Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the answer is no. As long as these attack tactics remain effective, cybercriminals will continue to use them, which likely explains the spike in the exploitation of Google Services for phishing attacks observed in the first month of 2025.

If you’ve ever wondered how companies can protect their emails from being hijacked or used for malicious purposes, the answer you’re looking for is DMARC (Domain-based Message Authentication, Reporting, and Conformance). A DMARC record is an auxiliary security configuration that can be a difference-maker in the battle between legitimate senders and threat actors. It serves as a reliable mechanism to deal with rogue emails and stave off spoofing and other email-based threats.

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns. The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.

Cybercriminals are capitalizing on tax season by launching phishing campaigns targeting QuickBooks users, Malwarebytes reports. The attack begins with a malicious Google ad that appears at the top of the page when a user searches for QuickBooks. The website’s domain, “quicckboorks-acccountingcom,” is designed to trick users who don’t closely examine the URL.

Arctic Wolf has observed an uptick in activity from the Silent Ransom Group, a cybercriminal group first identified in 2020 and notorious for its targeted cyber extortion campaigns driven by financial gain. This week, the group has been targeting the legal industry using “call-back” phishing tactics. The group sends emails impersonating services such as Duolingo or Masterclass, claiming a pending charge and urging recipients to call a phone number to resolve the issue.

Ever thought an image file could be part of a cyber threat? The Trustwave SpiderLabs Email Security team has identified a major spike in SVG image-based attacks, where harmless-looking graphics are being used to hide dangerous links. This blog post analyzes the various techniques cybercriminals are using to cleverly weaponize these image files in phishing attacks and what your organization can do to prevent these pixel-perfect tricks.

A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at Prodaft. The platform is operated by Chinese cybercriminals who offer access to the service under a subscription model. A Lucid subscription allows crooks to easily craft sophisticated, targeted phishing campaigns.