Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

By the time a phishing email lands in an inbox, the attacker’s infrastructure has already been live for hours. That’s not a hypothetical. Zimperium’s 2024 research found that 60% of newly created phishing domains receive a TLS certificate within the first two hours of registration. The site is credentialed, hosted, and ready before most security teams have any signal it exists.

VibeScamming refers to AI-assisted phishing operations where attackers use natural-language tools to rapidly generate and modify phishing content and web pages, lowering (but not eliminating) the technical skill required. One of the primary enterprise impacts is faster phishing iteration and reconstitution after blocks or takedowns, with identity compromise remaining a major risk alongside malware and other payload-based attacks.

A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says.

Generative AI and sophisticated social engineering have reshaped the cybersecurity landscape in 2026. Traditional "castle-and-moat" defenses centered on the Secure Email Gateway (SEG) are increasingly pressured by machine-scale attacks designed to bypass static filters. As organizations shift toward Integrated Cloud Email Security (ICES) models, a new technical and psychological barrier appears: the "black box" problem of defensive AI.

A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET. “The ongoing campaign uses convincing phishing lures related to tax compliance violations, salary adjustments, job position changes, and employee stock ownership plans,” ESET says. “All emails share the same goal – trick the recipients into opening malicious links or attachments.

Threat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures,” the researchers write.

AI is making phishing attacks easier to create and scale. Tasks that once required manual effort can now be automated, allowing attackers to generate realistic messages, launch campaigns, and adapt tactics quickly to evade security controls. In fact, KnowBe4’s 2025 Phishing Threat Trends Report found that more than 73% of phishing emails analyzed in 2024 showed signs of AI involvement. As a result, phishing threats are becoming harder to detect using traditional methods alone.

On April 6, 2026, Microsoft Defender Security Research published an advisory detailing a large-scale phishing campaign that leverages the OAuth Device Code Authentication flow to compromise Microsoft 365 accounts across organizations globally. This campaign represents a significant evolution from manual social engineering to fully automated, AI-driven attack infrastructure.

When it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging. Misdirected emails like these remain one of the most common and costly forms of accidental data exposure.