Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing remains the number one method attackers use to gain initial access to organizations. That makes your workforce the front line of defense and your ability to identify, neutralize, and respond to phishing attempts is more critical than ever. Trustwave’s Managed Phishing for Microsoft is a service designed specifically for organizations leveraging Microsoft Office 365 and Defender for Office (E5 or equivalent).

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time. "In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain.

In the current digital landscape, email security has become ever more important as cybercriminals frequently exploit vulnerabilities in email architectures to launch phishing attacks, steal sensitive information, and spoof legitimate domains. Since 2012, DMARC has become a cornerstone of modern email security, reducing the cyberattacks that occur via phishing and spoofing attacks in the process.

Reverse proxy phishing has quietly become one of the most effective –and hardest to detect– phishing tactics of the modern era. It’s fast, industrialized, and invisible to most security stacks. Instead of tricking users into handing over static credentials, these attacks use real-time relays to bypass MFA and hijack sessions as they happen.

Lead Researchers: James Dyer and Louis Tiley Between May 5 and May 7, 2025, KnowBe4 Threat Lab identified a phishing campaign originating from accounts created on the legitimate service ‘EUSurvey’. Although this was a focused campaign, on a smaller-scale to others identified by the team, it employed a combination of sophisticated techniques worth highlighting.

Phishing remains one of the biggest cyber threats in circulation today. Billions of emails are sent every single day and together they claim thousands of victims, whether businesses or private individuals. Yet if the phishing attack is so well known, why do most people still fall for the trick? CSO Online reports that 80% of all security incidents are attributed to phishing.

Email remains the primary communication tool for businesses of all sizes. Unfortunately, threat actors are experts at evading secure email gateways, making email the most exploited entry point for cybercriminals. Recent history is littered with examples of devastating attacks that started with a seemingly innocuous email.

In today's rapidly evolving threat landscape, cybercriminals are becoming increasingly sophisticated in their attack methodologies, particularly when it comes to email-based threats. Organizations worldwide are recognizing that a single-vendor approach to security, while valuable, may not provide the comprehensive protection needed to defend against the full spectrum of modern cyber threats.