Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We recently conducted research in Denmark and Sweden to understand security culture in local organizations better. This research reveals a critical vulnerability in Danish and Swedish organizations - nearly 70% of employees in Denmark and 72% of employees in Sweden receive no cybersecurity training at their workplace. This gap in security awareness creates vulnerabilities that could affect organizations at every level.

Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps. The attackers managed to place at least 331 malicious apps in the Play Store. In addition to displaying full-screen ads, some of the apps also directed users to phishing sites designed to harvest their credentials. “Most applications first became active on Google Play in Q3 2024,” Bitdefender says.

In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is something as simple as a password. Recently, KnowBe4 has shed light on a concerning trend in Denmark and Sweden: a significant number of employees aren't using strong passwords.

Threat actors are abusing Microsoft’s infrastructure to launch phishing attacks that can bypass security measures, according to researchers at Guardz. The attackers compromise multiple Microsoft 365 tenants in order to generate legitimate transaction notifications that contain phishing messages.

There are thousands of people worldwide trying to scam you, hoping they can make you a victim, steal your money, and harm you in some way. While some of it is done by individuals or small gangs of people, a lot of it happens on an industrialized scale. In countries around the world, there are large teams of people living and working together, controlled by managers, with profits going up the corporate ladder to people who think they are the next Elon Musk.

Our latest Phishing Threat Trends Report explores the evolving phishing landscape in 2025, from renewed tactics to emerging attack techniques. Ransomware may be an “old” threat, but new tactics are making people more susceptible than ever. In this edition, we break down a highly advanced attack detected by KnowBe4 Defend that bypassed native security and a secure email gateway (SEG)—and would have been nearly impossible to stop if launched.

Business email compromise (BEC) attacks rose 13% last month, with the average requested wire transfer increasing to $39,315, according to a new report from Fortra. “The average amount requested from BEC wire transfer attackers was $39,315 in February compared to $24,586 in January 2025, an increase of 60%,” the report says.

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at Microsoft. The attacks use a social engineering technique called “ClickFix” to trick victims into downloading malware.

Our recent research reveals a concerning discrepancy between employees' confidence in their ability to identify social engineering attempts and their actual vulnerability to these attacks. While 86% of respondents believe they can confidently identify phishing emails, nearly half have fallen for scams in the past. This disconnect between perceived competence and demonstrated vulnerability, the "confidence gap", poses a substantial risk to organizations. The Danger of Overconfidence.

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity and the eventual emergence of malicious agentic AI malware. Both of those articles started to touch on the idea of automated agentic AI defenses. This posting goes into a little more detail on what agentic AI defenses might mean. It starts with agentic AI, which is a collection of automated programs (i.e., bots or agents) working toward a common goal.