Menlo Security State of Browser Security Report Finds 130% Increase in Zero-Hour Phishing Attacks and Identified Nearly 600 Incidents of GenAI Fraud

Threat actors are increasingly using AI-powered attacks to exploit browser vulnerabilities, harvest user credentials, and employ evasion tactics to bypass traditional security defenses.

Menlo Security released its annual State of Browser Security Report, which identifies key drivers behind the rise in browser-based attacks. These include AI-powered threats, phishing-as-a-service (PhaaS), and zero-day vulnerabilities. The report, based on an analysis of over 752,000 browser-based phishing attacks, reveals a 140% increase in browser-based phishing attacks compared to 2023, and a 130% increase in zero-hour phishing attacks.

Microsoft, Facebook, and Netflix were the most commonly impersonated brands in browser-based phishing attempts. In 2024, Menlo Security documented nearly 600 incidents of Generative Artificial Intelligence (AI) (GenAI) fraud, in which fraudulent sites used Generative AI (GenAI) platform names to mislead victims.

“Interestingly, the majority of GenAI fraud was not for the purpose of credential theft,” said Andrew Harding, VP of Security Strategy at Menlo Security. “Instead, these impersonation sites attempted to trick people into entering highly personal information. These fake GenAI platforms promise to generate a résumé or similarly personal document. In addition, the returned document is typically a PDF, where malware can hide out and be delivered. In the past year, Menlo Security successfully thwarted hundreds of such GenAI fraud incidents.”

Web browsers are widely used for work and personal activities, which has enabled threat actors to develop sophisticated browser-based attacks. These attacks often bypass traditional endpoint security defenses and network security controls.

Common attack vectors include malicious advertisements on popular websites and browser-based phishing attacks using Legacy Reputation URL Evasion techniques. Attacks through business collaboration tools like Slack or Microsoft Teams often involve brand impersonation, and vulnerabilities in major browsers, such as Chrome, Firefox, and Edge, remain a concern. The report details various real-world examples of such attacks.

Key findings from the report reveal:

Cybercriminals created nearly 1M new phishing sites each month, representing a 700% increase since 2020.
Nearly 51% of browser-based phishing attempts involved some form of brand impersonation.
75% of phishing links are hosted on trusted websites, with an average exposure window of up to six days before they are blocked by legacy security tools.
Phishing attacks hosted on subdomain providers increased by 51%, accounting for 24% of all phishing attacks.
Four of the top five hosting providers used by bad actors for phishing attacks were based in the U.S.

“Threat actors have advanced in speed and skills. They are using the same tools and infrastructure as professional engineers,” Harding added. “We’re seeing a dangerous combination of zero-day attacks and sophisticated phishing techniques that threaten systems and data. One in five attacks in 2024 utilized evasive techniques designed to bypass traditional security controls. As attackers increasingly adopt AI, this trend is expected to escalate in 2025, making browser security a critical priority.”

For full research findings and insights on major attacks and browser vulnerabilities, the report is available for download.

Sector Intelligence: Observability and Threat Detection Updates

Sector Intelligence: Edge and Space Infrastructure Advances

Sector Intelligence: Cloud, API & Workload Security