEC) attacks, and the malicious attachments knocking at the perimeter. from KnowBe4 Blog https://blog.knowbe4.com/static-dlp-is-leaving-you-in-the-dark-why-its-time-for-intelligent-self-serve-outbound-dlp-and-misdirected-content-analysis

Schneier - Google Is Suing Chinese Scammers Who Are Using Gemini

Not sure this will have any effect, but I support the effort: According to Google’s legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their own. In its Telegram channels, Outsider Enterprise reportedly provided instructions on how to use Google’s Gemini AI to create websites that imitate those of Google, YouTube, and government agencies such as New York’s E-ZPass. The group offered nearly 300 scam templates. […] Google worked with AT&T, Verizon, and T-Mobile to block many of these malicious text messages, and Google notes that its on-device scam detection in Google Messages probably helped reduce the number of successful phishing attempts, too. This AI-powered feature apparently stops 10 billion scam texts every month, so it’s fair to expect it caught at least some Outsider Enterprise activity. ...

The Hacker News - Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials, from The Hacker News https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html

The Hacker News - CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process from The Hacker News https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html

The Hacker News - ⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust from The Hacker News https://thehackernews.com/2026/07/monday-recap-proxy-botnets-browser.html