In 2024, 99% of email threats to corporations were found to be social engineering or phishing attacks, as per Fortra. Most pre-delivery email defenses struggle to block these high-risk threats. About 49% of these attacks targeted Microsoft 365 credentials. Social engineering attacks accounted for 40% of threats, with cybercriminals using phone numbers and QR codes to lure victims. This trend is set to continue with threats becoming more personalized through stolen data. Platforms like DocuSign were heavily exploited, and this exploitation of legitimate services is likely to persist and grow.
Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is
