2025 year in review: Barracuda Blog’s standout posts

A look back at the year’s top stories, threats and trends

Takeaways

• 2025 saw a surge in sophisticated phishing attacks, including the rise of phishing-as-a-service platforms and advanced kits like GhostFrame and Tycoon 2FA.
• Cybercriminals increasingly targeted Microsoft 365 users, using innovative techniques such as Microsoft Direct Send phishing attacks.
• Major threat actors and ransomware groups like Qilin, Akira and Medusa remained active, drawing attention to the need for proactive cyber defense strategies.
• Barracuda’s research and spotlights provided readers with actionable insights to recognize, understand and mitigate emerging cyberthreats throughout the year.
• The year’s most popular posts reflected a strong interest in practical advice and in-depth analysis of evolving threats shaping the cybersecurity landscape.

As the year comes to a close, we’re taking a moment to reflect on the standout stories, research and trends featured on the Barracuda Blog. Readers were especially drawn to  deep drives into the evolving threat landscape — from the rise of phishing-as-a-service and stealthy kits like GhostFrame and Tycoon 2FA, to the growing wave of attacks targeting Microsoft 365.

We also explored practical defenses, such as how to identify Microsoft Direct Send phishing attacks, and examined the tactics of major ransomware groups including Qilin, Akira and Medusa. These spotlights not only highlighted the threats themselves but also sparked meaningful conversations about resilience and proactive defense.

This year-end roundup brings together the most popular posts that captured your attention and shaped the dialogue around cybersecurity in 2025.

Phishing-as-a-service and other phishing attacks

• Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit
• Threat Spotlight: Tycoon 2FA phishing kit updated to evade inspection
• Threat Spotlight: A million phishing-as-a-service attacks in two months highlight a fast-evolving threat
• Threat Spotlight: Unpacking a stealthy new phishing kit targeting Microsoft 365
• Microsoft Direct Send phishing attacks explained

Threat actors and ransomware groups

• Qilin ransomware is growing, but how long will it last?
• Akira: Modern ransomware with a retro vibe
• Medusa ransomware and its cybercrime ecosystem
• Cl0p ransomware: The skeezy invader that bites while you sleep
• DragonForce Ransomware Cartel vs. Everybody

The dark side of generative AI

• Evil-GPT: The “Enemy of ChatGPT”
• PoisonGPT: Weaponizing AI for disinformation
• WolfGPT: The “Upgraded” Dark AI for Malware
• DarkBard: The “Evil Twin” of Google Bard
• Threat Spotlight: How attackers poison AI tools and defenses

Quishing and malicious QR codes

• Threat Spotlight: Split and nested QR codes fuel new generation of ‘quishing’ attacks
• Novel phishing techniques to evade detection: ASCII-based QR codes and ‘Blob’ URIs

Threat research and SOC case files

• Half the spam in your inbox is generated by AI – its use in advanced attacks is at an earlier stage
• Threat Spotlight: The good, the bad, and the ‘gray bots’ – the Gen AI scraper bots targeting your web apps
• Email Threat Radar – July 2025
• The SOC case files: Akira ransomware turns victim’s remote management tool on itself
• The SOC case files: XDR catches Akira ransomware exploiting ‘ghost’ account and unprotected server

2025 was a year defined by innovation — both from defenders and attackers. As cybercriminals continue to evolve their tactics, Barracuda remains committed to delivering timely research, practical guidance and actionable insights to help organizations stay ahead.

We look forward to continuing the conversation in 2026 and sharing new spotlights, case files and research that empower you to strengthen your defenses and stay resilient.