KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced that it has been awarded first place in this year’s teissAwards Cybersecurity Company of the Year category for enterprise organisations.
The teissAwards celebrate excellence in cyber and information security, recognising the outstanding contributions of vendors and technologies over the past year.
Winning first place in the Cybersecurity Company of the Year category underscores KnowBe4’s commitment to innovation, product development, and addressing the human element in cybersecurity. It also reflects the organisation’s dedication to improving cyber resilience by placing the customer at the heart of its operations.
Over the past 12 months, KnowBe4 has consistently integrated advanced AI-driven capabilities into its platform, providing organisations with an innovative approach to managing human risk in real-time. This enhancement highlights KnowBe4’s ongoing commitment to adapting its offerings to meet the evolving demands of the security landscape, particularly in addressing vulnerabilities stemming from human error.
“This recognition is a testament to our team’s hard work and dedication to empowering organisations to manage human risk effectively,” said Stu Sjouwerman, CEO of KnowBe4. “Our platform’s success comes from combining innovative technology with effective human risk management, helping organisations build a strong security culture from the ground up. We remain committed to continuous innovation and providing our customers with the tools and knowledge they need to stay ahead of evolving cyber threats.”
For more information on the teissAwards, please visit here. For more information on KnowBe4, please visit here.
The post KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards appeared first on IT Security Guru.
The Hague, the Netherlands, March 13th, 2025, CyberNewsWire
Founded in 2024, Modat – the European-crafted, research-driven, AI-powered cybersecurity company, has announced the launch of its premier product, Modat Magnify.
Designed by and for cybersecurity professionals, the team behind the product aims to speed up the lives of these individuals easier by giving them access to the largest Internet ‘Device DNA’ dataset available. The ‘Device DNA’ catalogues the essential attributes of each internet-connected device to create a unique profile.
FAST. AI-powered for unparalleled speed. Continuously scanning the entire internet and identify adversary infrastructure in real-time.
SMART. Research enhances the development of the platform and offers contextualized data, historical context, and predictive insights.
EASY. User-centric UI designed from firsthand experience as cybersecurity professionals From the initial query to the findings result pages, easy-to-filter, read and use.
“It starts with research to gain insight and build,” says Soufian El Yadmani, CEO & Founder of Modat. “Offensive and defensive professionals shared what solutions they need to be faster and to focus on what they do best. Scanning the internet is just a beginning. Speed, contextual data, and insight is vital to our products and services. Our ‘Device DNA’ gives value in the results to increase proactive efforts and build cyber resilience.”
“Protecting your country takes clear insight into internet connected devices. Modat helps you to protect your country’s infrastructure with this insight,” emphasized Vincent Thiele, COO & Co-Founder of Modat. “We support communities to improve the health of the Internet and deliver products to help make the internet a safer place.”
Recent research covered by 35+ media outlets Global Impact:
Users can learn more:
Pricing & Access:
FREE: covers most basic use cases. Solid start for many security professionals
Practitioner: €20/m
Professional: €60/m
Business: €400/m
Enterprise: tailored solutions for more complex needs of organisations and governments
About Modat
Modat, founded in 2024 is the European-crafted, AI-powered, research-driven cybersecurity company dedicated to helping security professionals outpace adversaries and stay ahead of evolving threats. Their flagship product, Modat Magnify, provides access to the world’s largest Internet “Device DNA” dataset.
Modat was created by researching, listening to, and directly experiencing the needs and challenges of security professionals. Their products enable the security community by giving access to unparalleled speed, contextualized data, and predictive insights.
By design, the Modat Magnify platform helps offensive and defensive professionals by giving them a fast, smart, easy way to stop searching and start finding. Our ‘Device DNA’ catalogues the essential attributes of each internet-connected device to create a unique profile to support proactive cybersecurity.
Modat empowers individuals, companies, and governments to strengthen their security posture and increase cyber resiliency. The team actively joining the fight to get ahead of cyber-attacks by narrowing the growing gap between digital threats and resilience. Join us to outpace and outlast.
Contact:
modat.io
LIn:
Bluesky:
For quotes/to schedule an interview, users can reach:
Soufian El Yadmani – CEO & Founder
Email: [email protected]
LinkedIn:
Vincent Thiele – COO & Co-Founder
Email: [email protected]
LinkedIn:
Contact
Head of Marketing Bessie Schenk Modat [email protected]
OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on systems. Learn how to stay safe.
