Business Email Compromise stories

Barracuda links surge in device code phishing attacks to EvilTokens kit as criminals exploit Microsoft 365 logins and bypass multifactor checks.

VIPRE says cyber criminals are increasingly abusing trusted services like Cloudflare, Microsoft and TestFlight to dodge email security filters.

Proofpoint warns that 36% of FIFA World Cup 2026 commercial partners still lack the strongest DMARC settings, leaving fans exposed to spoofed emails.

Ecommpay urges eCommerce overhaul as fraud report says current controls miss social engineering, distort competition and leave merchants exposed.

ReliaQuest says suspected former Black Basta operators are bombarding staff with emails and posing as IT support in Microsoft Teams to reach senior executives.

Bitdefender adds integrated email defence to GravityZone, giving MSPs and businesses post-delivery protection against phishing, ransomware and BEC.

Proofpoint says mailbox rule abuse is becoming a routine Microsoft 365 takeover tactic, helping attackers hide alerts, hijack threads and drive fraud.

Trustifi rolls out AI-powered training videos for managed service providers, turning real phishing emails into branded simulations inside one dashboard.

Most companies lack confidence in cyber defences as a Sygnia survey finds major gaps in visibility, coordination and board-level readiness.

Doppel secures three ISO certifications for AI governance, security and privacy, as enterprise buyers demand stronger assurance against AI-driven cyber threats.

iProov warns iOS injection attacks surged 1,151% in late 2025 as generative AI fuels deepfake impersonation and identity fraud.

Microsoft warns that 10 to 15 EvilToken phishing runs are launched daily, compromising hundreds of organisations through OAuth token abuse.

Orange Business to weave Reality Defender's deepfake checks into enterprise communications for 7,000 customers amid rising fraud fears.

Barracuda adds Google Workspace email protection, SecureEdge Access and AI security to BarracudaONE while unifying its global partner programme.

Proofpoint unveils unified platform to secure email and govern AI data access, extending visibility across cloud and on-premises environments.

HPE Threat Labs warns cybercrime now runs like big business, as AI-fuelled, industrial-scale attacks hammer government and finance.

Kroll warns boards are overestimating cyber resilience as attacks cost firms an average USD $2.2 million a year and response plans lag reality.

Netcraft unveils Preemptive Domain Disruption to knock out attacker domains in their dormant phase before phishing and BEC scams launch.

Abnormal AI launches Attune 1.0, a behavioural model that spots AI-crafted cyberattacks by learning normal workplace communication patterns.

VIPRE links its Integrated Email Security with Microsoft Defender, unifying phishing and BEC detections in a single Defender console view.