
CyberheistNews Vol 16 #27Â | Â July 7th, 2026
[HOW TO] Your Cybersecurity Starts at Home on World Social Media Day
By Anna Collard
Remember when “social media safety” meant advising employees not to post pictures of their security badges or laptop screens?
Back then, corporate risk and personal scrolling felt like two entirely separate worlds. Today, that boundary has completely dissolved. Social media has become a primary staging ground for sophisticated social engineering attacks targeting your workforce and their families.
Last month’s World Social Media Day should serve as a reminder to recognize how the landscape has shifted, and why securing the digital workforce requires a 360-degree approach to employee safety both in the office and at home.
The New Social Engineering Playbook
Yesterday’s typo-ridden phishing campaigns have evolved into highly targeted, multi-layered operations, driven by AI. Threat actors are leveraging public platforms in ways that standard corporate firewalls can’t block:
- OSINT and Oversharing: Seemingly innocent viral trends, like sharing a first car, a childhood pet or a high school mascot, are goldmines for open-source intelligence (OSINT). Using AI, attackers can mine this data at volume and use the details to guess security questions or craft hyper-targeted lures.
- Hyper-Personalized Spear-Phishing: Bad actors meticulously scrape LinkedIn profiles, Instagram posts and public comments made to map out corporate hierarchies and personal relationships, launching highly convincing corporate espionage or Business Email Compromise (BEC) attacks.
- AI-Driven Deepfakes: Cybercriminals can clone voices from a short video clip posted on a public profile, creating realistic impersonation scams targeting an employee’s family or financial team.
Cybersecurity Is a Lifestyle, Not a Corporate Chore
Security awareness shouldn’t stop when an employee logs off from their corporate laptop. If your team members or their families are vulnerable in their personal lives, your organization is inherently at higher risk. Building a true security culture means equipping people with digital defense skills they can use every day.
To help organizations bridge the gap between workplace security and home safety, KnowBe4 developed CAPY (Cyber Awareness Program for You). CAPY is a completely free online training hub designed specifically for families and individuals. By offering resources like CAPY to your workforce, you aren’t just giving them another training module; you’re offering a benefit that protects their whole family.
- For Kids and Teens: It makes learning about cybersecurity fun with games and coloring books for younger children. For tweens and teens there is content on cyberbullying, AI safety and sextortion.
- For Adults: Training on a wide range of topics from email phishing scams and social media attacks to mobile device safety and password security, with upcoming modules planned around how to safely engage with AI.
- For Senior Citizens: Specialized, easy-to-follow content focusing on some of the unique threats older adults face, including grandparent scams, identity theft and imposter fraud.
Honoring World Social Media Day, let’s look beyond the traditional perimeter. When we empower our teams to protect their personal digital lives, we create a much more resilient corporate culture.
Share the Free KnowBe4 CAPY Safety Hub with your team and help them secure their digital world at home, as well as at work.
Blog post with links to CAPY:
[Last Chance] Secure Your Spot for The Workforce Security Summit
The Workforce Security Summit is almost here! Don’t miss your chance to see what securing both your humans and AI agents looks like in practice!
Join us this Wednesday, July 8, to learn how you can evolve your security strategy for the modern threat landscape.
Don’t miss out on these valuable insights:
- Look to the future of AI-native security: Join CEO Bryan Palma for a look at the future of digital workforce security and the innovation shaping what comes next
- Know your threat. Own your defense. Walk away confident you have the knowledge and tools to defend against the threats targeting your people and agents — deepfakes, AI-powered phishing, voice cloning and more
- See what’s coming on the KnowBe4 Platform roadmap and get an exclusive inside look at what’s next
Date & Time: THIS WEEK, Wednesday, July 8 @ 1:00-3:00 PM ET
Shadow AI Is Not Shadow IT With a Better Marketing Budget
By Javvad Malik
I saw a Venn diagram on social media. One circle is Shadow IT, one circle is Shadow AI, a substantial overlap, and the implicit message is that they are effectively the same challenge.
They aren’t and that the assumption can lead to many problems.
