Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Right now, today, thousands of people are being tricked into going to their banks or credit unions to withdraw large sums of cash and will give or send it to a complete stranger, never to see it again. Many of the victims are in the prime of their lives, intelligent, and consider themselves to be of above-average ability in spotting scams and scammers.

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns. The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.

In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents. Multiple industry studies and research reports consistently show that between 70% and 90% of data breaches involve some form of human related cause - whether through social engineering, errors or misuse.

Phishing was the most prevalent and disruptive type of attack experienced by UK organizations over the past twelve months, according to the British government’s Cyber Security Breaches Survey 2025. 85% of businesses and 86% of charities in the UK reported sustaining phishing attacks last year. “The qualitative interviews highlighted that phishing attacks were often cited as time-consuming to address due to their volume and the need for investigation and staff training,” the report says.

America's critical infrastructure faces an unprecedented threat, and it's already installed in hundreds of locations across the nation. Recent investigations confirm that Chinese-manufactured power transformers—essential components of our electrical grid—have been discovered with hidden capabilities allowing remote shutdown from overseas. In summer 2019, federal authorities seized a massive 500,000-pound Chinese transformer at the Port of Houston.

Reliable energy is the backbone of any modern society. It powers our homes, industries, and economies. But what happens when this essential infrastructure becomes a target for cyberattacks? In Europe, the energy sector is facing an escalating threat landscape, with potentially dire consequences.

Cybercriminals are capitalizing on tax season by launching phishing campaigns targeting QuickBooks users, Malwarebytes reports. The attack begins with a malicious Google ad that appears at the top of the page when a user searches for QuickBooks. The website’s domain, “quicckboorks-acccountingcom,” is designed to trick users who don’t closely examine the URL.

Illumio’s recent Global Cost of Ransomware Study found that 64% of Australian companies hit by ransomware had to shut down operations as a result. Additionally, 43% of these organizations reported a significant loss of revenue, and 39% lost customers as a result of an attack. Most respondents indicated that reputational damage has overtaken regulatory fees as the most costly effect of a ransomware attack.

Disclaimer: Don't get me wrong, I love using generative AI daily for research and writing. This is about how other users could be using it when they don't know what they don't know and are accidental in their actions to hurt the organization where they work. Shadow IT has always lived in the background of organizations' environments with unapproved apps, rogue cloud services, and forgotten BYOD systems. Like all technology, the Shadow IT ecology is evolving.

Steam was the most impersonated brand in phishing attacks during the first quarter of 2025, according to a new report from Guardio. The researchers note that the gaming platform’s surge to the top comes as “a bit of a shock.” “Historically, the spot has been dominated by the usual suspects - big tech companies like Meta, Microsoft, or even USPS,” Guardio says. “But this quarter, it’s Steam, and by a significant margin.