惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
S
Schneier on Security
Latest news
Latest news
F
Full Disclosure
T
Tenable Blog
T
Troy Hunt's Blog
The Last Watchdog
The Last Watchdog
S
Secure Thoughts
L
LangChain Blog
有赞技术团队
有赞技术团队
Project Zero
Project Zero
Cloudbric
Cloudbric
爱范儿
爱范儿
GbyAI
GbyAI
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
The Exploit Database - CXSecurity.com
S
Security @ Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
Recorded Future
Recorded Future
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
C
Cisco Blogs
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Engineering at Meta
Engineering at Meta
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Schneier on Security
Schneier on Security
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
K
Kaspersky official blog
The Hacker News
The Hacker News
V
V2EX
F
Fortinet All Blogs
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News | PayPal Newsroom
博客园 - 三生石上(FineUI控件)
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Press Releases

Aston Martin F1 & Zscaler: Speed Meets Security Zscaler Debuts ZAgent and Extends SASE Protection Zscaler Unites with Tech Leaders to Secure Enterprise AI Zscaler Unveils New Product Innovations to Secure Agentic AI Zscaler Announces Intent to Acquire Symmetry Systems, Inc. Zscaler Partners with GSIs to Launch Project AI-Guardian Zscaler and Alstom mark a decade of Zero Trust transformation to secure a cloud-first, mobile workforce and modernize operations | Zscaler Zscaler Recognized as Google Cloud Partner of the Year - Security Zscaler ZIA Achieves DoW Impact Level 5 Authorization Zscaler Expands Global Sovereignty on Zero Trust Exchange Zscaler & Singtel Singapore Bring Zero Trust Security SEA Zscaler, Together With Bharti Airtel, Announce Launch of AI & Cyber Threat Research Center to Advance Cyber Resilience and Trusted AI Adoption | Zscaler Zscaler Acquires SquareX to Advance Zero Trust Browser Security for the AI Era | Zscaler Zscaler Unveils New Innovations to Secure Enterprise AI Adoption Zscaler 2026 AI Security Report: Trends and Security Issues Zscaler Expands in Malaysia With New Data Center in Kuala Lumpur Dr. Swamy Kocherlakota to Lead Agentic AI Security Engineering Zscaler Appoints Sunil Frida as Chief Marketing Officer Zscaler recognized as AWS Marketplace Partner of the Year Zscaler and Microsoft Partner in Entra Agent ID Partner Ecosystem Zscaler Reveals 67% Jump in Android Malware & 40% of IoT Attacks Zscaler Acquires Innovative AI Security Pioneer SPLX Zscaler Announces New Innovations for Improved Digital Experience Zscaler announces advancements for U.S. Federal Civilian and DoD Zscaler Completes 2024 IRAP Assessment Zscaler and CrowdStrike Expand Partnership for Better AI Security Zscaler Completes Acquisition of Red Canary Ransomware Surges as Attempts Spike 146% IT Resilience Undermined by Lack of Support for Team Wellbeing Zscaler Extends Zero Trust to Cellular Communications for IoT/OT Zero Trust Security Reduces Cyber Insurance Claims Zscaler Achieves ISV Competencies In Three Categories Zscaler Unveils Latest AI Innovations on stage at Zenith Live Zscaler Launches New Solutions at Zenith Live Las Vegas Kevin Rubin Joins Zscaler as Chief Financial Officer Zscaler signed a definitive agreement to acquire Red Canary Zscaler, A Leader Once Again In The 2025 Gartner MQ for SSE Zscaler Leads by Example and Achieves DoD’s CMMC Level 2 Certific Raj Judge to Join Zscaler and Board of Directors Zscaler Leads by Example and Achieves DoW’s CMMC Level 2 Certific Zscaler Listed in AWS “ICMP” for the US Federal Government Zscaler ThreatLabz Uncovers Surge in AI-Driven Cyberattacks ThreatLabz Announces Findings From Its 2025 VPN Risk Report Zscaler Deployed Across T-Mobile Operations Report Finds an Over 3,000% Surge in Enterprise Use of AI/ML Tool Zscaler Introduces Zscaler Asset Exposure Management Survey Reveals Urgent Need to Prioritize Zero Trust Adoption Zscaler Offers Integrated Zero Trust Solution for RISE with SAP Nokia Turns to Zscaler to Modernize Security Architecture Zscaler Finds Over 87% of Cyberthreats Hide in Encrypted Traffic Zscaler Extend Zero Trust to Branches, Factories and Clouds Zscaler Expands Business Continuity Solution for Cloud & Endpoint Zscaler and Okta announced four new cybersecurity integrations Zscaler Identifies Malicious Apps with Over 8M Installs Zscaler Surpasses Half a Trillion Daily Transactions TOYOTA GAZOO Selects Zscaler to Protect Users Globally Zscaler Appoints Security Industry Veteran Adam Geller as CPO Zscaler and CrowdStrike announce new cyber security integrations Zscaler Opens New Point-of-Presence in Western Australia
Zscaler report: AI brings lethal precision to cybercrime
press@zscale · 2026-06-10 · via Press Releases

News Highlights 

  • Quality Over Quantity: Phishing volume fell 20% for the second year in a row as attackers recalibrate to high-fidelity, AI-accelerated lures.
  • Services Sector Surge: Targeted hits against the Services sector jumped 65.5%, as adversaries exploit trust-based workflows like billing and renewals.
  • The Encryption Blind Spot: 95.2% of phishing attempts now hide in encrypted traffic, bypassing legacy security stacks that lack deep TLS inspection.
  • "Text-to-Site" Weaponization: ThreatLabz identified over 413,000 AI-generated phishing instances, proving how easily attackers can now spin up polished, malicious sites.
  • MFA Under Threat: Sophisticated kits like "BlackForce" are being deployed to hijack active sessions and bypass multi-factor authentication in real-time.
  • Reconnaissance Exposed: Deception telemetry recorded 89.9 million hostile interactions from 1.37 million unique attacker IPs in six months, revealing large-scale scanning and credential validation before compromise.