Looking back, shadow IT was like watching a crash in slow motion. Employees using technology IT hadn’t sanctioned. Personal Dropbox accounts. Unofficial Slack workspaces. WhatsApp groups that evolved from “just a quick coordination thing” into the actual operational backbone of a team.
These presented real risks of data sprawl, compliance headaches and lack of visibility into where data was. Organizations spent years building governance frameworks to deal with it.
But Shadow IT, at its core, was a data location problem. The data sat somewhere it shouldn’t. It was largely inert. Someone had to go and do something with it. That was the threat.
Shadow AI is different in a way that is not subtle.
When You Stop Moving Data and Start Delegating Authority
Consider what happens when an employee connects an unsanctioned AI agent to their work systems.
It gains persistent access, a memory of prior context and the ability to take actions. Connected to email. Connected to calendar. Connected, in many cases, to the tools they use to communicate with customers and colleagues.
It has context, the relationships and the subtext buried in existing threads. It has, in most configurations that make it useful, some degree of write access. It can draft. It can send. It can schedule. It can, at the more capable end, make decisions and execute them before any human has reviewed them.
This is not a data location problem. This is an authority problem. The employee has not merely stored something in an unsanctioned place. They have delegated the ability to act in their name to something nobody in IT cataloged, governed or in many cases even knows exists.
Whereas shadow IT could be likened to someone putting files in their own cabinet at home as opposed to the secure one in the office. Shadow AI gave itself power of attorney.
Why Employees Are Doing This
KnowBe4’s Agentic Risks to Human Wins report confirmed that employees are turning to unsanctioned AI tools not out of malice or carelessness, but because the official alternatives are too slow, too restricted or too stripped-down to be genuinely useful.
These are the same reasons which drove Shadow IT. When corporate email took 10 business days to provision, employees found their own email. When SharePoint was genuinely terrible to navigate, employees found Dropbox. When corporate messaging required a ticket and three different authentication hoops to jump through, employees found WhatsApp.
While the pattern is identical, the capability gap has widened considerably.
AI tools in 2026 are fast, capable, increasingly agentic and easy to connect to existing workflows. Enterprise AI tools are often none of those things. They’ve been stripped down for policy compliance, throttled for cost control or are simply months behind what’s commercially available.
The employee who signs up for an unsanctioned AI assistant on a Friday afternoon is solving their own immediate needs in a way that creates everyone else’s security problem on Monday morning.
The Data That’s Going In
Over half (51%) of cybersecurity leaders believe the use of “Shadow AI” has had a great impact on their organizations’ cybersecurity over the past year. Employees are feeding AI agents internal strategy documents, client data, financial projections, HR records and legal correspondence; anything that would help the agent do a better job of whatever they’ve asked it to do.
[CONTINUED] At this blog post with links:
Get Your Ransomware Resource Kit
Ransomware remains one of the most persistent threats to infosec professionals.
What’s more, it has changed shape. The force transforming it is artificial intelligence (AI), which has made attacks faster and cheaper. Even more alarming, AI has removed the skill floor for attackers. Campaigns that once demanded genuine technical expertise now require only a subscription.
Lastly, strong backups, once considered the ultimate insurance policy against ransomware, are no longer enough on their own. The threat has shifted from “we locked your systems” to “we have your data.” No restore process can fix the latter.
Download our Ransomware Resource Kit for free resources discussing the latest trends in ransomware and how to keep your organization and users secure.
You get:
- Access to our free on-demand webinar Agentic AI Ransomware: What You Need to Know, featuring KnowBe4 CISO Advisor Roger Grimes
- Our The New Face of Ransomware: How AI and Exfiltration Are Mutating the Threat Landscape whitepaper
- Our How Polymorphic Malware is Outsmarting Your Email Security whitepaper
- Access to our free RanSim Ransomware Simulator, which tests effectiveness of your existing endpoint protection using twenty-four simulated ransomware infection scenarios and one simulated cryptomining infection.
- Ransomware insights from our Lead CISO Advisor Javvad Malik
Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction
By Anna Collard
In cybersecurity, attention has become one of our most valuable resources. Modern digital habits have fundamentally changed how we consume information, giving rise to “TikTok Brain.” An environment of constant notifications, endless content streams and competing demands on our focus, has changed how we consume information and, more importantly, how we make decisions.