Cybersecurity researchers at Securonix Threat Labs have spotted a new malware campaign called OBSCURE#BAT. This campaign uses social engineering tactics and fake software downloads to trick users into executing malicious code, enabling attackers to infect systems and avoid detection.
The attack begins with a user executing a malicious batch file, which is often disguised as legitimate security features or malicious software downloads. Once executed, the malware establishes itself by creating scheduled tasks and modifying the Windows Registry to operate even after the system reboots.
The malware then uses a user-mode rootkit to hide its presence on the system, making it difficult for users and security tools to detect. The rootkit can hide files, registry entries, and running processes, allowing the malware to embed further into legitimate system processes and services.
Fake Captchas and Malicious Software Downloads
As seen in recent similar campaigns, hackers have been leveraging typosquatting and social engineering tactics to present fake products as legitimate within their supply chains. This includes:
Masquerading Software: Attackers also disguise their malicious files as trustworthy applications, such as Tor Browser, SIP (VoIP) software or Adobe products, increasing the chances that users will execute them.
Fake Captchas: Users may encounter a fake captcha, especially the Cloudflare captcha feature, that tricks them into executing malicious code. These captchas often originate from typosquatted domains, resembling legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard.
Fake captcha used in the attack (Screenshot Securonix)
Evasion Techniques
The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques. These include:
API Hooking: By using user-mode API hooking, the malware can hide files, registry entries, and running processes. This means that common tools like Windows Task Manager and command-line commands cannot see certain files or processes, particularly those that fit a specific naming scheme (e.g., those starting with “$nya-“).
Registry Manipulation: It registers a fake driver (ACPIx86.sys) in the registry to ensure further persistence. This driver is linked to a Windows service, allowing it to execute malicious code without raising suspicion.
Stealthy Logging: The malware monitors user interactions, such as clipboard activity, and regularly writes this data to encrypted files, further complicating detection and analysis.
Countries Targeted in the OBSCURE#BAT Attack
According to Securonix’s detailed technical report, shared with Hackread.com before its official release on Thursday, the malware appears to be financially motivated or aimed at espionage, targeting users primarily in the following countries:
Canada
Germany
United States
United Kingdom
How to Protect Yourself from the OBSCURE#BAT Attack
While common sense is a must when downloading software or clicking on unknown links, users and organizations should also follow these key security measures to protect their systems from OBSCURE#BAT and similar threats:
Clean downloads: Only download software from legitimate websites, and be wary of fake captchas and other social engineering tactics.
Use endpoint logging: For organizations, deploy endpoint logging tools, such as Sysmon and PowerShell logging, to enhance detection and response capabilities.
Monitor for suspicious activity: Regularly monitor systems for suspicious activity, such as unusual network connections or process behaviour.
Use threat detection tools: Consider using threat detection tools, such as behavioural analysis and machine learning-based systems, to detect and respond to threats like OBSCURE#BAT.
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words.
In 2025, the awards were sponsored by BT, KnowBe4, Mimecast, Varonis, Bridewell, Certes, Pentest Tools and AI Dionic. Community partners included WiCyS UK & Ireland Affiliate, Women in Tech and Cybersecurity Hub (WiTCH), CyBlack and Inclusive InCyber (LT Harper).
What does your job role entail?
As Chief of Staff for Microsoft Red Team, I drive the strategy behind how we innovate and evolve red teaming—transforming it from purely technical operations into a strategic security pillar that directly shapes Microsoft’s overall security direction. My role is to define what modern red teaming looks like—not just for Microsoft, but for the industry—as this space rapidly evolves.
Microsoft is pioneering and reimagining how red teams operate in this new era, ensuring that every finding leads to measurable, lasting fixes. With the rise of AI and the Security Graph, we are shifting from product-based technical assessments to precision-driven security, uncovering micro-level vulnerabilities that could have massive impact. I also lead the vision for extending red teaming beyond human limitations, not only within Microsoft but across our customer ecosystem, helping to shape the future of collective defense. This includes driving strategies to accelerate remediation and push toward a self-healing security model—where threats are dynamically identified, understood, and resolved at scale.
How did you get into the cybersecurity industry?
I never set out to work in cybersecurity—I stumbled into it by accident. But looking back, I realize I’d been preparing for it all along. After leaving my small town in Bulgaria with just $50 and a dream for something bigger, I spent years relentlessly building my tech skills, working nights in restaurants and weekends for free on small tech projects just to prove myself. I was exhausted, broke, and doubted myself constantly. There were so many moments I almost gave up. But I didn’t.
