Among the unidentifiable phishing kits used by phishing sites, Tycoon 2FA accounts for 10%.

Ransomware attacks are averaging 20 incidents per day.

Nation-state activity in the telecom sector rose by 130%, driven by adversaries like GLACIAL PANDA.

There has been a 50% spike in genAI platform usage among enterprise end-users in the three months ended May 2025.

Voice phishing (vishing) is on track to double last year’s volume by the end of 2025.

The use of URL shorteners accounts for 7% of phishing delivery.

34% of organisations are currently using Large Language Model (LLM) interfaces.

In May 2025, 41% of organisations were already using at least one genAI platform.

The strategic use of Danish language in BEC scams is 11.9%.

Among the unidentifiable phishing kits used by phishing sites, 16shop accounts for 7%.

Ollama is used by 33% of organisations.

The most observed phishing exploitation mechanisms are HTTP POST to remote server accounting (52%) and email exfiltration (30%).

GitHub Copilot is now used in 39% of organisations.

Over half of all current app adoption among enterprise users is estimated to be shadow AI.

58% of phishing sites now use unidentifiable phishing kits.

62% of breaches in H1 2025 involved data stored on network servers.

Netskope is tracking more than 1,550 distinct genAI SaaS applications, which is up from just 317 in February.

PDFs remain the preferred vehicle for delivering malicious attachments in phishing, at 64%.

A significant portion of BEC targets are Danish, at 38%.

Financial lures are the number one ploy in phishing emails, representing 35% of samples.