Half of businesses have reported a growth in deepfake and AI-generated fraud, alongside rising biometric spoofs and counterfeit ID fraud attempts, according to the 2025 State of Identity Fraud Report, released today by AuthenticID.

The report analyzes internal proprietary data anonymized from AuthenticID's identity verification and fraud detection technology. When paired with insights from annual fraud surveys of both fraud and technology professionals as well as consumers in North America, the report offers a comprehensive view of the fraud landscape.

Continue reading →

New research from the eSentire Threat Response Unit (TRU) shows a shift towards browser-based threats last year as more traditional email malware declines.

Moving onto 2025 the report predicts an increase in politically motivated cyberattacks, with adversaries disrupting the physical infrastructure of the Internet to disrupt internet access. It also expects we’ll see continued growth in ransomware attacks against all industries, abuse of certificate authority, and further increase in browser-based threats to deploy malware.

Continue reading →

Research by Fortinet has uncovered what it terms a 'phish-free' PayPal phishing attack that seeks to trick the unwary into giving up control of their account.

It starts with an email request for payment that appears to come from a valid email address. Click the link and you're taken to a PayPal login page showing a request for payment. This is where it gets clever because if you do login your account gets linked to the address the email was sent to -- not the one you received it on.

Continue reading →

With a constant power struggle between attackers and defenders cybersecurity is a fast-moving area. That makes it notoriously hard to predict what might happen, but that doesn't stop us trying. Here are what some industry experts think the cybersecurity world has in store for 2025.

Sasha Gohman, VP, research at Cymulate, thinks ransomware will become obsolete. "Ransomware may become obsolete due to the fact that decrypting your important files may become a feasible task with quantum computing. On the other hand, ransomware operators may then choose to encrypt your important files with quantum-resilient encryption."

Continue reading →

A new report from phishing defense company Cofense highlights increasingly sophisticated phishing attacks that are exploiting trusted email security companies such as Proofpoint, Mimecast and Virtru to trick users into disclosing sensitive credentials.

The attacks make use of fake email attachments, phishing links and credential-harvesting tactics to compromise sensitive data. By mimicking well-known brands, threat actors boost the likelihood that the recipients will trust the emails and engage with harmful content, leading to them exposing critical information.

Continue reading →

Phishing remains one of the most significant cyber threats impacting organizations worldwide and a new report shows credential theft attacks surged dramatically in the second half of 2024, rising by 703 percent.

The report from SlashNext shows that overall, email-based threats rose by 202 percent over the same period, with individual users receiving at least one advanced phishing link per week capable of bypassing traditional network security controls.

Continue reading →

Despite the rise of other means of communication email remains the most commonly used. This makes it attractive to cybercriminals as it offers an entry point to businesses and the gateway that employees rely on to do their jobs.

A new report from Abnormal Security highlights the attacks that we’re likely to see in the next year and shows the need for improved defenses, including the use of AI.

Continue reading →

New research reveals the top five industries most frequently targeted by specifically tailored phishing attacks using either the recipient's name, email address, phone number, or company name.

The study from Cofense using data drawn from the Cofense Intelligence product between Q3 2023 to Q3 2024 shows, unsurprisingly, that finance tops the list, accounting for 15.5 percent of all credential phishing emails where the product redacted information from the subject in order to safeguard the recipient.

Continue reading →

Thanks to the proliferation of smartphones, QR code usage globally has surged by 57 percent, and by 2025, it is forecast to increase by another 22 percent. And up to eight new QR codes are generated per minute globally.

It is no surprise then why QR codes are everywhere -- on billboards, shopping malls, event brochures, restaurant menus, charity websites, parking spaces, you name it! Of course, the genius of QR codes is their ease of use and convenience. For users, one scan and the job is done, be that registering for an event or purchasing an item.  

Continue reading →

A new report reveals that HR and IT-related phishing emails claim a significant 48.6 percent share of top-clicked phishing types globally.

The research from KnowBe4 also shows that among large companies -- 1,000+ employees -- the most targeted industries are healthcare and pharmaceuticals with a Phish-Prone Percentage (PPP) of 51.4 percent, insurance on 48.8 percent and energy and utilities on 47.8 percent.

Continue reading →

Phishing is on the rise. Egress' latest Phishing Threat Trends Report shows a 28 percent surge in attacks in the second quarter of 2024 alone. But what’s behind the increase? There are a few factors in play. Like any other form of threat, phishing is becoming more sophisticated with hackers now having access to a variety of new AI-powered tools to generate email messages, payloads, and even deepfakes.

Further, these technologies and the cyberattacks they can create are now easier to access than ever. Especially as more hackers tap into the professional services on offer from a mature and diverse Crime as a Service (CaaS) ecosystem of providers selling everything from the mechanisms to create attacks to pre-packaged phishing toolkits that promise to evade native defenses and secure email gateways (SEGs).

Continue reading →

New data from Abnormal Security shows that between September 2023 and September 2024, phishing, business email compromise, and vendor email compromise attacks on manufacturers increased significantly.

The number of monthly attacks phishing attacks has grown nearly 83 percent between September 2023 and September 2024. Business email compromise attacks are up 56 percent too.

Continue reading →

Cyberattackers are targeting holidays and weekends to cause maximum disruption, yet many businesses remain underprepared outside of standard working hours.

A new report from Semperis, based on a survey of almost 1,000 cybersecurity professionals, shows that 86 percent of surveyed organizations in the US, UK, France and Germany that were attacked were targeted during a holiday or weekend.

Continue reading →

New data from Cofense shows one malicious email bypassing customers' Secure Email Gateways (SEGs) every 45 seconds -- up from every 57 seconds in 2023.

The report also highlights the rapid rise in Remote Access Trojans (RATs) and the evolution of credential phishing techniques that exploit trusted platforms. Remcos RAT emerged as the predominant malware, using methods to bypass SEGs with ease.

Continue reading →

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing, and tactics are becoming increasingly advanced due to AI.

New research from BforeAI analyzed 62,074 domains registered between January and June 2024 with finance-related keywords. Of those registered domains, 62 percent were found to be involved in phishing attacks targeting legitimate entities via spoofing websites.

Continue reading →