Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo, and Coinbase. “Scammers ramped up brand impersonation attacks throughout Q4 2025, timing their campaigns around when people are busiest online, shopping for deals, renewing subscriptions, or looking for jobs,” Guardio says.

WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations. Father Mike Schmitz, a priest who hosts a podcast with over a million followers, warned his listeners in November that AI-generated deepfakes were using his likeness to fraudulently solicit donations. WIRED found that several of these fake accounts are still active on TikTok, and they appear when a TikTok user searches for Father Schmitz.

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.

Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization. Phishing, Business Email Compromise (BEC) and supply-chain attacks continue to rise, with adversaries leveraging AI and compromised accounts to bypass legacy defenses. This presents many challenges for CISOs, IT Directors and SOC teams alike: it seems pretty clear that threats are evolving faster than traditional email security can keep up.

Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts. The attack begins with an unsolicited message stating, “Hey, I just found your photo!” along with a link to a spoofed Facebook login page. Instead of trying to steal users’ Facebook credentials, however, the attackers are attempting to gain access to victims’ WhatsApp accounts.

In the early hours following reports of a U.S. military operation involving Venezuela, social media feeds were flooded with dramatic images and videos that appeared to show the capture of Venezuelan president Nicolás Maduro. Within minutes, AI-generated photos of Maduro being escorted by U.S. law enforcement, scenes of missiles striking Caracas, and crowds celebrating in the streets racked up millions of views across various social media channels. The problem?

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.” The technique, which the researchers call “ConsentFix,” tricks victims into copying and pasting a localhost URL containing an authorization token, then pasting it into a phishing page.

Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox. “Parking threats are fueled by lookalike domains,” Infoblox explained. “No domain is immune. When one of our researchers tried to report a crime to the FBI’s Internet Crime Complaint Center (IC3), they accidentally visited ic3gov. Their phone was quickly redirected to a false “Drive Subscription Expired” page.

Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, the kit “features a vetting system to qualify targets, after which a live operator takes over to orchestrate a guided compromise.” Additionally, the phishing kit uses mostly legitimate code in order to avoid detection by security scanners.

Eighty-one percent of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise their prices as a result, a report from the Identity Theft Resource Center (ITRC) has found. The report notes that external hackers have overtaken malicious insiders as the most common root cause of these incidents. This trend is partially driven by AI-assisted social engineering attacks, which were cited as a root cause by more than 41% of victims.