Security Awareness Training

A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET.

Public sector cybersecurity leaders are no longer measured solely on whether they stop attacks, they are measured on whether they can prove it. Across federal, state, local and education environments, compliance obligations continue to expand. Frameworks and mandates include:

AI is making phishing attacks easier to create and scale. Tasks that once required manual effort can now be automated, allowing attackers to generate realistic messages, launch campaigns, and adapt tactics quickly to evade security controls. In fact, KnowBe4’s 2025 Phishing Threat Trends Report found that more than 73% of phishing emails analyzed in 2024 showed signs of AI involvement.

Threat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures,” the researchers write.

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives.

Human risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate employee behavior.

In the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn’t just tedious, it’s a drain on your most valuable resource: time.

John N Just, Ed.D. – Chief Learning OfficerEvolving Standards for Digital and Workplace ComplianceIt is a common misconception that digital accessibility and AI safety are niche concerns for specialized teams, but they are actually core operational requirements for every employee. The European Accessibility Act (EAA) and the rapid adoption of generative AI have changed the compliance landscape, moving us from reactive fixes to proactive, organization-wide standards. To address this, we have added new training modules and quick-reference guides covering the EAA, AI data privacy and foundational workplace safety. These resources help ensure your team stays compliant with both emerging digital mandates and essential safety principles. Check out our latest updates and let us know what you would like to see added to the Compliance Plus library in the coming months on both of these important topics, as well as anything else that will help your compliance culture to grow.

When it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging.