In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows and leveraged phishing campaigns using compromised credentials. Phishing attacks focused on trust exploitation, with 40% of incidents using phishing for initial access. Attackers utilized cascaded phishing, workflow-style emails (e.g., IT, travel), and Microsoft 365 Direct Send to bypass scrutiny. MFA spray attacks and device compromise surged, particularly in higher education sectors with unmanaged devices and poor patching. [Auto-archived: reprocess_no_remaining_articles — 2026-04-21T13:31:52.479Z]
