In Q1 2026, Microsoft observed 8.3 billion email-based phishing threats, characterized by a 146% surge in QR code phishing and rapid evolution in CAPTCHA-gated payload delivery. Despite disruption efforts against the Tycoon2FA adversary-in-the-middle (AiTM) platform, threat actors quickly adapted their infrastructure, while Business Email Compromise (BEC) remained highly prevalent using conversational social engineering.