Business & Technology
Phishing falls as attackers turn to AI & encryption
Zscaler has published its ThreatLabz 2026 Phishing and Initial Access Report, which shows phishing volumes fell while attacks became more targeted and effective.
Phishing activity declined 20% year on year in both 2024 and 2025 as tighter email and identity controls pushed attackers towards more selective campaigns, according to the report. It also found that 95.2% of phishing attempts were delivered through encrypted traffic, while 87% of all blocked malicious activity used encryption.
The shift points to a change in how attackers seek initial access. Rather than relying on broad, high-volume campaigns, the research describes a move towards fewer but more convincing attempts, including AI-generated websites and tools designed to hijack active user sessions.
In the UK, the study ranks the country second behind the US as a location for phishing infrastructure and hosting. It also places the UK fourth among the most targeted countries, behind Germany, India and the US.
AI and phishing
ThreatLabz identified 413,524 AI-generated site instances during the period covered by the research. Of those, 37,447, or 9.06%, were flagged as malicious.
Tools including Manus AI, Blackbox AI and Lovable AI are being used to create phishing pages that resemble legitimate corporate sites and customer workflows, the report says. It adds that these pages can be produced much faster than through manual development, making it easier for attackers to run targeted campaigns at scale.
Brand imitation remained a central tactic. Microsoft and Google were the most copied brands in phishing attacks, reflecting a continued focus on enterprise identity systems and account credentials.
Another finding centres on efforts to bypass multi-factor authentication. The research cites kits such as BlackForce, which it says are being used to take over active sessions in real time after users have logged in.
Sector targets
The services sector saw the sharpest increase in activity among the industries tracked in the report. Attacks against the sector rose 65.5% year on year, increasing from 330.9 million to 547.7 million hits.
Attackers were exploiting routine trust-based exchanges in billing, onboarding, renewals and support, according to Zscaler. Manufacturing and government also remained significant targets for email phishing, with government hits up 50% as attackers sought high-value intelligence.
Geographically, the US remained the leading target for email phishing attacks. Brazil recorded a 2,522% rise in phishing hosting, making it one of the top five global sources identified in the research.
Encrypted traffic
The report places heavy emphasis on encrypted traffic as a concealment method. By routing phishing content and other malicious activity through HTTPS and other encrypted channels, attackers can blend in with routine web traffic and make detection harder for organisations that do not inspect that traffic closely.
The findings suggest this is no longer a niche tactic. According to the study, encryption has become the default route for a large share of malicious activity, not just phishing.
Separate telemetry in the report points to large-scale hostile scanning before compromise. Data collected from decoys recorded 89.9 million hostile interactions from 1.37 million unique attacker IPs over six months.
This activity included attempts to probe collaboration platforms, identity systems and exposed services to identify weak points before an intrusion attempt. The report also says cloud infrastructure has become a main source of reconnaissance, with more than 121,000 distinct AWS-hosted IP addresses logged probing customer environments.
Using public cloud systems for scanning and credential validation can complicate response efforts because the traffic often originates from infrastructure more commonly associated with legitimate business services. That makes attribution and filtering more difficult for defenders.
The methodology states that the research drew on more than 500 trillion daily signals from Zscaler’s cloud platform and data gathered between January and December 2025, with deception telemetry collected between October 2025 and March 2026.
Deepen Desai, Chief Security Officer at Zscaler, said the changes reflected an adjustment in attacker behaviour rather than any retreat. “We are witnessing a strategic recalibration in the way adversaries approach initial access,” said Desai. “The decline in raw phishing volume isn’t a sign of retreat; it’s a sign of evolution. Attackers are trading quantity for quality, using GenAI to eliminate traditional ‘tells’ like poor grammar and generic lures. With 95% of phishing now hiding in encrypted traffic, organizations can no longer afford to leave their TLS traffic uninspected. A Zero Trust architecture is the only way to break the attack chain, from discovery to data exfiltration.”
SOFIAH NICHOLE SALIVIO
News Editor
London startup Cascade has launched the open beta of its AI-native production platform for storytelling, aimed at creators, studios, agencies and brands.
Founded by film and virtual production executives whose credits include Avengers: Endgame, No Time To Die, Wicked, Masters of the Air and Pinocchio, the platform is designed to support projects from early development through final delivery in a single production environment.
The software uses what Cascade describes as an agentic AI framework built around filmmaking workflows. It is intended to help users develop ideas, build assets, manage projects and run production processes through natural language interaction, while keeping creative control with human users.
Cascade is entering a crowded market for AI image, video and content generation tools. Its founders, however, are positioning the company around production management and continuity rather than stand-alone generation. A central part of that pitch is an asset-based system designed to help users keep characters, visual style and intellectual property consistent across projects.
The platform can combine AI-generated material, existing creative assets and live-action production in one place. Cascade is targeting a broad range of output, including teasers, trailers, advertising campaigns, episodic series, animation, films and music videos.
Chief executive officer and co-founder Simon Windsor said the business was formed in response to gaps the founders had experienced in film production.
“Too many great stories never make it to screen – and we built Cascade to change that,” Windsor said.
He added: “We didn’t set out to build another AI generation tool. That’s not what the industry needs. What we’ve created is the all-in-one production environment we wished we’d had throughout our careers.
“The creativity has always been there, but what the industry has been missing is a platform that connects everything – one that supercharges high-grade production while respecting the creative process and helping storytellers bring ambitious ideas to life.
“That’s what Cascade is: the production platform modern storytelling has been waiting for. We’re redefining who can make films, how fast they can make them, and at what quality.”
