This video is a decorative animation with no sound.
This chart is based on data from Barracuda AI.
Barracuda Research delivers actionable insights from trillions of IT events, AI-powered threat detection and real-world security incidents. Our advanced threat intelligence empowers IT security professionals with the knowledge to identify emerging threats, recognize the warning signs and implement effective protection strategies for their businesses.
AI‑driven social engineering and phishing‑as‑a‑service are accelerating the volume and effectiveness of email attacks, with threat actors shifting to stealth tactics like URL‑based payloads, QR codes and account takeover.
See the details and the action to take to protect against evolving tactics:
Device code phishing attacks seek ongoing authorised access to Microsoft 365 and Entra ID by exploiting trusted processes.
Learn how these attacks work, why they’re increasing, and ways to protect yourself:
The disruption of Tycoon 2FA sped up changes in phishing methods—tools were redistributed, code was adapted, and techniques became more advanced.
See further details on the evolving landscape and how to stay safe:
New attacks by the rare, small-scale and highly evasive phishing kit Saiga 2FA reveal how attacks can be customised on-the-fly.
See a step-by-step analysis and details on how to stay safe:
Between January and March 2026, Barracuda Managed XDR recorded a sharp rise in brute-force attacks targeting SonicWall and FortiGate devices, with around 88% originating from the Middle East.
See how attackers are testing perimeter devices and how to protect yourself:
Barracuda Research reports an increase in ClickFix-style attacks, where users are tricked into clicking links or entering text to "fix" fake issues—resulting in malware installation.
Learn how these attacks work and how to protect yourself:
Attackers are targeting businesses at scale by exploiting common vulnerabilities and everyday security blind spots.
See the details and the action to take to protect against the attacks:
The Mythos Claude AI model has intensified discussions about AI increasing attacker capabilities. It's a good time to review and enhance key security controls—see the blog for details.
In 2025 botnets expanded from denial-of-service attacks to become shared criminal infrastructure for fraud, malware delivery, and more, focusing on speed and automation. See how the botnet risk is changing and what that means for security teams.
Recent vulnerabilities uncovered in the open-source agentic AI framework, OpenClaw, reveal how poorly secured AI agents can be hijacked by attackers. See how attackers are targeting OpenClaw and how to stay safe.
The Office of the CTO comprises Barracuda’s leading threat researchers and technical experts who can provide authoritative insight on a wide variety of cybersecurity topics.
These include:
Connect with Barracuda’s Office of the CTO
“Email is no longer just a communication channel — it’s the front line of identity, trust and business continuity. As attackers industrialize phishing with AI and phishing‑as‑a‑service, the future of defense must evolve just as quickly.”
Merium Khalid
Director of SOC Offensive Security, Office of the CTO, Barracuda
Barracuda provides a wide range of cyberthreat and cybersecurity insights, tools and support to help organizations and security researchers better understand the rapidly evolving threat landscape and how to manage risk.
Company Information
Our Websites