Threat actors understand this shift perfectly. Whether it’s a phishing email, a convincing deepfake or an urgent text message, most social engineering attacks are designed to bypass careful thinking and trigger an immediate reaction. They exploit distraction, time pressure, emotional responses and our tendency to operate on autopilot.
If bad actors are hitting your users with fast, high-impact manipulation tailored to today’s shorter attention spans, why are so many organizations still trying to counter modern cyber threats with dry, hour-long annual compliance training?
Our security awareness efforts should do more than simply transfer information. They should help people develop the awareness to recognize when they need to slow down, pause and think critically.
The human mind just is not wired to retain a massive dump of security rules delivered once a year, especially in an era of constant digital distraction. Research on learning and behavior change suggests that knowledge delivered in small, relevant and repeated moments is often more likely to be remembered and applied when it matters. That means shifting away from marathon training sessions and towards agile, bite-sized learning.
The Power of Microlearning
Microlearning takes complex security concepts and slices them into highly focused, engaging modules that users can absorb in minutes. By keeping modules brief and interactive, you avoid user fatigue and build continuous awareness. Instead of treating security as a checkbox exercise, microlearning aligns with modern consumption habits to make safety an everyday reflex.
Short, focused learning moments can reinforce key concepts without overwhelming users. Rather than treating security as a once-a-year event, organizations can create a steady rhythm of reminders, simulations, nudges and practical exercises that keep security top of mind.
However, the goal is not simply to cater to shrinking attention spans. The goal is to help people strengthen their ability to focus on what matters, recognize manipulation attempts and make deliberate decisions when faced with uncertainty or pressure.
To help organizations maintain this continuous engagement without disrupting the workday, KnowBe4 offers a vast library of short, impactful content tailored to these shorter attention spans. For instance, teams can dive into modern threats with the “Cyber Essentials – Deepfakes” bite-sized training module, learn to recognize synthetic media using the quick video “AI Unveiled: Spot the Fake” or play games such as “Sir Hackalot: Royal Ravens” and “Spot the Phish.”
These brief interventions fit naturally into the workday while reinforcing secure habits over time.
Changing Culture, Minutes at a Time
Building a strong culture of defense is not about forcing your employees to become security experts. It is about helping them make the right choice when they are busy, tired or caught off guard.
By dropping short, relevant learning moments into their regular routine, you keep security top of mind without causing disruption. The strongest security cultures are built through small, consistent interventions that encourage awareness, reflection and deliberate action. When employees learn to notice urgency, question unexpected requests and create a moment of pause before responding, they become more resilient to manipulation.
In an age of digital distraction, the goal is not just shorter training. It is helping people reclaim their attention and use it wisely.
Blog post with links:
Custom Security Training in Minutes, Not Months
Building custom content used to mean big budgets and weeks of production time, but AI-driven threats don’t wait. Your training shouldn’t either.
Watch this demo to see how KnowBe4’s AI agents deliver tailored content that meets your organization’s exact needs, at speed. From generating custom training from your own policies to simulating deepfakes of your own executives, see what’s now possible in minutes.
What you’ll see in this demo:
- Content Creation Agent: Turn simple text prompts or internal documents into custom, interactive training modules and quizzes, no instructional design team required.
- Deepfake Training Content Agent: Safely simulate hyper-realistic executive impersonations, giving your workforce the hands-on experience needed to spot next-gen social engineering tactics before they become a costly mistake.
- Studio-Quality AI Videos at Scale, Powered by Synthesia: Generate professional video training modules with realistic AI avatars and seamless localization across 130+ languages — no production budget required.
The threats targeting your organization are custom-built. Your training should be too. Watch now to see how KnowBe4 puts the power of custom, relevant security awareness training directly in your hands.
Let’s stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.
PS: Kevin Mitnick left the man who helped jail him enough money to buy a Porsche 911:
PPS: Happy 3rd Birthday to Our KnowBe4 Community! We now have over 30,000 members:
Quotes of the Week Â
“Hear the other side.”
– Augustine of Hippo – Philosopher (354 – 430)
“We are not human beings having a spiritual experience. We are spiritual beings having a human experience.”