Founding Team
Cascade was co-founded by Windsor, a former co-chief executive officer of Dimension Studio; Junaid Baig, a former lead of DNEG rendering and pipeline; and Darren Hopkins, a technology entrepreneur, former chief financial officer of Dimension Studio and chief executive officer of AI investment firm Mollyroe. The company has also named Dominic Wheatley, co-founder and former chief executive officer of Eidos, as chairman.
The line-up reflects an effort to combine film production, visual effects, gaming and finance experience at a time when media companies are testing how AI fits into established production pipelines. The sector has drawn both investment and scrutiny as creators weigh gains in speed and cost against concerns over authorship, ownership and creative control.
By focusing on workflow, asset management and project continuity, Cascade is seeking to appeal not only to independent creators but also to production teams handling repeatable franchises, branded content and longer-form series work. Its emphasis on maintaining ownership of intellectual property across projects points to one of the central commercial questions in AI-assisted media production.
Open beta access is now available as the startup begins testing the platform with users across film, advertising and content production.
Tess’ Brilliant Bakes started off home delivering postal boxes of baked goods and caters for events before opening a cafe of their sweet streets in Parsons Street in Banbury.
The cafe sold a wide variety of cakes including slices of lemon drizzle and coffee cake as well as baked-to-order cookies.
In a statement on Facebook, they said: “This is a very hard post to write, and it has taken a lot to come to this decision, but unfortunately Tessie’s Cafe is going to have to close.
“While we have worked extremely hard for the past 3.5 years to keep it going, it has become impossible to make a living. The debts have been creeping up to such an extent that I just can’t continue.
READ MORE: Speed limit to be cut to 40mph on Oxfordshire road
“We are devastated to bring you this news. The cafe has been like a baby to me, a real labour of love and it’s going to be very hard to let it go.
“We are so very grateful for all of the support and love we’ve received over the years. We’re so appreciative of you all. We couldn’t have managed it without you! Hopefully we’ll see you between now and when we go.”
The cafe confirmed it will appear at Banbury Market once the cafe has closed and will be selling cake making and decorating equipment,
At a meeting of the council’s cabinet yesterday, members of the Oxford Business Action Group (OBAG) asked councillors for transparency, consultation, and acknowledgement ahead of the introduction of traffic filters in August.
This follows years of calls for accountability and the publishing of survey results and “consumer spend data” this week, which the council said “reveals how business conditions and performance have changed since the temporary congestion charge was introduced”.
Gareth Epps, Oxfordshire County Council’s cabinet member for transport, said: “There are many challenges affecting businesses at this time, and data can help us understand what is having an impact.
“While it’s great that nearly 80 per cent of businesses who gave a view on their performance compared to a year ago said they are doing the same or better, it is clear that many are feeling significant pressures due to a number of local and national factors.”
The data also showed 58 per cent of shopfront businesses have fewer customers since the congestion charge came into force eight months ago, and spend in Oxford’s shopping neighbourhoods has gone down more than in comparable cities.
Restauranteur and OBAG spokesperson, Bernadette Evans, said: “This isn’t happening to just a handful of us but to hundreds of brilliant hard-working shopfront business owners who’ve had the rug pulled from under them.”
The information was collected after businesses lobbied the county council to provide data on how the congestion charge was impacting trade, particularly footfall.
She stated: “We’ve never been asked if we’ve been impacted by the LTNs, the removal of parking or the congestion charge, and we know it’s because you know you won’t like what you hear.”
The charge is temporary and will be replaced by traffic filters after the reopening of the Botley Road.
Fraser Lloyd Jones, who is a part of Oxford Business Action Group and runs Barefoot Bakery, said: “Operating four sites in Oxford City Centre, not once have I been contacted in person, by email, phone or letter to ask my opinion on the consultation phase or the effect it has had on our business since implementation.”
He has a fifth site in Kidlington, where there is free parking and no limits on vehicle movement, which has been growing month on month.
This is not the case for one of his bakeries in Cowley, which may have to close “as footfall in the St Clements area has all but disappeared” amid restrictions, on top of increased business rates.
He described “unprecedented disruption” with works including the long-running Botley Road closure, saying businesses are just trying to “survive”.
Fraser said: “Where is the robust, independently verified evidence that demonstrates these restrictions have delivered a net economic benefit for Oxford?”
Previously, the council has been forced to apologise after congestion charge data collated by an external supplier was found to be faulty.
Geoff Sutton of OBAG and Reconnecting Oxford has analysed walking data and said footfall had reduced on St Clements, having a “severe impact” in “quick waves” with a range of restrictions “removing passing trade”.
He believes predictions for increased active travel with the scheme were “wrong” and people have been catching buses instead, bypassing local businesses.
Bernadette has attended around 20 council meetings speaking for businesses and calling for change, conversation and accountability on the congestion charge, but does not feel heard.
The group “welcomed” new transport boss Mr Epps, agreeing to speak with him after the meeting, but fear there will not be policy change as plans are already approved, with “tweaking around the edges and fiddling while Rome burns”.
-
Crime & Safety4 weeks agoOxfordshire bridge closure comes as management ‘weaknesses’ found
-
Crime & Safety4 weeks agoWhat happens to Halifax customers if Lloyds makes changes?
-
Oxford News4 weeks agoActor steps down from major role in new Harry Potter series
-
UK News4 weeks agoGlass deposit scheme 'risks major problems' for retail industry
-
UK News4 weeks agoBurnham seeks to calm markets by committing to fiscal rules
-
UK News4 weeks agoEx-minister Shapps quits aerospace firm over rule concerns
-
Crime & Safety4 weeks agoRyan Bridge speaks of London arrest after Oxford incident
-
Crime & Safety4 weeks agoOxfordshire man accused of sexual offences 40 years ago