Phishing detection is broken: Why most attacks feel like a zero day

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. With MFA-bypassing phishing kits the new normal, capable of phishing accounts protected by SMS, OTP, and push-based methods, detection controls are being put under constant pressure as prevention controls fall short. A key challenge with phishing detection is that based on the indicators that we as an industry use to commonly detect phishing pages, pretty much every phishing attack looks different and uses a unique combination of domain, URL, IPs, page composition, target app, etc. Effectively, every phishing attack is completely novel. You might even describe them as “zero-days” (cue the collective sharp intake of breath)... The goal here isn’t to sensationalize phishing attacks — quite the opposite. Rather, this shines a light on the state of phishing detection ... Read full article.