Over 1 in 20 emails are malicious, warns internet giant Cloudflare

cointelegraphPublished on 2025-12-16Last updated on 2025-12-16

Abstract

More than 5% of all emails sent contain malicious content, with that figure surging to nearly 10% in November, according to Cloudflare's 2025 year-in-review report. Malicious emails are defined as those capable of causing harm, such as stealing credentials, data, or money. These threats are particularly relevant to crypto investors, as phishing attacks have increased in complexity and can result in irreversible losses. Deceptive links were the most common threat category, making up 52% of malicious emails. Identity deception followed at 38%, where attackers impersonate trusted individuals using spoofed domains. The most abused top-level domain was “.christmas,” with 92.7% of emails from it being malicious. Additional research from Barracuda found that one in four emails were unwanted spam, a quarter of all HTML attachments were malicious, and 12% of malicious PDF attachments were Bitcoin scams. Hornet Security also reported a 131% year-over-year increase in malware-laden emails, confirming email as a consistent vector for cyberattacks.

More than 5% of all emails sent worldwide contain malicious content, according to internet infrastructure giant Cloudflare.

The web security giant revealed that an aggregate of 5.6% of global email traffic analyzed by the firm over the past year was found to be malicious. This equates to more than one in every twenty emails containing harmful content.

In November, that figure surged to almost one in 10, nearly double the average for the year, it found.

Malicious emails include those that can cause harm, such as the theft of credentials, data, or money, Cloudflare explained in its 2025 year-in-review report.

The findings are particularly relevant to crypto investors, as phishing attacks targeting crypto traders, investors, and executives have increased in complexity and surged in recent months.

Crypto phishing links can be especially damaging. Once a victim falls for one of these malicious links or sends cryptocurrency to a scammer, there’s usually no way back.

Malicious emails surged to 9.7% in November. Source: Cloudflare

Deceptive links dominate threat categories

More than half of these malicious emails, or 52%, contained a deceptive link, which was the highest threat category, it reported.

Identity deception was the second-highest at 38%, up from 35% in 2024, as attackers impersonated trusted individuals using spoofed domains, similar-looking domains, or display name tricks.

Related: Email auto-reply vulnerability allows hackers to mine cryptocurrency

Cloudflare also revealed that the most abused top-level domain (TLD) extension was “.christmas,” with 92.7% malicious emails and 7.1% spam originating from this domain type.

Other highly abused domain names included “.lol,” “.forum,” “.help,” “.best” and “.click.”

Deceptive links were the highest threat category among malicious emails. Source: Cloudflare

A quarter of HTML attachments are malicious

Earlier this year, researchers at cybersecurity company Barracuda analyzed 670 million emails that were malicious or unwanted spam.

They discovered that email remains the most common attack vector for cyber threats, with malicious attachments and links being used to distribute malware, launch phishing campaigns, and exploit vulnerabilities.

As many as one in four emails were unwanted spam, a quarter of all HTML attachments were malicious, and 12% of malicious PDF attachments were Bitcoin scams, they reported.

In November, Hornet Security reported that email was a “consistent delivery vector” for cyberattacks in 2025, with malware-laden emails surging by 131% year-over-year.

Magazine: Do Kwon sentenced to 15 years, Bitcoin’s ‘choppy dance’: Hodler’s Digest

Related Reads

OpenAI Post-Training Engineer Weng Jiayi Proposes a New Paradigm Hypothesis for Agentic AI

