Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new report from Valimail has found that 50% of organizations lack effective protection against email spoofing. Specifically, many organizations have lenient DMARC policies that don’t actually prevent spoofing. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps prevent attackers from spoofing organizations that have the protocol in place.

According to our independent survey of individuals across the UK, USA, Netherlands, France, Denmark, Sweden, the DACH region, and Africa who use a laptop as part of their work, 90.1% find simulated phishing tests relevant. What’s more, 90.7% agreed that these simulations improve their awareness of real phishing attacks.

A new report from Sophos found that ransomware attacks accounted for over 90% of incident response cases involving medium-sized businesses in 2024, as well as 70% of cases involving small businesses. “While the overall number of incidents in 2024 was slightly down—in part because of better defenses and the disruption of some major ransomware-as-a-service operators—ransomware-related crime is not fading away,” Sophos says.

Cybercriminals are increasingly using AI tools to assist in malicious activities, according to Microsoft’s latest Cyber Signals report. “AI has started to lower the technical bar for fraud and cybercrime actors looking for their own productivity tools, making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate,” the report says.

Have you ever walked down a street with broken windows, burnt out cars, graffiti and felt a bit uneasy? There's a reason for that, and it's not just about aesthetics. The Broken Windows Theory, introduced by social scientists James Q. Wilson and George L. Kelling in 1982, suggests that visible signs of crime and antisocial behavior encourage further crime and disorder. But what does this have to do with cybersecurity? More than you might think.

The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential. However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulnerabilities, particularly within its supply chain. The Interconnected Web of Energy The energy sector is a complex web of systems, stretching far beyond power plants and wind farms.

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the answer is no. As long as these attack tactics remain effective, cybercriminals will continue to use them, which likely explains the spike in the exploitation of Google Services for phishing attacks observed in the first month of 2025.

Most organizations cite low security awareness among employees as the biggest barrier to defending against cyberattacks, according to a new survey by CyberEdge Group. “This result reinforces the idea that in cybersecurity, as in so many other areas of business and life, people challenges trump technology issues every time,” the researchers write. “Without doubt, although computers speed up every year, people don’t (and some days we suspect they are getting slower).

Right now, today, thousands of people are being tricked into going to their banks or credit unions to withdraw large sums of cash and will give or send it to a complete stranger, never to see it again. Many of the victims are in the prime of their lives, intelligent, and consider themselves to be of above-average ability in spotting scams and scammers.

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns. The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.