And then, one day, cybersecurity found me. An unexpected opportunity appeared, and even though I felt unqualified and terrified, I took the leap. That leap changed everything.
Cybersecurity became the perfect place for my grit and curiosity to collide—a field where I could protect people, solve complex problems, and make a real impact. Today, I lead strategy for the Microsoft Red Team, helping shape the future of red teaming not just for Microsoft, but for the entire industry.
If my story proves anything, it’s this: you don’t have to see the whole path. You just have to keep going. Keep building. Keep believing. Because sometimes the thing you never planned for becomes the thing you were born to do.
What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
One of the biggest challenges I faced as a woman in cybersecurity was overcoming deep imposter syndrome—believing I didn’t belong in the room. Coming from a small town in Bulgaria with no role models in tech, I carried years of conditioning that told me success in this field wasn’t meant for people like me. Early in my career, I often felt like I had to blend in—dressing, speaking, and acting like the men around me just to be taken seriously.
What helped me overcome it was realizing that my unique story, my perspective, and my authenticity are exactly what make me strong. I found inspiration through the few women ahead of me who owned their space unapologetically, and they helped me see what was possible. Now, I make it my mission to be that example for others—showing women that we don’t have to change who we are to succeed in cybersecurity. We belong here exactly as we are.
What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
I’m deeply committed to helping women and underrepresented groups break into cybersecurity and thrive. Over the years, I have served—and continue to serve—on various leadership boards and advisory groups to help shape the future of the industry and drive meaningful community impact. This includes organizations like OWASP Seattle, the EC-Council Certified Ethical Hacker (CEH) Advisory Board, Women in Cybersecurity (WiCyS), and ISACA Puget Sound.
As Co-Founder of Women in Tech Global and a leader in Microsoft Women in Security, I’ve helped build global communities that give women access to career opportunities, speaking platforms, and technical growth.
I also actively mentor young women, guiding them through career transitions, helping them overcome self-doubt, and supporting them as they step into leadership roles they may not have thought possible.
Beyond mentorship, I’m passionate about modernizing cybersecurity education. Through projects like The Hacking Games, I’m helping inspire the next generation of diverse talent by reimagining how we teach ethical hacking to Gen Z.
For me, this work is personal. I know how hard it is to build a path where none exists. That’s why I’m committed to being the example I wish I’d had—and ensuring no woman feels like she has to do it alone.
Who has inspired you in your life/career?
I’ve been most inspired by the women who dared to take up space in rooms where they were never expected to belong—and did it unapologetically. Seeing strong women lead in cybersecurity with both confidence and authenticity showed me that we don’t have to trade our uniqueness to succeed in this industry. Their example helped me realize that my story, my background, and even my struggles are my power.
But beyond individual people, I’m inspired by the millions of women who haven’t yet been told they belong here. I think of the little girls staring out of windows in small towns, just like I once did, wondering if there’s more to life than what’s been handed to them. They inspire me to keep going, keep building, and keep showing up—because if I can be proof for even one of them that a different future is possible, then every challenge I’ve faced was worth it.
We need more examples to emulate—more women leading, succeeding, and owning their space—so others can see themselves in us. That’s why what we’re doing here is so important. Visibility creates possibility. And together, we’re redefining what’s possible for the next generation.
The post MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team appeared first on IT Security Guru.
Cary, North Carolina, March 13th, 2025, CyberNewsWire
As Artificial Intelligence (AI)-powered cyber threats surge, INE Security, a global leader in cybersecurity training and certification, is launching a new initiative to help organizations rethink cybersecurity training and workforce development. The company warns that AI is reshaping both the threat landscape and the skills required for cybersecurity professionals. While AI offers significant advantages in cyber defense, organizations must ensure their teams are properly trained to leverage it effectively without becoming overly reliant on automation.
“The rise of AI in cybersecurity isn’t just a challenge—it’s an opportunity,” said Dara Warn, CEO of INE Security. “By training cybersecurity professionals properly, AI can be leveraged to filter noise, reduce burnout, and increase efficiency. However, if we don’t train people to understand the ‘why’ behind AI-driven decisions, we risk a future where cybersecurity professionals are blindly following AI without the expertise to think critically beyond it.”
