Cybercrime-as-a-Service stories

Police and tech firms have dismantled Tycoon 2FA, a phishing service used to bypass MFA and hijack cloud accounts at industrial scale.

Russian-run Diesel Vortex phishing service raided freight and logistics portals in the US and Europe, stealing over 1,600 login credentials.

LummaStealer roars back after domain takedown, using fake CAPTCHA ClickFix tricks and CastleLoader to spread via routine user actions.

Google flags surging attempts to steal AI models as state-backed hackers weaponise Gemini for phishing, intel gathering and malware support.

Phishing-as-a-Service fuels 389% jump in account breaches as attackers target Microsoft 365 and Business Email Compromise scams.

Phishing-as-a-service kits doubled in 2025, now powering 90% of attacks as cyber gangs race to outsmart multifactor checks and filters.

Criminals are using Kubernetes and cloud-native tools to rapidly scale phishing-as-a-service, targeting Gmail, Facebook and Microsoft O365.

HP reports a surge in convincing fake software updates and staged prompts that trick users into installing stealthy, rapidly evolving malware.

AI-driven fraud, deepfakes and synthetic IDs are redefining 2026 risk, forcing firms to ditch reactive tools for layered, intelligent defence.

Agentic AI networks could let cybercriminals automate attacks at relentless scale, forcing security teams into a new AI-driven arms race.

Industrial ransomware attacks climbed 13% in Q3 2025 to 742 cases worldwide, with manufacturing absorbing nearly three quarters of hits.

Cyber-extortion incidents rose 44.5% to 19,000 victims, with small firms targeted most amid a fragmented, global cybercrime landscape, warns Orange Cyberdefense.

Netcraft reports a surge in AI-driven phishing, quishing, and brand impersonation attacks, pushing firms to boost cyber defences before 2025.

Retailers face a surge in cyber-attacks as weak defences and lapses in multi-factor authentication make them prime targets for criminals seeking valuable data.