Back to homepage

Download The Full Threat Intelligence Report

See what’s actually landing in inboxes with a data-backed threat intelligence report that maps the evolving phishing threat landscape and provides clear actions for your security team. This report’s data set is based on millions of user-reported emails that bypassed filters in 2025.

AI-generated voice and video deepfakes dominated headlines and discussions in the cyber community in 2025, but these attacks accounted for a fraction of the threats that bypassed filters and actually reached employees. The vast majority of attacks leveraged more traditional impersonation and deception techniques that have been updated to trick filters and slide into new communication environments, including social media.

3 Key Developments

  • First, attackers are using AI to improve classic phishing techniques with cleaner language, more convincing formatting and more believable workflow mimicry.
  • Second, adversary-in-the-middle (AitM) phishing kits have become easier to deploy and are becoming more widely adopted. These toolkits intercept logins in real time, forward the authentication to the legitimate service, and capture session tokens in addition to passwords. AitM attacks can circumvent MFA.
  • Third, social engineering is increasingly expanding beyond email environments and moving into social platforms, recruitment channels and other communication layers that shape professional identity.

More Key Takeaways

  • Social-media links in malicious emails increased by 600 percent since 2023, driven largely by compromised business email signatures that contain social media profiles.
  • Abuse of Salesforce’s mailing service increased threefold in 2025.
  • In Google environments, gmail accounted for nearly twice the malicious sender domains as outlook.
  • In Microsoft environments, gmail accounted for nearly triple the malicious sender domains of outlook.
  • Malicious SVG attachments soared by 50X in 2024.
  • Malicious QR codes in 2025 fell tenfold from their 2023 peak.
  • Recruitment-themed phishing delivered through Salesforce grew sharply, often to hijack business social media accounts and professional identity platforms.

This research is fundamentally different from typical threat intelligence reports because it examines the quantity and quality of threats that bypass firewalls and email filters. These are the threats that your people are actually facing.

Understand how today’s attackers bypass email and identity controls with GenAI phishing, AiTM kits, and browser-in-the-middle attacks.
See which lures, brands, and workflows are most abused in the current threat landscape Benchmark your organization against report rates, dwell times, and human-layer behavior from hundreds of thousands of real attacks.
Learn how to use threat intelligence to prioritize detections, tune controls, and design training that matches real attacks, not lab scenarios.
Gartner Peer Insights Customers' Choice 2024 badgeCapterra Best Ease of Use 2025 badgeSoftware Advice Most Recommended 2025 badge

We're committed to your privacy. Hoxhunt uses the information you provide to us to contact you about our content, products, and services. You may unsubscribe from these communications at anytime. For more information, check out our Privacy Policy.