---
title: "Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09, 2026] | DuoCircle"
description: "Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/"
---

Quick Answer

Week ending March 9, 2026 covered: Cambodia's Cabinet approving a draft law to criminalize cyberscam operations, which the UN Office on Drugs and Crime estimates generates around $64 billion (often through trafficked, coerced workers), targeting transnational fraud rings before parliamentary review; the rise of AI-assisted Phishing-as-a-Service that produces polished phishing emails and bypasses MFA via CAPTCHA abuse, URL obfuscation, and malicious QR codes, pushing organizations toward continuous monitoring, anti-phishing MFA, and behavioral analysis; Google's on-device AI scam-protection feature (live in 27 countries) that flags malicious calls and messages, addressing the Omdia finding that 27% of smartphone users fall for phishing; and a Microsoft Copilot vulnerability (Cross Prompt Injection Attack, XPIA) that hides malicious instructions inside email and Teams summaries, mitigated by Safe Links, strict web filtering, advanced filtering of hidden HTML/CSS, and user training.

Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News \[March 09, 2026\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2026/03/Cambodia-Targets-Cybercriminals-Traditional-Security-Insufficient-AI-Against-Phishing---Cybersecurity-News-March-09-2026.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2026%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cambodia%20Targets%20Cybercriminals%2C%20Traditional%20Security%20Insufficient%2C%20AI%20Against%20Phishing%2C%20Cybersecurity%20News%20%5BMarch%2009%2C%202026%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2026%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2026%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2026%2F&title=Cambodia%20Targets%20Cybercriminals%2C%20Traditional%20Security%20Insufficient%2C%20AI%20Against%20Phishing%2C%20Cybersecurity%20News%20%5BMarch%2009%2C%202026%5D "Share on Reddit") [ ](mailto:?subject=Cambodia%20Targets%20Cybercriminals%2C%20Traditional%20Security%20Insufficient%2C%20AI%20Against%20Phishing%2C%20Cybersecurity%20News%20%5BMarch%2009%2C%202026%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2026%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2026/03/spf-record-5023.jpg) 

Last week’s cyber incidents revolved mainly around stepping up the security setups to combat cyber mishaps. Cambodia has recently approved a draft to tackle cybercrime syndicates. Advanced [phishing scams](https://www.al.com/news/2026/03/alabama-city-says-it-was-hit-by-430000-phishing-scam.html) are forcing organizations to **amp up their security systems**. Smartphone users are relying on AI to keep cyber scams at bay. 

Meanwhile, **experts discovered** a vulnerability in the corporate-favorite tool Microsoft Copilot. 

## Cambodia charting out new laws to nab cybercrooks!

A [multi-billion-dollar cyber scam](https://edition.cnn.com/2025/10/24/asia/cambodia-scams-chen-zhi-prince-group-intl-hnk) industry has been running in Cambodia. The scammers target innocent users, trapping them in cryptocurrency investments and [fake online dating scams](https://www.usatoday.com/story/money/personalfinance/2026/02/24/fake-romance-scams-are-rising/88839334007/).

To curb cyberattacks, the **government of Cambodia** has approved a draft that allows stringent punishments against cybercrooks.

[![multi-billion-dollar cyber](https://media.mailhop.org/duocircle/images/2026/03/365-to-365-migration-1005.jpg)](https://media.mailhop.org/duocircle/images/2026/03/365-to-365-migration-1005.jpg)

The cyberscam industry in Cambodia has almost reached “industrial proportions.” Experts at the **UN Office on Drugs** and Crime believe that the scammers make as much as [$64 billion.](https://www.thehindu.com/news/international/cambodia-approves-draft-law-targeting-cyberscammers/article70738393.ece) _This crime syndicate also includes those people who have been coerced into carrying out scams. They are the victims of human trafficking and are forced to scam innocent people across the globe_. 

The draft was approved by the **Cabinet to crack down** on transnational [cyberscam operations](https://www.scworld.com/brief/us-reinforces-southeast-asian-cyber-scam-hub-clampdown). The draft will soon be sent to the Parliament to “eliminate online scams from Cambodian territory.” The approval of the draft sends a strong message to the cyberscammers that Cambodia has never been a safe haven for threat actors.

## Traditional security systems insufficient for tackling sophisticated phishing attacks

[Phishing emails](/content/phishing-prevention/phishing-email) are no longer replete with poor English and grammatical mistakes. Today, these malicious emails appear authentic and polished thanks to artificial intelligence. The PhaaS, or Phishing-as-a-Service, industry has evolved **over time to offer platforms** and [phishing kits to cybercriminals](https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.html). Threat actors with little or no skills can take advantage of these phishing kits and carry out malicious campaigns effortlessly.

[![phishing as a service](https://media.mailhop.org/duocircle/images/2026/03/DMARC-generator-0102.jpg)](https://media.mailhop.org/duocircle/images/2026/03/DMARC-generator-0102.jpg)

These phishing kits come equipped with ready-to-use attack platforms. Even inexperienced cybercrooks can conveniently **automate email delivery**, harvest sensitive data, and evade security setups with the help of PhaaS. 