AI as a Force Multiplier: Improving SOC Efficiency and Threat Detection
AI-driven security tools are improving the signal-to-noise ratio, making Security Operations Centers (SOCs) more efficient by reducing false positive alerts—an area cybersecurity tools have been refining for over a decade. AI can prioritize critical threats, allowing analysts to focus on real dangers rather than wasting time investigating false alarms.
“AI is making threat detection smarter, but it’s not foolproof,” said Tracy Wallace, Director of Content at INE Security. “Security professionals need to be trained to work alongside AI, not just follow its outputs. AI is great at reducing alert fatigue, but analysts still need the expertise to investigate, interpret, and respond to threats accurately.”
Generative AI: A Double-Edged Sword for Cybersecurity Talent
One of the most promising yet complex aspects of AI’s rise is its impact on the cybersecurity workforce. On one hand, generative AI will lower the barrier to entry, allowing more professionals to enter the cybersecurity field and reducing the global labor shortage.
However, this shift also presents risks. “The concern isn’t that AI is making cybersecurity easier,” said Wallace. “The concern is that if professionals become too dependent on AI outputs, they won’t develop the critical-thinking skills necessary to work beyond what the AI gives them. Organizations must ensure that cybersecurity training teaches professionals not just how to use AI but how to work independently of it when needed.”
The Data Privacy Dilemma: AI and LLM Security Risks
Another concern in AI-driven cybersecurity is data privacy and security risks with large language models (LLMs). While concerns over data leakage with cloud-based AI models are growing, this isn’t a new challenge—it’s an evolution of longstanding security principles. Organizations must ensure AI-powered security solutions do not require external data sharing.
“As AI becomes more deeply integrated into cybersecurity operations, privacy-first security architectures are crucial,” said Wallace. “Organizations need AI models that can operate securely without exposing sensitive data to external systems.”
The Future of AI Security Training: Agentic Architectures and AI-Driven Automation
Looking ahead, Agentic AI architectures are becoming a hot topic in cybersecurity. While some view it as buzzword hype, there is real potential for AI-driven security agents that autonomously investigate threats, adjust defenses in real-time, and improve security workflows with minimal human intervention.
However, automation must be carefully balanced. “Agentic AI might be the future, but we can’t let it replace hands-on expertise and human decision-making,” said Warn. “Security professionals must be trained to interpret AI-driven insights, make judgment calls, and recognize when AI is wrong.”
Training as the Solution: INE Security’s AI-Powered Cybersecurity Curriculum
To close the cybersecurity skills gap and help professionals work effectively with AI, INE Security is working to expand its AI-driven training programs. These programs will focus on:
AI-Driven Threat Analysis – Training security teams to interpret AI-generated threat intelligence and reduce false positives.
Machine Learning for Cyber Defense – Teaching professionals how AI-powered security models work and how attackers exploit AI vulnerabilities.
Generative AI in Cybersecurity – Helping cybersecurity teams understand the risks and benefits of AI-generated attacks and defenses.
Hands-On AI Security Labs – Simulating real-world AI-powered attacks and training professionals on how to counter them manually and with AI assistance.
“Our end goal is not just to train security professionals how to use AI but to train them how to think critically in an AI-driven world,” said Wallace.
The Call to Action: Prepare for AI-Driven Threats Now
With AI transforming cybersecurity threats at an unprecedented pace, INE Security urges companies to:
Train their cybersecurity teams on AI-driven tools, while ensuring they develop critical problem-solving skills.
Prioritize AI-powered security solutions that enhance, not replace, human expertise.
Implement privacy-first AI models that reduce data exposure risks.
“The AI revolution in cybersecurity is here,” concluded Warn. “Organizations that act now—by investing in security training, developing cybersecurity talent, and understanding how AI truly impacts the field—will be the ones leading the industry forward. The future of cybersecurity belongs to those who train for it.”
About INE Security
INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers, offering both Red Team training and Blue Team training. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.
KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.
Notably, South Africa leads with both the highest confidence levels and the highest scam victimization rate, suggesting that misplaced confidence can create a false sense of security, leaving employees more susceptible to advanced cyber threats. Beyond training, the report highlights the importance of fostering a transparent security culture. While 56% of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate due to fear or uncertainty.
Key findings from the survey included:
● 86% of employees believe they can confidently identify phishing emails.
● 24% have fallen for phishing attacks.
● 12% have been tricked by deepfake scams.
● 68% of South African employees reported falling for scams—the highest victimisation rate.
