Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A strong email security posture is as much about culture as it is about technology. In the 2022-23 financial year, 78% of Australian businesses offered annual cybersecurity training to their entire workforce; however, only 39% of these businesses provided specialized training for privileged users who are authorized to perform security-relevant functions that ordinary users are not.

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA. In an article for TechRadar, Reilly explains that these scams have risen by 400% since 2022, and 50% of freight brokers name it as their top concern. “Here’s how they work: Scammers pose as legitimate freight brokers or create fake transportation companies,” Reilly writes.

Traditional email authentication mechanisms like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are great for getting started. They are like the first step to verifying email senders and combatting tampering. However, they don’t solve the entire problem. Attackers may still manipulate the “From” address, evade SPF checks using intermediary servers, or exploit misconfigured DNS (Domain Name System) records.

Trustwave MailMarshal fortified its position as a leading secure email gateway by being named a Top Player in Radicati’s Secure Email Market Quadrant 2025 report. This is the second consecutive year that Radicati has recognized Trustwave MailMarshal for its ability to protect organizations from email-based attacks.

JUMPSEC have detected and tracked a new phishing attack campaign targeting numerous industrial sector organisations, predominately in engineering, construction, and energy sectors in the UK and US, where threat actors have consistently used a common and identifiable AITM (Adversary in the Middle) phishing kit throughout March 2025. At-risk organisations should take steps to reduce the risk of compromise as the infrastructure detailed below continues to be leveraged by threat actors.

99% of phishing emails that reached inboxes last year did not contain malware, according to a new report from Fortra. Attackers were much more successful using malicious links or purely response-based social engineering. Fortra explains, “Anti-malware scanning, sandboxing, and other pre-delivery security processes are increasingly common and make it more difficult for emails containing malware payloads to reach user inboxes.

Some people might call bossware employee-sponsored spyware. Check out this article to learn more about employee monitoring software. The internet is a great place — until someone tries to steal your login credentials, credit card details, or even your entire identity. Enter phishing: the cybercriminal’s favorite way to trick you into handing over personal information. If you think you’d never fall for a scam, think again.

A KnowBe4 Threat Lab Publication Authors: By James Dyer, Threat Intelligence Lead at KnowBe4 and Lucy Gee, Cybersecurity Threat Researcher at KnowBe4 On March 3, 2025, the KnowBe4 Threat Labs team observed a massive influx of phishing attacks originating from legitimate Microsoft domains. KnowBe4 Defend detected activity starting on February 24th, with a peak on March 3rd, when 7,000 attacks from microsoft-noreply@microsoft.com were recorded within a 30-minute window.