Zscaler, Inc. (NASDAQ: ZS), the cybersecurity platform for the AI era, today announced the release of the Zscaler ThreatLabz 2026 Phishing and Initial Access Report. Based on the comprehensive telemetry across the world’s largest inline security cloud, spanning phishing activity, encrypted sessions, and deception decoy interactions, the research reveals a fundamental shift in the economics of cybercrime: while overall phishing volume dropped for the second consecutive year (down 20% year-over-year (YoY)), the effectiveness and sophistication of attacks have surged. 

Threat actors are increasingly utilizing AI-powered "text-to-site" tools and real-time session hijacking kits to bypass multi-factor authentication (MFA). Crucially, adversaries are heavily cloaking these sophisticated campaigns, with 95.2% of phishing attempts now hiding within encrypted traffic to bypass legacy security stacks. Furthermore, newly unveiled deception telemetry, capturing nearly 90 million hostile interactions, reveals that attackers are aggressively scanning and probing enterprise identities and collaboration platforms long before the initial compromise occurs. 

"We are witnessing a strategic recalibration in the way adversaries approach initial access," said Deepen Desai, Chief Security Officer, Zscaler. "The decline in raw phishing volume isn't a sign of retreat; it’s a sign of evolution. Attackers are trading quantity for quality, using GenAI to eliminate traditional 'tells' like poor grammar and generic lures. With 95% of phishing now hiding in encrypted traffic, organizations can no longer afford to leave their TLS traffic uninspected. A Zero Trust architecture is the only way to break the attack chain, from discovery to data exfiltration."

How Adversaries Are Using GenAI for High-Fidelity Initial Compromise
The report highlights how AI has become the primary engine for modern intrusion. ThreatLabz identified 413,524 AI-generated site instances, with nearly 10% flagged as explicitly malicious. Tools like Manus AI, Blackbox AI, and Lovable AI are being weaponized to spin up polished, brand-consistent phishing portals in minutes, tasks that previously required days of manual development.

These AI-generated lures are particularly effective at mimicking trusted workflows. The Services sector bore the brunt of this shift, experiencing a 65.5% YoY surge in hits as attackers exploited trust-based interactions like billing, onboarding, and support renewals.

Additional Findings From the 2026 Report Include:

  • The Global Landscape: The U.S. remains a top target for email phishing attacks; Brazil saw a 2,522% surge in phishing hosting, becoming a top-five global origin.
  • Industry Breakdown: Manufacturing and Government remain primary targets for email phishing attacks, with Government hits up 50% as attackers pursue high-value intelligence.
  • Credential Harvesting Trends: Microsoft and Google are the most imitated brands for phishing attacks, showing continued focus on compromising enterprise identity systems.
  • Detection Evasion: Encryption is now the default for cybercriminals, with 87% of malicious activity delivered via HTTPS.
  • Hostile Scanning Activity: Attackers are leveraging legitimate cloud infrastructure for reconnaissance, using over 121,000 unique Public Cloud-hosted IPs to probe environments.

Deception Technology Unmasks Attacker Intent
Zscaler telemetry from global decoys captured nearly 90 million hostile interactions across 1.37 million unique attacker IPs. This data confirms that adversaries are aggressively probing collaboration and identity platforms to find weak spots, and test assumptions about what defenses will give.

Mitigating the Path to Compromise
To counter these evolving threats, the Zscaler Zero Trust Exchange™ platform delivers the AI security platform built on Zero Trust that: 

  1. Minimizes Attack Surface Discovery: Reduces exposure by hiding applications behind a cloud-delivered proxy, while leveraging Deception technology to surface reconnaissance attempts via scanning, probing, and credential validation attempts early.
  2. Helps Eliminate Initial Compromise: Blocks AI-enabled phishing and session-based attacks with AI-driven inline inspection, including full TLS/SSL inspection, to expose threats hiding in encrypted traffic.
  3. Stops Lateral Movement: Connects users directly to applications and enforces Zero Trust access controls to prevent attackers from moving from a single foothold to broader environments.
  4. Prevents Data Loss: Reduces breach impact with AI-powered data protection to identify sensitive data in motion and prevent unauthorized sharing or exfiltration.

For a deeper dive into the findings and best practices for securing your organization, download the full Zscaler ThreatLabz 2026 Phishing and Initial Access Report at https://www.zscaler.com/campaign/threatlabz-phishing-initial-access-report 

Methodology
ThreatLabz analyzed over 500 trillion daily signals from the Zscaler Zero Trust Exchange, blocking over 9 billion threats daily. The report is based on data collected from January to December 2025, supplemented by deception telemetry observed between October 2025 and March 2026.