“Overconfidence fosters a dangerous blind spot—employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies, and even demographic traits,” said Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training. True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset.”
The survey findings emphasize the critical need for personalised, relevant, and adaptive training that caters to employees’ individual needs while considering regional influences and evolving cyber tactics. Organisations that prioritise this approach will not only reduce risk but also cultivate a genuine security-first culture. In the battle against digital deception, the most dangerous mistake employees can make is assuming they are immune.
The survey findings, “Security Approaches Around the Globe: The Confidence Gap,” is available for download here.
The post KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk appeared first on IT Security Guru.
WordPress is a great platform for building websites, but it is also a common target for hackers. Keeping your website safe is important to protect your data, visitors, and business. Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023.
Using security plugins can help reduce risks and keep your site safe from threats and are essential for any wordpress site, and even more so if your site has personal customer data on it. We speak with Sierra Six, a leading SEO agency in Essex to get their recommendations on the best plugins for security and to reduce cyber attacks.
Wordfence Security
Wordfence Security is one of the most popular cybersecurity plugins for WordPress. It provides a firewall that blocks malicious traffic before it reaches your website. It also has a malware scanner that checks your site for viruses and suspicious code. If anything harmful is found, Wordfence will alert you so you can take action. Another useful feature is its login protection, which helps stop hackers from guessing passwords.
Sucuri Security
Sucuri Security is another excellent plugin that protects your site from hackers. It offers a website firewall, which blocks attacks before they can do any harm. The plugin also scans your website for malware and removes it if necessary. If your site ever gets hacked, Sucuri provides help to clean it up. This is useful because recovering from a hack can be difficult without expert support.
iThemes Security
iThemes Security is designed to strengthen your WordPress site against attacks. It protects against brute force attacks, where hackers try thousands of password combinations to break into your site. The plugin also scans for vulnerabilities and fixes weak points in your website’s security. Another feature is two-factor authentication, which adds an extra layer of protection when logging in.
All In One WP Security & Firewall
This plugin is great for beginners who want an easy way to secure their website. It comes with a firewall to block suspicious traffic and a login lockdown feature to stop repeated failed login attempts. The plugin also scans for weak passwords and forces users to create stronger ones. Since weak passwords are responsible for 81% of hacking-related breaches, this is an important feature.
Conclusion
Cyber threats are increasing, and UK businesses must take website security seriously. Using security plugins like Wordfence, Sucuri, iThemes Security, and All In One WP Security can help protect your WordPress site from hackers and malware. Regular updates and strong passwords also play a key role in keeping your site safe. By taking these steps, you can reduce the risk of cyber attacks and keep your website secure.
The post Best WordPress Plugins for Cybersecurity 2025 appeared first on IT Security Guru.
Cybersecurity company Guardz is warning Microsoft 365 users about a new phishing scam backed by social engineering tactics making the rounds. This isn’t an average scam as attackers trick people into calling fake support numbers using Microsoft 365 infrastructure, putting their login details and accounts at risk.
How the Attack Works
Unlike typical phishing attempts using typosquatted domains, fake or misspelled email addresses, this campaign operates from within Microsoft’s cloud services. This makes the phishing attempts look convincing, easily bypassing email authentication checks like SPF, DKIM, and DMARC.
The attack also utilizes legitimate Microsoft domains (onmicrosoft.com)and manipulates tenant settings. The scammers also set up multiple Microsoft 365 organization tenants, either by creating new ones or compromising existing accounts. Each tenant has a specific role within the attack framework, allowing the threat actors to operate with anonymity.
One of these fake organizations is used to trigger actions that look like normal business activity, such as starting a subscription. Another fake organization is given a name that includes a fake warning message and a phone number. For example, the organization’s name might appear as something like, “(Microsoft Corporation) Your subscription has been successfully purchased… If you did not authorize this transaction, please call .”
The Microsoft 365 phishing email used in the scam (Screenshot credit: Guardz)
When the attackers trigger an action, like a subscription change, Microsoft 365 automatically sends out legitimate emails about it. Because of how the attackers set up their fake organizations, these official Microsoft emails can end up including the fake warning message and phone number in the sender’s information or organization details.
So, you might receive an email that looks like it’s really from Microsoft, confirming a purchase you didn’t make. The email itself is real in the sense that it came through Microsoft’s systems.
But the alarming message asking you to call a number to dispute the charge? That’s the scam. If someone calls the number, they’re connected with the attackers, who then try to steal sensitive information like passwords or trick them into installing malicious software.
