Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Scammers are taking advantage of the conflicts in the Middle East and Ukraine to exploit people’s emotions, according to researchers at ESET. “Geopolitical turmoil often leads to human misery, which tends to pull at the heartstrings,” ESET says. “Legitimate charities may solicit donations to help their efforts to support innocent citizens caught in the crossfire.

Scammers are using legitimate hotel booking details to craft targeted phishing attacks, WIRED reports. Victims are far more likely to fall for a phishing attack if a message contains real information that they wouldn’t expect a scammer to know. According to researchers at Norton, this phishing campaign is targeting customers of at least 350 hotels and vacation rentals across 50 countries.

At the World Economic Forum cyber meeting in Geneva recently, I had an interesting conversation with Vinh Nguyen, who is a strategic security advisor and Senior Fellow for AI at CFR. I wanted to know from him how he sees runtime governance in agentic AI working out practically and what approaches actually work. One of the challenges he mentioned was that yes, we need runtime governance to provide continuous and real time assurance that agents are doing what they are supposed to be doing.

If AI agents are becoming organizational actors, then governance needs to move beyond principles and into operational structure. In Camille Stewart Gloster’s upcoming book The Insider You Build, she explains that governance is not defined by policies or structures, but by whether it can actually influence system behavior at runtime. In an agentic environment, governance only exists where it can shape, constrain, and intervene in decisions as they happen.

False positives can disrupt inbound email security as much as missed threats by slowing business workflows and eroding trust in security controls. As phishing attacks become more convincing, many systems respond by tightening filtering thresholds. But without enough context, this can lead to overblocking, where everyday business communication is misclassified as suspicious. Reducing false positives requires more than adjusting filters.

With over 10 years of experience in implementing AI, KnowBe4 has a ton of agents on its platform which customers can use to significantly lower risk. They help to secure the digital workforce (humans + AI agents). But five of them, all based and driven by risk scoring metrics, have become my favorites.

Cyber insurance claims surged by 40% over the past eighteen months, while ransomware payments have dropped by 44%, according to a new report from Cowbell Cyber. The three most common incident types were data breaches, cybercrime (including phishing and business email compromise), and extortion attacks (including ransomware).

Researchers at Push Security have analyzed a phishing platform used by organized criminal threat actors like ShinyHunters and BlackFile, finding more than 400 domains linked to attacks launched by the phishing kit.

The classic 'survey reward' scam is back and hitting harder than ever. KnowBe4 Threat Labs is tracking a massive, high-volume campaign that is not only impersonating a wide array of trusted global brands across retail, logistics, and healthcare, but is using hundreds of newly registered domains (NRDs) and sophisticated psychological priming to fly past traditional security defenses.

In 2024, we talked to AI. In 2026, AI is talking to our systems, our customers, and increasingly, acting on our behalf. With AI agents, we are moving AI from a tool to an actor, from assistance to agency and from outputs to actions. And that changes the nature of risk. AI agents plan, execute, and interact with the world on our behalf. They send emails, move data, trigger workflows, and increasingly operate across systems without human intervention.