Threat Spotlight: Speed, Scale, and Stealth: How Axios Powers Automated Phishing

Description

Axios user agent activity has surged by 241% from June to August 2025, outpacing other flagged user agents. Attacks combining Axios with Direct Send achieved a 70% success rate in recent campaigns, significantly higher than non-Axios campaigns. The combination exploits Direct Send's trusted nature and Axios's lightweight design to bypass traditional security defenses. Attackers are using Axios to automate phishing, credential stealing, and API exploitation at unprecedented scale. The campaign initially targeted high-profile individuals in finance, healthcare, and manufacturing, but has expanded to include everyday users. Organizations are advised to implement robust detection mechanisms for suspicious user-agent activity, particularly Axios-related patterns, to mitigate this evolving threat.