Email Threat Radar - July 2025
Barracuda Networks, Thursday, July 24th, 2025
During July, Barracuda threat analysts identified several notable email-based threats targeting organizations around the world. Many of them leveraged popular phishing-as-a-service (PhaaS) kits.
The threats include:
- Tycoon PhaaS impersonating the Autodesk Construction Cloud for a credential phishing attack
- A fake toll violation scam targeting U.S.-based drivers
- Phishing emails mimicking the Zix Secure Message service
- EvilProxy attacks impersonating RingCentral
- Gabagool phishing kit exploiting business productivity tool with toxic PDF
- Phishing attacks bundling Copilot and SharePoint brands
- LogoKit credential theft attacks using Roundcube webmail service
- Tycoon links distributed as document downloads
Threat Snapshot:
Barracuda's threat analysts have seen attackers abusing the Autodesk Construction Cloud to deliver sophisticated phishing attacks. The Autodesk Construction Cloud is a set of online collaboration tools for people working on construction projects, from design and build to project management and budgeting.