OpenAI engineer Weng Jiayi's "Heuristic Learning" experiments propose a new paradigm for Agentic AI, suggesting that intelligent agents can improve not just by training neural networks, but also by autonomously writing and refining code based on environmental feedback. In the experiment, a coding agent (powered by Codex) was tasked with developing and maintaining a programmatic strategy for the Atari game Breakout. Starting from a basic prompt, the agent iteratively wrote code, ran the game, analyzed logs and video replays to identify failures, and then modified the code. Through this engineering loop of "code-run-debug-update," it evolved a pure Python heuristic strategy that achieved a perfect score of 864 in Breakout and performed competitively with deep reinforcement learning (RL) algorithms in MuJoCo control tasks like Ant and HalfCheetah. This approach, termed Heuristic Learning (HL), contrasts with Deep RL. In HL, experience is captured in readable, modifiable code, tests, logs, and configurations—a software system—rather than being encoded solely into opaque neural network weights. This offers potential advantages in explainability, auditability for safety-critical applications, easier integration of regression tests to combat catastrophic forgetting, and more efficient sample use in early learning stages, as demonstrated in broader tests on 57 Atari games. However, the blog acknowledges clear limitations. Programmatic strategies struggle with tasks requiring long-horizon planning or complex perception (e.g., Montezuma's Revenge), areas where neural networks excel. The future vision is a hybrid architecture: specialized neural networks for fast perception (System 1), HL systems for rules, safety, and local recovery (also System 1), and LLM agents providing high-level feedback and learning from the HL system's data (System 2). The core proposition is that in the era of capable coding agents, a significant portion of an AI's learned experience could be maintained as an auditable, evolving software system.

marsbit26m ago

OpenAI Post-Training Engineer Weng Jiayi Proposes a New Paradigm Hypothesis for Agentic AI

marsbit26m ago

Your Claude Will Dream Tonight, Don't Disturb It

This article explores the recent phenomenon of AI companies increasingly using anthropomorphic language—like "thinking," "memory," "hallucination," and now "dreaming"—to describe machine learning processes. Focusing on Anthropic's newly announced "Dreaming" feature for its Claude Agent platform, the piece explains that this function is essentially an automated, offline batch processing of an agent's operational logs. It analyzes past task sessions to identify patterns, optimize future actions, and consolidate learnings into a persistent memory system, akin to a form of reinforcement learning and self-correction. The article draws parallels to similar features in other AI agent systems like Hermes Agent and OpenClaw, which also implement mechanisms for reviewing historical data, extracting reusable "skills," and strengthening long-term memory. It notes a key difference from human dreaming: these AI "dreams" still consume computational resources and user tokens. Further context is provided by discussing the technical challenges of managing AI "memory" or context, highlighting the computational expense of large context windows and innovations like Subquadratic's new model claiming drastically longer contexts. The core critique argues that this strategic use of human-centric vocabulary does more than market products; it subtly reshapes user perception. By framing algorithms with terms associated with consciousness, companies blur the line between tool and autonomous entity. This linguistic shift can influence user expectations, tolerance for errors, and even perceptions of responsibility when systems fail, potentially diverting scrutiny from the companies and engineers behind the technology. The article concludes by speculating that terms like "daydreaming" for predictive task simulation might be next, continuing this trend of embedding the idea of an "inner life" into computational processes.

marsbit28m ago

Your Claude Will Dream Tonight, Don't Disturb It

marsbit28m ago

Duan Yongping's Bottom-Fishing in CoreWeave Is Turning into a Battleground for Bulls and Bears

CoreWeave's Q1 2026 earnings report has intensified the ongoing bull-bear battle over the AI infrastructure stock. While revenue doubled year-over-year to $2.08B and the firm's remaining performance obligation (RPO) surged to nearly $100B, its net loss more than doubled to $740M. The critical point of contention is profitability: while adjusted EBITDA margin was a robust 56%, the adjusted operating margin collapsed to just 1% due to soaring infrastructure and sales costs. A weaker-than-expected Q2 revenue guidance further triggered an 11.4% single-day stock drop. The bull thesis hinges on CoreWeave's massive order backlog, deep strategic ties with NVIDIA (as a customer, investor, and key supplier), and a diversified client base now including Anthropic and Meta. The bear case focuses on the "scale at all costs" model, where expanding revenue leads to wider losses, ballooning debt ($25B), and massive capital expenditures ($6.8B in Q1). Insider selling by executives contrasts with a notable new investor: Chinese investor Duan Yongping initiated a small position (0.12% of his portfolio) in Q4 2025 near the stock's lows. The coming Q2 report is seen as a key test for management's promise of a profit margin recovery.

