Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Global phishing and identity-compromise trend across Darktrace customers in 2025

Target Trend
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Darktrace telemetry showed a sharp rise in identity-driven phishing across its global customer base in 2025, with more than 32 million high-confidence phishing emails detected. The scale matters because attackers increasingly used stolen credentials, hijacked tokens, and trusted-looking delivery methods to bypass conventional defenses.

Related Happenings

CypherLoc phishing-led browser scareware campaign

Campaign
First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Open Happening

QR code phishing surged across email threats in Q1 2026

Target Trend
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Open Happening

UNC6692 email bombing and Microsoft Teams impersonation campaign

Campaign
First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Phishing-resistant authentication to block post-breach credential abuse and relay attacks

Defensive Guidance
First: 09.04.2026 17:02 Last: 09.04.2026 17:02 Sources 1

About this happening: **Phishing-resistant authentication** is being emphasized as the control that can stop post-breach account takeover when exposed email records fuel **credential stuffing**, **AiTM...

Open Happening

Timeline

  1. 26.02.2026 17:00 2 articles · 3mo ago

    Darktrace publishes 2025 phishing and identity-compromise telemetry

    Technical Analysis Update

    Darktrace published 2025 telemetry showing more than 32 million high-confidence phishing emails across its global customer base, with over 8.2 million targeting VIPs and identity compromise overtaking vulnerability exploitation as the dominant entry vector. The findings also highlighted 1.6 million phishing emails from newly created domains, 1.2 million messages using malicious QR codes, and regional pressure across the Americas, Latin America, Europe, Africa, and Asia-Pacific and Japan.

    Show sources
    Open in new tab