Why This Scam Is Effective
This approach is effective for several reasons. Since the emails come from Microsoft’s legitimate systems, they often pass standard security checks that look for fake domains or suspicious links. The emails look official, complete with Microsoft branding. And the urgent message about an unauthorized charge can cause people to act quickly without thinking.
According to Guardz’s report shared with Hackread.com ahead of its publishing on Thursday, this attack is tricky to spot because it uses legitimate services for malicious purposes. Traditional email security measures that check sender reputations or look for fake links might miss this.
The Possible Impact
The implications of this phishing campaign could be significant. Businesses and individuals who fall victim can suffer from credential theft, financial loss, account takeovers or installing malware on their systems. The attack’s dependence on voice channels also makes it more challenging to detect and prevent, as fewer security controls exist in direct phone communications.
Protecting Yourself and Your Business
A few key steps can help prevent these scams. Be wary of unexpected emails about purchases or subscriptions, even if they appear to come from Microsoft. Never call phone numbers listed in emails if something feels off, always verify contact details on Microsoft’s official website.
Pay close attention to sender details; while an email might look legitimate, unusual organization names or urgent wording can be red flags. Also, be cautious of messages from unfamiliar “.onmicrosoft.com” domains. Most importantly, train yourself and your employees to recognize phishing tactics, especially those designed to create a sense of urgency around financial threats.
RELATED TOPICS
Fake Facebook Copyright Notices to Hijacking Accounts
Hackers Using Fake YouTube Links to Steal Login Credentials
Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While not fully autonomous, it provides a playground for cybercriminals to refine and exploit its capabilities for malicious purposes.
A new analysis from cybersecurity firm Tenable Research reveals that the open-source AI chatbot DeepSeek R1 can be manipulated to generate malicious software, including keyloggers and ransomware.
Tenable’s research team set out to assess DeepSeek’s ability to create harmful code. They focused on two common types of malware: keyloggers, which secretly record keystrokes, and ransomware, which encrypts files and demands payment for their release.
While the AI chatbot isn’t producing fully functional malware “out of the box,” and requires proper guidance and manual code corrections to produce a fully working keylogger; the research suggests that it could lower the barrier to entry for cybercriminals.
Initially, like other large language models (LLMs), DeepSeek stood up to its built-in ethical guidelines and refused direct requests to write malware. However, the Tenable researchers employed a “jailbreak” technique tricking the AI by framing the request for “educational purposes” to bypass these restrictions.
The researchers leveraged a key part of DeepSeek’s functionality: its “chain-of-thought” (CoT) capability. This feature allows the AI to explain its reasoning process step-by-step, much like someone thinking aloud while solving a problem. By observing DeepSeek’s CoT, researchers gained insights into how the AI approached malware development and even recognised the need for stealth techniques to avoid detection.
DeepSeek Building Keylogger
When tasked with building a keylogger, DeepSeek first outlined a plan and then generated C++ code. This initial code was flawed and contained several errors that the AI itself could not fix. However, with a few manual code adjustments by the researchers, the keylogger became functional, successfully logging keystrokes to a file.
Taking it a step further, the researchers prompted DeepSeek to help enhance the malware by hiding the log file and encrypting its contents, which it managed to provide code for, again requiring minor human correction.
This screenshot displays the keylogger created by DeepSeek running in the Task Manager, alongside the log file it generated. (Credit: Tenable Research)
DeepSeek Building Ransomware
The experiment with ransomware followed a similar pattern. DeepSeek laid out its strategy for creating file-encrypting malware. It produced several code samples designed to perform this function, but none of these initial versions would compile without manual editing.
Nevertheless, after some tweaking by the Tenable team, some of the ransomware samples were made operational. These functional samples included features for finding and encrypting files, a method to ensure the malware runs automatically when the system starts, and even a pop-up message informing the victim about the encryption.
DeepSeek Struggled with Complex Malicious Tasks
While DeepSeek demonstrated an ability to generate the basic building blocks of malware, Tenable’s findings highlight that it’s far from a push-button solution for cybercriminals. Creating effective malware still requires technical knowledge to guide the AI and debug the resulting code. For instance, DeepSeek struggled with more complex tasks like making the malware process invisible to the system’s task manager.
However, despite these limitations, Tenable researchers believe that access to tools like DeepSeek could accelerate malware development activities. The AI can provide a significant head start, offering code snippets and outlining necessary steps, which could be particularly helpful for individuals with limited coding experience looking to engage in cybercrime.