– Pierre Teilhard de Chardin – Philosopher (1881 – 1955)
You can read CyberheistNews online at our Blog
Security News
Clickfix Social Engineering Is Now the Leading Malware Delivery Method
The ClickFix social engineering technique is now the top malware delivery method, according to a new report from ReliaQuest. These attacks trick users into copying a malicious command, then pasting it into a terminal and running it on their computers.
“ClickFix remained the dominant delivery method this period and, for the first time, we observed it expand to macOS, delivering infostealers onto a platform many organizations still monitor less closely than Windows,” the researchers write. “This means ClickFix can no longer be handled as a special case.
“Training, detection and triage for it should run continuously on both Windows and macOS.” ReliaQuest notes that AI tools are enabling threat actors to scale social engineering attacks with very little added effort.
“Adversaries leaned on two strategies: social engineering at scale and attacks on unpatched, internet-facing infrastructure,” the researchers write. “The leading technique ‘ClickFix’ drove the first, shifting delivery from compromised websites to emailed links, while ‘Qilin,’ the period’s most active ransomware operator, continued exploiting unpatched edge devices for mass extortion.
“What’s more, AI is making social engineering faster, cheaper and more convincing, accelerating familiar techniques rather than creating new ones.”
Organizations should ensure that their security awareness programs train employees to recognize ClickFix tactics. “Train users not to paste commands into Run, Terminal or Script Editor, and simulate ClickFix-style lures on Windows and macOS (like CAPTCHA and verification prompts, ‘paste this to continue’ clipboard steps and browser-to-shell hand-offs),” the researchers write.
AI-native security awareness training gives your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.
Threat Actor Uses Phishing to Breach Organizations for Ransomware Gangs
An initial access broker associated with the Payouts King ransomware group is using Microsoft Teams phishing to deploy a malicious Microsoft Edge web browser extension, according to researchers at Zscaler.
Once the hackers have a foothold within an organization, they sell the access to the ransomware gang to conduct follow-on attacks.
“In recent attacks, the threat actor leverages social engineering tactics paired with an innovative malware delivery mechanism,” the researchers write. “The technique utilizes a malicious Microsoft Edge browser extension that exploits the Chrome native messaging protocol to interact with host-native applications beyond the confines of the browser sandbox.
“By abusing this interface, the attackers gain direct host access, enabling them to manipulate the local filesystem, launch processes and execute arbitrary code on the compromised host.”
The attackers begin by sending the victim a Teams message that impersonates the organization’s IT staff, telling the user that they need a spam filter update. The user is sent to a fake Microsoft website with a series of buttons designed to install the malware, eventually requesting the victim’s Microsoft365/Outlook password.
“As threat actors like those affiliated with Payouts King continue to leverage social engineering, such as spam bombing and vishing, in tandem with innovative delivery mechanisms, organizations must adopt a defense-in-depth posture,” Zscaler says.
“This includes robust monitoring of browser extension installations, strict control over native messaging host configurations and comprehensive user training to recognize and report suspicious prompts, especially when they mimic legitimate IT administrative updates or management consoles.”
What KnowBe4 Customers Say
“I would like to take a moment to recognize Hayden B., who has served as the Customer Success Manager supporting us throughout our engagement.
“Over the course of our partnership, Hayden consistently demonstrated exceptional professionalism, responsiveness and dedication. She was always available to answer questions, provide thoughtful guidance and ensure we had the support needed to maximize the value of the KnowBe4 platform.
“In addition to her deep knowledge and expertise, Hayden was proactive in offering recommendations, following up on open items, and helping us navigate challenges as they arose. Her commitment to customer success made a meaningful difference in our overall experience and contributed significantly to the success of our Security Awareness Program.
“I wanted to ensure this positive feedback was shared, as Hayden’s support and partnership have been greatly appreciated. She is a tremendous asset to the KnowBe4 organization and has consistently added value to every interaction.
“Her dedication to customer success reflects positively on the entire KnowBe4 team! Please extend our sincere thanks and appreciation to Hayden for her outstanding support over the years.”
– N.A., Director, IT Security
Interesting News Items This Week
Cyberheist ‘Fave’ Links