Key Takeaways from the Hoxhunt 2025 Cyber Threat Intelligence Report

Written By Tim Barrow

Cyber threats continue to evolve, but one insight from the Hoxhunt 2025 Cyber Threat Intelligence Report is clear: the most dangerous attacks today aren’t necessarily the most technically advanced; they’re the ones that look completely normal.

Based on millions of real phishing emails reported by employees that bypassed security filters, the report highlights how attackers are refining social engineering tactics, leveraging AI, and targeting identity systems to compromise organisations.

Here are the key takeaways security teams should be paying attention to.

Phishing Still Dominates the Threat Landscape

Despite growing concern around deepfakes and sophisticated cyber operations, phishing remains the most common and effective attack method.

Attackers are increasingly designing emails that blend seamlessly into everyday business communication, impersonating colleagues, vendors, HR departments, or IT teams. Because these messages mimic normal workflows, they are far more likely to evade both technical controls and human suspicion.

In many cases, the most successful attacks aren’t flashy or complex, they’re simply convincing.

AI Is Improving the Quality of Phishing Attacks

Generative AI is beginning to influence cybercrime, but not always in the ways many expected.

Rather than creating entirely new attack techniques, attackers are using AI to enhance traditional phishing campaigns. AI tools help generate:

  • Well-written emails without spelling or grammatical mistakes

  • Messages that match corporate tone and style

  • Personalised content tailored to targets

This makes phishing emails appear more legitimate and undermines traditional guidance like “look for typos.”

Adversary-in-the-Middle Attacks Are Growing

One of the most significant technical trends highlighted in the report is the rise of Adversary-in-the-Middle (AiTM) phishing kits.

These tools intercept login sessions in real time, allowing attackers to capture:

  • Usernames and passwords

  • Authentication tokens

  • Active sessions

Because AiTM attacks can capture session tokens, they can even bypass certain multi-factor authentication (MFA) protections, making them particularly dangerous.

As these kits become easier to deploy, more threat actors are able to carry out sophisticated identity attacks.

Social Engineering Is Expanding Beyond Email

Email remains a major attack vector, but attackers are increasingly targeting users across multiple platforms.

Threat actors now frequently exploit:

  • Social media platforms

  • Messaging apps

  • Recruitment websites

  • Collaboration tools

For example, fake job offers or impersonated recruiters may be used to deliver malicious links or harvest credentials.

This shift highlights how the modern attack surface extends well beyond the traditional inbox.

Attackers Are Getting Better at Evading Security Filters

The report also highlights how attackers are adapting their techniques to bypass technical security controls.

Some emerging tactics include:

  • Malicious content hidden within SVG file attachments

  • Abuse of trusted redirect services such as legitimate platforms

  • Hosting phishing pages or malware on reputable file-sharing services

By leveraging trusted infrastructure, attackers increase the likelihood that malicious messages will slip past security gateways.

The Human Layer Remains a Critical Defence

As phishing attacks become more convincing, technology alone cannot stop every threat.

The report reinforces the importance of strengthening the human layer of security, empowering employees to identify suspicious activity and report potential attacks.

Organisations that encourage threat reporting and provide continuous security awareness training can significantly improve their ability to detect and respond to attacks that bypass automated controls.

What Security Teams Should Focus on Next

The evolving threat landscape highlighted in the report points to several priorities for organisations:

  • Strengthening identity protection and authentication security

  • Improving phishing detection and response processes

  • Expanding security awareness programs

  • Encouraging employees to actively report suspicious activity

Ultimately, defending against modern cyber threats requires a combination of technology, processes, and informed people.

Read the Full Report

This article only covers the main highlights. The full report includes deeper analysis, threat trends, and practical insights for security teams.

You can access the full Hoxhunt Cyber Threat Intelligence Report here:
https://hoxhunt.com/form/threat-intelligence-report

Final Thoughts

The Hoxhunt Cyber Threat Intelligence Report highlights an important reality: cyber attacks are increasingly built around believable deception rather than obvious malicious activity.

For organisations, this means security strategies must evolve beyond simply blocking threats and focus on helping people recognise when something that looks normal might actually be malicious.

Tim Barrow
Next

The 20-millisecond problem: why ransomware still lands even when Defender is “working”