marsbit35m ago

Duan Yongping's Bottom-Fishing in CoreWeave Is Turning into a Battleground for Bulls and Bears

marsbit35m ago

China's Version of 'Tech Burning Man' Debuts in Shanghai, muShanghai Creates a Global Geek 'Pop-up City'

From May 10 to June 6, 2026, the inaugural muShanghai "Pop-up City" experiment, dubbed China's version of a "tech Burning Man," launched in Shanghai. Co-organized by the international open-source community The Mu and the Hongqiao Alibaba Center, this 28-day event aimed to build a global "parallel city" for geeks, attracting over 800 participants from more than 50 countries, including former OpenAI engineers and startup founders. The program featured four themed weeks: AI Week, Biotech Week, Robotics Week, and Culture Week, hosting nearly 100 sessions like ClawCon 2026. Activities ranged from discussions on AI safety and consumer apps to robot battles and cyberpunk culture, culminating in large outdoor "Innovator Marketplaces." A core principle was "Build in Public," encouraging open sharing of projects and progress. Hongqiao Alibaba Center served as the co-host and primary venue, positioning itself as a first-stop hub for international talent in China. The event marks a significant step for The Mu community, which has previously organized similar pop-up cities in Argentina and San Francisco, in bringing its model of immersive, collaborative innovation to China. It aims to be a key window for global科创 (scientific and technological innovation) exchange.

marsbit35m ago

China's Version of 'Tech Burning Man' Debuts in Shanghai, muShanghai Creates a Global Geek 'Pop-up City'

marsbit35m ago

CLARITY Act: Banking Trade Groups Push For Yield Agreement Revision – Details

US banking trade groups are urging revisions to the stablecoin yield compromise in the upcoming CLARITY Act ahead of a key committee markup. The Act currently aims to ban all passive, deposit-like interest on stablecoins to prevent competition with traditional bank savings, while allowing rewards tied to active uses like staking or transactions. In a letter, groups including the American Banking Association and Bank Policy Institute proposed stricter language to eliminate perceived loopholes for passive yield and prevent deposit flight from banks. However, these efforts are reportedly viewed as minor by some lawmakers. The Senate Banking Committee is scheduled to mark up the bill on May 14, a critical step before it can advance through Congress.

bitcoinist14h ago

CLARITY Act: Banking Trade Groups Push For Yield Agreement Revision – Details

bitcoinist14h ago

Trading

Spot
Futures

Hot Articles

How to Buy T

Welcome to HTX.com! We've made purchasing Threshold Network Token (T) simple and convenient. Follow our step-by-step guide to embark on your crypto journey.Step 1: Create Your HTX AccountUse your email or phone number to sign up for a free account on HTX. Experience a hassle-free registration journey and unlock all features.Get My AccountStep 2: Go to Buy Crypto and Choose Your Payment MethodCredit/Debit Card: Use your Visa or Mastercard to buy Threshold Network Token (T) instantly.Balance: Use funds from your HTX account balance to trade seamlessly.Third Parties: We've added popular payment methods such as Google Pay and Apple Pay to enhance convenience.P2P: Trade directly with other users on HTX.Over-the-Counter (OTC): We offer tailor-made services and competitive exchange rates for traders.Step 3: Store Your Threshold Network Token (T)After purchasing your Threshold Network Token (T), store it in your HTX account. Alternatively, you can send it elsewhere via blockchain transfer or use it to trade other cryptocurrencies.Step 4: Trade Threshold Network Token (T)Easily trade Threshold Network Token (T) on HTX's spot market. Simply access your account, select your trading pair, execute your trades, and monitor in real-time. We offer a user-friendly experience for both beginners and seasoned traders.

11.3k Total ViewsPublished 2024.03.29Updated 2025.03.21

How to Buy T

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of T (T) are presented below.

活动图片

Top Questions