Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats. Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.

A new report from Valimail has found that 50% of organizations lack effective protection against email spoofing. Specifically, many organizations have lenient DMARC policies that don’t actually prevent spoofing. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps prevent attackers from spoofing organizations that have the protocol in place.

While it’s well-known that email represents a significant source of cybersecurity threats, it’s not just the text included in emails that’s worrisome; images can be malicious as well. What’s more, images in emails may also present a threat of a different kind, including data leaks and content that’s not suitable for the workplace.

According to our independent survey of individuals across the UK, USA, Netherlands, France, Denmark, Sweden, the DACH region, and Africa who use a laptop as part of their work, 90.1% find simulated phishing tests relevant. What’s more, 90.7% agreed that these simulations improve their awareness of real phishing attacks.

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the answer is no. As long as these attack tactics remain effective, cybercriminals will continue to use them, which likely explains the spike in the exploitation of Google Services for phishing attacks observed in the first month of 2025.

If you’ve ever wondered how companies can protect their emails from being hijacked or used for malicious purposes, the answer you’re looking for is DMARC (Domain-based Message Authentication, Reporting, and Conformance). A DMARC record is an auxiliary security configuration that can be a difference-maker in the battle between legitimate senders and threat actors. It serves as a reliable mechanism to deal with rogue emails and stave off spoofing and other email-based threats.

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns. The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.