Guest blog courtesy of D3 Security."Technology has enabled them to get a lot better at what they do... You can subscribe to a phishing toolkit for about $500 a month, which gives you access to a complete toolset to set up, stage, and execute your attack."That perspective on the state of phishing in 2025 comes from Brad Farris, Manager of Security Engineering at Check Point Avanan, in a recent episode of Let's SOC About It.The conversation frames this new threat landscape, where attacks are so well-integrated with trusted services that they lack any obvious red flags.Joined by his colleague Curtis Goddard, our guests deconstruct the modern phishing stack, from AI-powered content generation to the use of legitimate platforms like SharePoint and Adobe to evade detection. They explore how threat actors now operate like sophisticated businesses, complete with HR departments, to launch what they call "Business Email Compromise 3.0".But for every attack stack, there is a defense stack. The episode provides a blueprint for how to beat these advanced AI-powered threats with a superior, more effective AI. The Modern Phishing Attack (2:19): Threat actors are no longer lone hackers but organized groups that A/B test their attacks, pull MX records to identify security solutions, and operate with the efficiency of a business.Business Email Compromise 3.0 (6:49): Forget obvious red flags. Attackers now use legitimate, compromised accounts and trusted platforms like SharePoint and Adobe to launch multi-stage attacks that are incredibly difficult to detect.AI's Impact on Attack Volume & Sophistication (10:03): AI has enabled threat actors to eliminate spelling and grammar mistakes while massively scaling their "spray and pray" campaigns, overwhelming SOCs with a flood of unique, polymorphic attacks.Fighting AI with Efficacy-Focused AI (14:09): Why you need a solution that adapts as fast as attackers to beat these threats.How D3 & Avanan Create a Unified Defense (24:51): Learn how Avanan's high-fidelity threat intelligence feeds into D3’s Morpheus AI, allowing teams to automatically validate threats, generate incident-specific playbooks, and execute remediation without manual intervention.