When your CISO asks if a specific browser extension has ever been installed on any of your workstations, how quickly can you get the correct answer? Malicious browser extensions are a significant threat that many organizations have no way of managing or detecting.

As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.

Online advertising is inevitable on countless websites and services across the Internet. Some attackers have learned to exploit online advertising services to deliver attacks, sometimes called “malvertising.” There are sophisticated attacks in the wild that capture user credentials – even MFA – with a malicious sponsored link and exploit the resulting access.

Today's transforming cyber threat landscape is an age of major malice regarding malware. Lumma Stealer remains one of the most fascinating malicious pieces out here. The aim of this blog is to tell you about all recent activities regarding this malware within the year 2025. Thereby, focusing on some practical real-based scenarios, where incidents have unfolded using this malware as a sample analysis, with line-by-line analysis of malware along with dissected code infection patterns.

The rise of agentic AI tools will transform the cybercrime landscape, according to a new report from Malwarebytes. Agentic AI—which is still under development—is a step above the generative AI tools that are currently available to the public, and will likely be widely released in 2025. While these tools will have many legitimate uses, they’ll also enable cybercriminals to scale their attacks.

According to the British Retail Consortium (BRC), shoplifting in the UK is surging. Reported cases jumped from 3.7 million to 20.4 million within a year. Viral social media clips show brazen daylight shoplifting. Reports quote frustrated shopkeepers afraid to intervene. Experts in retail, law, and economics debate the causes, blaming the economy, policing, organized crime, and justice systems. While physical shoplifting dominates headlines, digital shoplifting is equally bold and costly.

Artificial Intelligence (AI) has been a game-changer in industries that have further churned into process efficiency and revolutionized cybersecurity. On the flip side, its potential has been weaponized by threat actors. Google's Threat Intelligence Group (GTIG) recently came out with reports which showed that state-sponsored hackers are actively exploiting Google's AI-powered Gemini assistant to strengthen their cyberattacks.

A KnowBe4 Threat Lab publication Authors: Daniel Netto, Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer Executive Summary Attackers exploit redirects that lack safeguarding mechanisms to borrow the domain reputation of the redirect service, obfuscate the actual destination and exploit trust in known sources. Whitelisting URLs, only allowing a predefined set of URLs to be rewritten, is an effective countermeasures against the vulnerability on the server side.