Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing was the initial access vector for 60% of cyberattacks across Europe between July 2024 and June 2025, according to the European Union Agency for Cybersecurity (ENISA). “With regards to the primary method for initial intrusion, phishing (including vishing, malspam and malvertising) is identified as the leading vector, accounting for about 60% of observed cases,” the agency says.

Phishing remains one of the most persistent cyber threats in the digital age. These attacks trick individuals into revealing sensitive information—like passwords, account numbers, or personal details—through emails, texts, or calls that appear to be legitimate.‍ Despite major advances in cybersecurity, attackers continue to refine their tactics.

Phishing campaigns are often misunderstood. They are not about catching employees doing something wrong. Instead, they are a safe environment to practice the right behaviors.

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems. “In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write.

In October 2025, researchers uncovered a phishing operation that weaponizes the npm ecosystem, but this time not to infect developers at install time, but rather to host and deliver phishing scripts via the trusted unpkg.com CDN.

Microsoft warns that a recent phishing campaign used AI technology to obfuscate its payload and evade security filters. “Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure to disguise its malicious intent,” the researchers write.

A new report has found that nearly 40% of security leaders believe their organizations are least prepared for phishing and other social engineering attacks, Help Net Security reports. According to the report from VikingCloud, these concerns are driven by the increasing use of AI tools to assist in cyberattacks. “Generative or agentic AI-driven phishing attacks (51%) are leadership teams’ top concern when it comes to new cyberattack techniques,” the report says.

This week, Tanium’s Cyber Threat Intelligence (CTI) team investigates SystemBC, a large-scale proxy botnet that’s leveraging compromised virtual private server (VPS) infrastructure to support cybercriminal operations, including ransomware and credential theft. Next, the team looks at ShinyHunters—a financially motivated data extortion group that’s now targeting enterprise cloud applications.

The Quadient DS-700iQ is a high-volume folder-inserter machine designed for automating the process of assembling, folding, and inserting mail into envelopes for large mailing operations. It features a modular design that can handle complex mailing jobs, supports multiple feeders and enclosures, and offers integration with barcode/OMR/2D scanning for document integrity and sorting.

Law firms really are under constant pressure to meet tight deadlines, maintain client confidentiality and protect privileged communications. And like most aspects of life with technology so deeply intertwined, the same tools that make work possible can also be significant sources of risk. Consider something as basic as email; likely the most commonly used tool in the profession.