Cybersecurity incidents practically tripled within the first half of 2025, leaping from 6% within the second half of 2024 to 17% in 2025, in accordance with a brand new report from LevelBlue.
Enterprise e-mail compromise (BEC) stays the commonest technique for preliminary entry, however non-BEC techniques rose by 214%. The researchers noticed a serious surge in social engineering assaults, pushed by the current reputation of the ClickFix tactic.
“The LevelBlue Menace Traits Report discovered a large uptick in social engineering assaults, accounting for 39% of preliminary entry incidents noticed in the course of the first half of the yr,” the researchers write.
“This may be attributed to the growing variety of pretend CAPTCHA social engineering assaults, particularly ClickFix campaigns, which jumped 1,450% from the second half of 2024 to the primary half of 2025. These assaults leverage consumer belief and urgency to simply acquire entry to organizations’ networks.”
ClickFix is a comparatively new tactic that tips customers into working malicious instructions on their computer systems.
“ClickFix lures customers with pretend system messages or alert pop-ups prompting them to ‘repair’ a purported subject by clicking a button or downloading a suspicious utility,” the researchers clarify. “Pretend CAPTCHA masquerades as a CAPTCHA verification web page, prompting customers to work together with keyboard enter as a part of a pretend bot-detection problem. These techniques create a false sense of legitimacy and trigger the consumer to unintentionally execute attacker-controlled scripts.”
LevelBlue additionally warns that AI is growing attackers’ effectivity and rushing up cyberattacks. New-school safety consciousness can present a vital layer of protection in opposition to these incidents.
“What’s particularly regarding is how briskly attackers are shifting,” the report says. “Breakout occasions are shrinking, and menace actors are shifting laterally quicker than ever. It’s a transparent signal that attackers are getting extra environment friendly — and extra harmful. For this reason it’s important for safety groups to double down on cyber training and consciousness coaching. In case your coaching hasn’t coated the most recent social engineering tips, now’s the time to overview and replace it. On the finish of the day, your individuals are nonetheless your first line of protection.”
KnowBe4 empowers your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and scale back human threat.
LevelBlue has the story.