_The sophistication level has not only made the phishing emails look more credible, but they also enabled the threat actors to bypass conventional security measures_. **Multi-factor authentication** is no longer adequate to prevent threat attempts. Scammers are using different tactics like CAPTCHA abuse, URL obfuscation, and [malicious QR codes](https://www.securityweek.com/fbi-north-korean-spear-phishing-attacks-use-malicious-qr-codes/).

_Enterprises with traditional security tools are completely vulnerable to the modern threat environment_. That’s why an increasing number of organizations have started embracing a proactive approach. They are adapting to a system that blends persistent monitoring, **anti-phishing MFA**, high-end email security setups, and detailed behavioral evaluation. Experts also recommend that enterprises conduct regular employee training that focuses on modern, sophisticated tactics.

[![bypassing multi factor authentication](https://media.mailhop.org/duocircle/images/2026/03/dkim-selector-1003.jpg)](https://media.mailhop.org/duocircle/images/2026/03/dkim-selector-1003.jpg)

## Can AI safeguard users from smartphone-based phishing scams?

Smartphone users are highly vulnerable to smartphone-oriented phishing attacks. A report by the Omdia **Mobile Device Security Consumer Survey** states that [27%](https://www.darkreading.com/mobile-security/will-ai-save-consumers-smartphone-phishing-attacks) of smartphone users fall prey to phishing attacks. 

Smartphone manufacturers are heavily relying on AI technology to curb phishing attacks. _For example, Google has introduced an on-device scam protection feature that enables users to detect malicious voice calls and text messages in real-time_. 

Experts believe that AI-based security features are not foolproof, yet they play a crucial role in preventing scam attacks to a great extent. AI enthusiasts believe that AI security features will improve with time and **will safeguard smartphone** users from high-end phishing scams.

But experts are also worried that cyberscams are becoming more **advanced with the help of AI**. 

The scam detection feature by Google is currently available across 27 nations. The feature requires user permission to run in the background all the time. 

[![weekly threat](https://media.mailhop.org/duocircle/images/2026/03/what-is-dkim-5674.jpg)](https://media.mailhop.org/duocircle/images/2026/03/what-is-dkim-5674.jpg)

## Microsoft Copilot flaws make Teams Summaries and Emails vulnerable to phishing attacks!

_AI tools like Microsoft Copilot have changed the way corporate employees communicate_. Copilot helps users to obtain the gist of long emails, evaluate conversations, and extract key pointers. 

While these security features help boost productivity among employees, they also enable cybercrooks to carry out sophisticated phishing attacks. [Cybersecurity](/) experts have recently discovered a **Microsoft Copilot vulnerability** that allows phishing actors to misuse the message and email summarization features.

The [threat actors](/email-security/what-threat-actor-can-do-with-your-emails-without-password/) use a technique called [Cross Prompt Injection Attack](https://thehackernews.com/2025/12/google-adds-layered-defenses-to-chrome.html) or XPIA to manipulate AI into following malicious instructions, which otherwise stay invisible to a common user.

Experts recommend enabling Safe Links and strict web filtering policies to restrict connections from unknown or suspicious domains. Advanced email filtering can also help in eliminating any kind of **hidden HTML or CSS blocks**. Employees should be trained on [malicious AI-generated summaries](https://www.infosecurity-magazine.com/news/nation-state-hackers-gemini-ai/). 

AI integration into **workplace communication platforms** does make work easier, but they also increase attack surfaces.

## Topics

cyber securityemail securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Lazarus Infects NPM, MassJacker Steals Crypto, CISA Alerts Ivanti, Cybersecurity News \[March 10, 2025\]  Mar 17, 2025 ](/blog/announcements/cyber-security-news-update-week-12-of-2025/)[  News 6m  RedCurl Ransomware Targets, CS2 Steam Phishing, Fake Converter Cyberattacks , Cybersecurity News \[March 24, 2025\]  Apr 1, 2025 ](/blog/announcements/cyber-security-news-update-week-14-of-2025/)[  News 5m  Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News \[December 30, 2024\]  Jan 6, 2025 ](/blog/announcements/cyber-security-news-update-week-2-of-2025/)[  News 6m  Ransomware EDR Bypass, Apache Parquet Exposure, CISA Oil Threats, Cybersecurity News \[May 05, 2025\]  May 13, 2025 ](/blog/announcements/cyber-security-news-update-week-20-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09, 2026]","description":"Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/","datePublished":"2026-03-16T16:30:08.000Z","dateModified":"2026-03-16T18:20:26.000Z","dateCreated":"2026-03-16T16:30:08.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/"},"articleSection":"announcements","keywords":"cyber security, email security, News, Security, Updates","wordCount":775,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2026/03/spf-record-5023.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09, 2026]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09, 2026]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09, 2026]","description":"Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News [March 09.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/","datePublished":"2026-03-16T16:30:08.000Z","dateModified":"2026-03-16T18:20:26.000Z","dateCreated":"2026-03-16T16:30:08.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2026/"},"articleSection":"announcements","keywords":"cyber security, email security, News, Security, Updates","wordCount":775,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2026/03/spf-record-5023.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```