Human Risk Management Blog KnowBe4’s blog keeps you informed about the latest in security including social engineering, ransomware and phishing attacks.
- How Adaptive Email Security Helps Navigate Threats in the Age of AI
by KnowBe4 Team on March 27, 2026 at 12:22 pmA finance employee receives an email that appears to come from the CFO requesting urgent payment approval. The message references a current project, uses the correct tone, and arrives at a plausible time. However, the email wasn’t written by a colleague — it was generated by AI. And it contains a malicious link.
- Report: Attackers Can Trick AI Assistants Into Displaying Phishing Messages
by KnowBe4 Team on March 26, 2026 at 8:00 pmResearchers at Permiso warn that threat actors can plant phishing messages within Copilot AI summaries. Notably, the researchers found that attackers can trick Copilot into including internal information to craft a more targeted message.
- Why Financial Firms are Outgrowing Traditional Email Security
.jpg "Why Financial Firms are Outgrowing Traditional Email Security")
by KnowBe4 Team on March 26, 2026 at 6:00 pmIn the financial services industry, a “security incident” is rarely just an IT ticket. It is a regulatory event. Whether you are a bank, a global investment firm, or a fintech startup, your email environment is the most targeted entry point for attackers and the most common exit point for sensitive data.
- Great Patching Lessons To Learn From The Zero Day Clock
by Roger Grimes on March 26, 2026 at 3:30 pmI just came across the Zero Day Clock, and I love it. Everyone should go there, see the stats, see the trends, and figure out what that means for your ongoing and future patch management plans.
- Scammers Abuse Calendar Invites to Plant Phony Subscription Notices
by KnowBe4 Team on March 26, 2026 at 1:00 pmMalwarebytes warns that a phishing campaign is using Google Calendar invites to send phony renewal notices for Malwarebytes subscriptions. The calendar invites contain a phone number that will connect the user with a scammer.
- Why Your Human Risk Management Strategy Can’t Ignore AI
by KnowBe4 Team on March 25, 2026 at 8:00 pmAI isn’t just another technology wave—it’s a force multiplier for both innovation and risk. In a recent webinar featuring insights from Bryan Palma and guest speaker Jinan Budge, Vice President and Research Director at Forrester, one message came through clearly: the rise of AI and AI agents is fundamentally reshaping the human risk landscape—and security leaders need to move fast to keep up.
- 100,000+ New Vulnerabilities This Year and Most Will Be Zero-Days Exploited Fasterby Roger Grimes on March 24, 2026 at 7:30 pm
The number of publicly reported unique vulnerabilities has risen year after year. There was a brief decrease and stabilization in 2015 – 2016, but those are the only years in the over two decades (1999 – on) I have been following vulnerability metrics. Other than that, it has been up, up, up.
- I Didn’t Revoke my API Keys Because Claude Called Me An Idiot
by Javvad Malik on March 24, 2026 at 5:30 pmI need to confess something. A few days ago whilst vibe coding at 2am (which can end up burning through tokens like they are going out of fashion) I accidentally pasted my API key directly into a Claude chat instead of the terminal window I had open.
- Best Practices for Implementing AI Agents
.jpg "Best Practices for Implementing AI Agents")
by Martin Kraemer on March 24, 2026 at 3:30 pmOn March 9th, Codewall.ai disclosed how it had hacked McKinsey & Company’s AI platform called Lilli, a purpose-built system for 43,000+ employees to analyze documents, chat, and access decades of proprietary research. The researchers unleashed an AI agent which quickly scanned 200 endpoints, identified 22 that did not require authentication, and one that wrote user search queries into a database including non-parameterized JSON keys which were concatenated directly into SQL.
- CyberheistNews Vol 16 #12 [Keep An Eye Out] Why Unsecured Outlook Email Is Risky
by KnowBe4 Team on March 24, 2026 at 1:30 pm
