Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The cybersecurity threat landscape is constantly evolving, and Trustwave SpiderLabs has noted one of the fastest-growing threats is Phishing-as-a-Service (PhaaS). PhaaS platforms have become the go-to tool for cybercriminals to launch sophisticated phishing campaigns targeting the general public and businesses. Much like legitimate software-as-a-service platforms, PhaaS offers cybercriminals subscription-based access to powerful phishing tools—without requiring advanced technical skills.

From January to April 2025, Netskope Threat Labs tracked a three-fold increase in traffic to phishing pages created on the Glitch platform. These phishing campaigns have affected more than 830 organizations and over 3,000 users since January 2025, primarily targeting Navy Federal Credit Union members and seeking sensitive information.

Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing. IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link. “The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year,” IBM explains.

If they weren't so harmful to both businesses and consumers, the sophistication of modern phishing would be quite impressive. Today's most invasive cybercriminals have moved beyond the old strategies of generic mass-email scams. They're now leveraging advanced technologies like Artificial Intelligence (AI,) deepfake media, and real-time behavioral analytics to craft highly personalized and nearly undetectable attacks.

Today, we are excited to announce that Forrester has recognized Cloudflare Email Security as a Strong Performer and among the top three providers in the ‘current offering’ category in “The Forrester Wave: Email, Messaging, And Collaboration Security Solutions, Q2 2025” report. Get a complimentary copy of the report here. According to Forrester.

Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a large-scale phishing campaign distributed via email, attributed to "Storm-1575". Storm-1575 is known for developing and distributing a PhaaS platform with adversary-in-the-middle (AiTM) capabilities, known as "Dadsec". The team’s recent investigations have revealed that the infrastructure used by Dadsec is also connected to a new campaign leveraging the "Tycoon2FA" Phishing-as-a-Service (PhaaS) platform.

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US. The campaign has targeted students from the United Arab Emirates (UAE), Saudi Arabia, Qatar, and Jordan. The scammers impersonate government officials and claim there is an issue with the student’s visa.

Marbled Dust exploits a zero-day vulnerability in Output Messenger, a sophisticated phishing campaign uses Horabot malware, and TA406 shifts its targeting behavior.