A friend posted this on Facebook and it came up on my feed.
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke
By the end of 2026, over 90% of all credential compromise attacks are estimated to be enabled by modular Phishing-as-a-Service (PhaaS) kits like the sophisticated, global threat, Kratos.
Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential components of their operations. The threat actors are using tools to conduct research and reconnaissance, target victims, and rapidly create phishing lures.
Google Threat Intelligence Group recently released its latest report, “GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Us,” on how malicious adversaries are using AI to commit cybercrimes.
Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope.
Social engineering remains the most reliable way into an organization—and attackers are getting better at it every day.
Cybercriminals continually evolve their techniques, leading to more successful phishing attacks. Using techniques such as text-based attacks that utilize social engineering and highly targeted spear phishing, bad actors are able to bypass traditional email security and land in their target’s inbox.
