Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices. Phishing can result in cybercriminals gaining unauthorized access to organizations’ data, network systems, or applications.
Independent research shows that 91% of organizations have experienced outbound email security incidents in their Microsoft 365 environments. Human error is the primary cause of these incidents, whether that’s adding an incorrect recipient, attaching the wrong file, or forgetting to use the Bcc field.
There’s a beautiful moment happening right now, and by “beautiful” I mean “horrifying in that can’t-look-away-from-the-car-crash sense”.
Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026.
AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI to assist in every stage of the attack, from deploying bots to conduct reconnaissance to using deepfakes to trick humans.
People accidentally send emails to the wrong recipients every day. The impact of these incidents can be relatively minor if there is no sensitive data included in the email body or attachments – it might be inefficient or slightly embarrassing, but it’s not a security incident. However, a security incident can occur if personally identifiable information (PII), privileged or protected information, corporate data, or other sensitive data is included in the email.
Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid password policy recommendations:
Cybercriminals are abusing legitimate invoices and dispute notifications from popular services to send scam emails that bypass security filters, according to researchers at Kaseya’s INKY. The attackers have used this technique to impersonate PayPal, Apple, DocuSign, HelloSign, and others.
