Cybercrime-as-a-Service stories

iProov warns iOS injection attacks surged 1,151% in late 2025 as generative AI fuels deepfake impersonation and identity fraud.

HPE Threat Labs warns cybercrime now runs like big business, as AI-fuelled, industrial-scale attacks hammer government and finance.

Google's latest Mandiant report warns cyberattacks are faster and stealthier as AI-powered tools narrow defenders' response times to seconds.

Police and tech firms have dismantled Tycoon 2FA, a phishing service used to bypass MFA and hijack cloud accounts at industrial scale.

Russian-run Diesel Vortex phishing service raided freight and logistics portals in the US and Europe, stealing over 1,600 login credentials.

Ransomware hits record 7,458 named victims in 2025 as 124 gangs crowd dark web leak sites and new “supergroup” alliances emerge.

LummaStealer roars back after domain takedown, using fake CAPTCHA ClickFix tricks and CastleLoader to spread via routine user actions.

Google flags surging attempts to steal AI models as state-backed hackers weaponise Gemini for phishing, intel gathering and malware support.

Phishing-as-a-Service fuels 389% jump in account breaches as attackers target Microsoft 365 and Business Email Compromise scams.

Phishing-as-a-service kits doubled in 2025, now powering 90% of attacks as cyber gangs race to outsmart multifactor checks and filters.

Criminals are using Kubernetes and cloud-native tools to rapidly scale phishing-as-a-service, targeting Gmail, Facebook and Microsoft O365.

HP reports a surge in convincing fake software updates and staged prompts that trick users into installing stealthy, rapidly evolving malware.

AI-driven fraud, deepfakes and synthetic IDs are redefining 2026 risk, forcing firms to ditch reactive tools for layered, intelligent defence.

Agentic AI networks could let cybercriminals automate attacks at relentless scale, forcing security teams into a new AI-driven arms race.

Industrial ransomware attacks climbed 13% in Q3 2025 to 742 cases worldwide, with manufacturing absorbing nearly three quarters of hits.

Cyber-extortion incidents rose 44.5% to 19,000 victims, with small firms targeted most amid a fragmented, global cybercrime landscape, warns Orange Cyberdefense.

Netcraft reports a surge in AI-driven phishing, quishing, and brand impersonation attacks, pushing firms to boost cyber defences before 2025.

Retailers face a surge in cyber-attacks as weak defences and lapses in multi-factor authentication make them prime targets for criminals seeking valuable data.

As cybercriminals gear up for 2025, expect bolder attacks and a shift towards more specialised, sophisticated threat tactics according to new predictions.

Darktrace reveals 56% of phishing emails bypass security checks. The latest report underscores the persistence of cyber threats and the increasing need for adaptive defences.