“DeepSeek can create the basic structure for malware,” explains Tenable’s technical report shared with Hackread.com ahead of its publishing on Thursday. “However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features.” The AI struggled with more complex tasks like completely hiding the malware’s presence from system monitoring tools.
Trey Ford, Chief Information Security Officer at Bugcrowd, a San Francisco, Calif.-based leader in crowdsourced cybersecurity commented on the latest development emphasising that AI can aid both good and bad actors, but security efforts should focus on making cyberattacks more costly by hardening endpoints rather than expecting EDR solutions to prevent all threats.
“Criminals are going to be criminals – and they’re going to use every tool and technique available to them. GenAI-assisted development is going to enable a new generation of developers – for altruistic and malicious efforts alike,“ said Trey,
“As a reminder, the EDR market is explicitly endpoint DETECTION and RESPONSE – they’re not intended to disrupt all attacks. Ultimately, we need to do what we can to drive up the cost of these campaigns by making endpoints harder to exploit – pointedly they need to be hardened to CIS 1 or 2 benchmarks,“ he explained.
Check Point® Software has announced the winners of its UK Partner Awards. The annual awards ceremony, which took place at One Moorgate Place on March 6th, 2025, celebrated the input of Check Point’s affiliate companies and the growing partner community across the UK.
The 2025 Check Point UK Partner Awards recognised the continued dedication of trusted UK partners over the past year and their commitment to helping organisations become more secure. A gala dinner was held to celebrate these successes, followed by the awards presentations. Mark Weir, Regional Director UK&I at Check Point Software, and Martin Rutterford, Channel Director for the UK & Ireland at Check Point Software, opened the event by reflecting on the company’s achievements over the past year. Charlotte WIlson, Head of Enterprise Sales at Check Point Software, joined esteemed comedian Tom Allen to present the awards.
Organisations of all sizes have faced unprecedented challenges when it comes to cyber security over the past year. Check Point’s State of Cyber Security 2025 report revealed that there’s been a worrying 44% increase in global cyberattacks year on year, with a 58% surge in infostealer attacks, pointing to a maturing threat ecosystem. This, compounded by the rising threat faced by AI-fuelled attacks, increased targeting of Edge devices, and complexity of ransomware, has presented organisations with a challenging cyber landscape to manage thoroughly, especially alongside maintaining innovation and business growth. Check Point’s partners help organisations manage the rising risks with trust and ease, making the business ecosystem safer for all.
The Check Point UK Partner Awards recognise the exceptional accomplishments of regional industry leaders in tackling the critical cyber security issues their clients face. These awards celebrate the commitment, effort, and triumphs of key figures in the cyber security field who are working relentlessly to safeguard businesses and individuals in the face of rising threats. Channel partners are indispensable as an extension of these organisations, assisting in the development of resilience and the reinforcement of cyber security, all without requiring internal Security Operations Centres (SOCs).
The winners of the 2025 UK Partner Awards were:
Marketplace Partner of the Year: Computacenter
Quantum Partner of the Year: BT
Harmony Partner of the Year: Softcat
Cloud Partner of the Year: Computacenter
Infinity Partner of the Year: Bytes
Distribution Partner of the Year: Westcon
Rising Star Partner of the Year: Systal
New Logo Partner of the Year: Softcat
Project of the Year: World Wide Technology
Technical Champion of the Year: John Tammaro, SEP2
Sales Champion of the Year: Becky Clayton, Westcon
Marketing Champion of the Year: Daniela Miccardi, Bytes
Check Point Champion of the Year: Michael Lenham, Bytes
Global Systems Integrator of the Year: BT
Partner of the Year: BT
“Every day, our partners are on the frontlines, helping businesses stay one step ahead of increasingly sophisticated cyber threats,” said Mark Weir, Regional Director UK&I at Check Point Software. “ In a year where AI-fuelled attacks and targeted ransomware campaigns have surged, their dedication, expertise, and innovation have been crucial in protecting organisations across the UK. These awards are not just about recognising success—they’re about celebrating the relentless commitment of our partners to keeping businesses secure, resilient, and future-ready. We’re incredibly proud to work alongside such a talented and driven network and look forward to another year of growth and shared victories.”
At the ceremony, over £2,000 was raised for LupusUK
The post Check Point Software Celebrates Continued Partner Success at UK Partner Awards appeared first on IT Security Guru.
