Women’s History Month: Encouraging women in cybersecurity at every career stage

Women’s History Month—and International Women’s Day on March 8, 2026—always gives me pause for reflection. It’s a moment to think about how far we’ve come and think about who we choose to uplift as we look ahead. Throughout my career, I’ve been inspired by extraordinary women leaders—trailblazers...

Antivirus Software Outage: Is Your Defense Ready?

Your antivirus software is the trusted gatekeeper of your digital world, silently working in the background to block threats. But what happens when that gatekeeper suddenly walks off the job? A widespread antivirus software outage recently showed us the answer, grinding critical industries to a...

MSc-Cybersecurity-Capstone-Android-Exploitation

MSc Cybersecurity Capstone Project Title: Android Exploit...

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

CVE-2020-36844

KnowBe4 Security Awareness Training is affected by CVE-2020-36844, a reflected XSS in versions before 2020-01-10. The vulnerability arises from a response SCRIPT element that sets window.location.href to a JavaScript URL, enabling an attacker-controlled script reflected in the page. The CVSS base...

PT-2025-17416 · Knowbe4 · Knowbe4 Security Awareness Training

Name of the Vulnerable Software and Affected Versions: KnowBe4 Security Awareness Training versions prior to 2020-01-10 Description: The issue concerns a redirect function in the application that fails to validate the destination URL before redirecting. This allows the response to contain a SCRIP...

KnowBe4 Security Awareness Training 安全漏洞

KnowBe4 Security Awareness Training is a human risk management software from KnowBe4. A security vulnerability exists in KnowBe4 Security Awareness Training versions prior to 2020-01-10, which stems from an unvalidated target URL resulting in an insecure redirection feature...

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

IR Trends: Ransomware on the rise, while technology becomes most targeted sector

Business email compromise BEC and ransomware were the top threats observed by Cisco Talos Incident Response Talos IR in the second quarter of 2024, together accounting for 60 percent of engagements. Although there was a decrease in BEC engagements from last quarter, it was still a major threat fo...

How to Make Your Employees Your First Line of Cyber Defense

There's a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you've got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts...

How to Build and Enable a Cyber Target Operating Model

Cybersecurity is complex and ever-changing. Organisations should be able to evaluate their capabilities and identify areas where improvement is needed. In the webinar “Foundational Components to Enable a Cyber Target Operating Model,” – part two of our Cybersecurity Series – Jason Hart, Chief...

Navigating The Threat Landscape 2021 – From Ransomware to Botnets

Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting...

Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security

Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing...

New Osterman Research Report | Cyber Security in Healthcare

In 2019, roughly 45 million healthcare records were breached in the United States. With ransomware as their go-to technique, cyber attackers are targeting healthcare providers, medical devices, and critical supply chains more than ever before. The latest Osterman Research report, “Cyber Security ...

Business Email Compromise. What to do

The FBI has just released it’s annual Internet Crime Report for 2019, it makes for some really interesting and depressing reading. The mainstream media focused on the headline figure of $3.5Bn in losses in 2019, but what caught my eye is the Business Email Compromise BEC or CEO Fraud stats. I...

Gophish - Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple - just download and extract the zip...

ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks

LAS VEGAS – From insider threats, Internet of Things insecurity, to medical device hacking, ENFUSE 2019 broke down the top privacy and security issues help desks are seeing today. It also tackle what regulatory efforts are being developed to address those threats. Threatpost editor Lindsey...