Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Gmail has always been a common target for cybercriminals, and with the arrival of advanced AI tools, the threat level has increased significantly. Now, attackers no longer rely on generic phishing emails or scam methods. They are using AI to create convincing messages and imitate real support agents to make attacks look more genuine. This change in attack patterns has made Gmail users more vulnerable because they can’t differentiate between real and fake messages.

Phishing continues to be the most common way attackers gain initial access. If you want to prevent phishing in your organisation, it starts with understanding how these campaigns suceed and why they continue to bypass traditional controls. Drawing on insights from our recent webinar Red Team Insights: What We’ve Learned from Breaching the Best, this article explores the tactics attackers rely on and the steps security teams can take to strengthen their defences.

A new phishing kit is impersonating the Italian IT and web services provider Aruba, according to researchers at Group-IB. The kit is designed to trick users into entering their Aruba credentials, granting attackers access to sensitive accounts. “Such a target offers significant payoff: compromising a single account can expose critical business assets, from hosted websites to domain controls and email environments,” Group-IB says.

BlueVoyant’s Threat Fusion Cell and SOC have been tracking a significant and persistent social engineering campaign that cleverly exploits trusted communication channels to gain initial access to target networks. Since at least mid-October 2025, BlueVoyant has observed a consistent playbook where threat actors employ inbox sabotage as a pretext for highly convincing IT support impersonation over Microsoft Teams.

Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is known for its ability to bypass multi-factor authentication measures.

KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game for cybercriminals—turning what used to be complex, technical phishing setups into simple one-click launches that can bypass certain technical controls. Welcome to the era of “Quantum Route Redirect.".

A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center. The emails use soft hyphens to break up the subject line “Your Password is About to Expire” so the messages aren’t flagged as malicious. The email client doesn’t render the hyphens, however, so the user sees a normal sentence.