Tag: Threat Spotlight
Threat Spotlight: How phishing kits evolved in 2025
In 2025, 90 percent of high-volume phishing campaigns leveraged Phishing-as-a-Service (PhaaS) kits. These kits have transformed the phishing landscape, enabling even less-skilled cybercriminals to access advanced tools and automation and launch large-scale, targeted phishing campaigns, often impersonating legitimate services and...
Threat Spotlight: Unpacking a stealthy new phishing kit targeting Microsoft 365
In this edition of the Threat Spotlight we see that Phishing-as-a-Service (PhaaS) platforms dominate the email threat landscape. The most prominent are sophisticated, well-resourced platforms offering tools, infrastructure, and support in return for payment or a share of the profits....
Threat Spotlight: Tycoon phishing kit reveals new techniques to hide malicious links
Phishing emails often feature malicious links (URLs) that lead victims to fake websites where they are infected with harmful software or tricked into giving away personal information such as their account credentials. Uncover how these attacks work in the latest...
Threat Spotlight: How attackers poison AI tools and defenses
Barracuda has reported on how generative artificial intellegence (AI) is being used to create and distribute spam emails and craft highly persuasive phishing attacks. These threats continue to evolve and escalate — but they are not the only ways in...
Threat Spotlight: Half the spam in your inbox is generated by AI
Cyber attackers are leveraging the power of artificial intelligence (AI) to boost their chances of success in email-based attacks. AI tools can help them to develop and launch more attacks, more frequently, and to make these attacks more evasive, convincing,...
Threat Spotlight: The good, the bad, and the ‘gray bots’
This edition of the Threat Spotlight focuses on the ‘gray bots’. Bots are automated software programs designed to carry out online activities at scale. There are good bots — such as search engine crawler bots, SEO bots, and customer service...
Threat Spotlight: A million PhaaS attacks in two months
The first few months of 2025 saw a massive spike in phishing-as-a-service (PhaaS) attacks targeting organizations around the world, with more than a million attacks detected by Barracuda systems in January and February. The attacks were powered by several leading...
Threat Spotlight: Tycoon 2FA phishing kit updated to evade inspection
This Threat Spotlight sheds light on the Tycoon multi-factor authentication phishing kit and the tactics it uses to evade protection solutions. Phishing-as-a-Service (PhaaS) provides attackers with advanced toolsets and templates that enable them to quickly deploy phishing campaigns. The rapid...
Threat Spotlight: Phishing techniques to look out for in 2025
Over the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls and make malicious emails look more convincing, legitimate, and personal. In this blog post, we look at how these and...
Threat Spotlight: Bad bots are evolving to become more ‘human’
The bot landscape is changing. Malicious — or bad bots — are evolving to become more advanced and human-like in their behavior, while an emerging category of AI bots, which we might think of as “grey bots,” is blurring the...
