KnowBe4 Security Awareness Training

North Korean hackers continue to target software developers via social engineering attacks, according to researchers at Recorded Future.

I am excited to announce my latest book, How AI and Quantum Impact Cyber Threats and Defenses: Shaping Your Cyber Defense Strategies.

Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication.

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA). The victim is directed to the legitimate Microsoft domain (microsoft.com/devicelogin) portal to enter an attack-supplied device code. This action authenticates the victim and issues a valid OAuth access token to the attacker’s application. The real-time theft of these tokens grants the attacker persistent access to the victim’s Microsoft 365 accounts and corporate data.

Valentine’s Day is usually a time for flowers and candlelight, but in recent years the digital dating landscape has shifted from a place of hope to a high-tech minefield. While “catfishing” was once the primary concern for online daters, 2026 has ushered in a more sinister era: the completely AI-enabled romance scam.

If you look back just a couple of years, the digital landscape looks almost unrecognizable. We’ve moved from AI being a cool new tool to it being at the heart of our online lives.

The first requirements set forth for the EU AI Act start this month (February). Luckily, this regulation starts with some of the easiest components to comply with; these are related to banned activities and basic AI literacy. The full force of the law takes effect in August 2026, right around the corner. Here is a link to a full blog post on the implications of this new legislation, which is a lot like GDPR but for AI: https://blog.knowbe4.com/ai-literacy-training-from-best-practice-to-legal-requirement-under-the-new-eu-ai-act Many of you will not be affected by these new regulations, but there are similar acts that have either passed already (like in Texas) or are going through the legislative process. AI Literacy will no longer be a best practice, but will be required for compliance in most industries. Luckily, we have plenty of content for you to help build out your plan to comply with all of these laws and regulations related to proper use, protection from AI and general literacy. So partner with us for help in your AI journey, no matter where you are.

A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s security verification process, according to researchers at Varonis.

We are very excited that 2025 broke all of our records for usage and quality ratings of our content on the platform! Our 2025 records were driven by a notable trend: more frequent training across our existing customer base. We’ve seen a shift where organizations are engaging with more content per user, leading to higher overall usage and improved quality ratings as they dive deeper into our library. We really appreciate our customers’ partnership and feedback that helps us continue to strive to have a bigger impact with even higher quality in 2026! “Useful information, not only for work but for personal purposes. I will definitely pass what I’ve learned on to family and friends!”“Very good reminders; I’ve experienced some of these situations recently.” Training ModuleCheck out our updated version of our popular Social Engineering Foundations training module. Understand the psychology behind social engineering manipulation. Discover how scammers exploit human emotions and learn practical strategies to avoid common scams at work and home. Deepfake Awareness and DefenseMobile-First ModuleDefend against AI-powered deepfake attacks. Learn to identify synthetic media across financial fraud, phishing and manipulation schemes through interactive scenarios and practical verification protocols. encryptED: Dark Minds Behind Digital ThreatsAudiocastExplore the criminal mind in cybersecurity. Host Andy examines Dark Triad personality traits through real cases, revealing why understanding the psychology of attackers strengthens your defensive strategy. Phish or Treat? Smishing EditionGameTest your scam-spotting skills in realistic scenarios. Help traveling manager Alex distinguish genuine urgent messages from sophisticated scams and make the safest decisions under pressure. Privileged User Security: Privileged AccessTraining ModuleEssential security training for privileged users. Protect your organization’s most vulnerable access points by mastering core principles that defend against cybercriminals targeting elevated system permissions. Public Wi-Fi DangersPosterUse this poster to remind employees to verify the legitimacy of public Wi-Fi networks before connecting to them.  Secure Application Development forBack-End DevelopersTraining ModuleBack-end security fundamentals every developer needs. Learn critical practices for security testing, cryptography, database protection and API security to safeguard your applications comprehensively. Secure Application Development for Front-End DevelopersTraining ModuleSecure coding essentials for front-end developers. Master OWASP considerations, security testing methods and best practices to build robust, protected applications from the ground up. Social Engineering Awareness for Energy and UtilitiesMobile-First ModuleEnergy and utilities workers face unique cyberthreats. Learn to recognize social engineering attacks, phishing scams and ransomware tactics that target critical infrastructure and operational technology. Artificial Intelligence for StudentsTraining ModuleNavigate AI’s future confidently. Students gain essential understanding of artificial intelligence tools, ethical challenges, deepfake risks and safe, responsible usage practices for academic success. Break the Cycle: How Students Recognize and Stop HazingTraining ModuleCreate safer campus communities by recognizing and preventing hazing. Learn bystander intervention techniques, understand physical and psychological impacts and know how to report concerning behaviors. NEW! – Quarterly Product Update VideosAt KnowBe4, we’re always adding new features and improving our products. Watch the latest Quarterly Product Update to catch up on all the fresh content and new features that we’ve added to the KnowBe4 platform over the last quarter.Here’s the direct link to the KnowBe4 platform support article and video: https://support.knowbe4.com/hc/en-us/articles/360015575313-Video-KSAT-Quarterly-Product-Update-December-2025Here’s the direct link to the PhishER support article and video: https://support.knowbe4.com/hc/en-us/articles/1500005726381-Video-PhishER-Quarterly-Product-Update-December-2025  To see all the features of the KnowBe4 platform, request your demo today! Don’t like to click on redirected links? Copy and paste this into your browser:https://info.knowbe4.com/kmsat-request-a-demo-content-update   NEW! – KnowBe4’s Public Product Roadmap Our public product roadmap is now available, providing a high-level view of planned enhancements and new capabilities. The roadmap reflects our ongoing innovation as we continue to evolve in response to emerging threats, your needs and changes in the cybersecurity landscape.As always, our focus remains on reducing human risk and helping your users make smarter security decisions. While timelines and scope may shift, our public roadmap offers transparency into how we’re thinking about what comes next so you can plan your security initiatives ahead of time.Check out the roadmap here: https://www.knowbe4.com/products/product-roadmap.