This year the report highlighted the increasingly complex threat landscape and the corresponding escalating pressure on defenders to enhance visibility into and resilience of OT/ICS networks Organizations with strong incident response capabilities, defensible architectures, secure remote access protocols, and robust network monitoring are far better positioned to reduce the risk of a successful attack on the enterprise OT even in this increasingly complex environment.

The Nozomi Networks Labs team delivers this semi-annual report to provide insights into how the world’s largest industrial organizations and critical infrastructure operators can protect themselves from these advanced threats. Our threat intelligence, enriched by indicators of compromise, threat actor profiles and vulnerability data from Mandiant, empowers customers to proactively defend their systems.

This year we find that cyber debt continues to build with GenAI, rise of machine identities, and increasing third- and fourth-party risks. This growth in vulnerable identities, boosted by the ongoing AI transformation and pervasive cloud computing, is a here-and-now threat ready to be exploited by bad actors with the AI-powered ability to execute at scale. Perhaps the only thing more disturbing than the emergence of deepfake videos is our collective overconfidence that we won’t be fooled by them.

Threat actors are augmenting traditional ransomware and extortion with attacks designed to intentionally disrupt operations. Amid these trends, we’re also seeing a multi-pronged approach in attacks, as threat actors target multiple areas of the attack surface. In fact, 70% of the incidents Unit 42 responded to happened on three or more fronts, underscoring the need to protect endpoints, networks, cloud environments and the human factor in tandem. These incidents involved large organizations grappling with extortion, network intrusions, data theft, advanced persistent threats and more.

The IR case data is augmented with telemetry from the Arctic Wolf Aurora Platform and research from our threat intelligence team, digital forensics experts, incident responders, and professional ransomware negotiators. The vast majority of these IR engagements were initiated as part of cyber insurance policies, through our partnerships with insurance providers and privacy law practitioners. While cyber insurance is a valuable risk transfer option for any organization, it’s important to recognize that certain industries are more likely to have coverage than others, and that our sample cases will reflect this distribution.

This year highlighted the increasingly complex threat landscape and the corresponding escalating pressure on defenders to enhance visibility into and resilience of OT/ICS networks. This focus on simplicity highlights a critical point for defenders: effective implementation of the SANS ICS 5 Critical Controls remains the best defense against OT targeting adversaries.

The GreyNoise 2025 Mass Internet Exploitation Report provides security leaders, SOC analysts, vulnerability managers, and threat intelligence teams with actionable insights. Attackers are industrializing reconnaissance and exploitation. Security teams must adapt. This report provides the intelligence needed to prioritize, respond, and defend against the next wave of mass exploitation.

This report gives a detailed analysis of key adversarial behaviors, techniques, and trends we saw in 2024, highlighting the escalating risks that non-enterprise businesses and managed service providers (MSPs) need to be aware of This analysis will empower organizations of all sizes to strengthen their defenses against modern cyber threats by giving them actionable insights into a constantly evolving threat landscape.

Our goal at Black Kite is to make sure you gain awareness of what is most relevant in the threat landscape going into the new year. The focus remains on understanding emerging vulnerabilities seized by cybercriminals, as well as target industries falling victim to breaches, stemming from a lack of due diligence. We studied why certain industry sectors faced higher susceptibility to an attack, as well as the most vulnerable vendors to the initial breach themselves.

For this report, Black Kite Research decided to approach the cost of a data breach from a new angle, to build upon survey-based data in a comprehensive way. The first half of this report provides insight into the 2,400 analyzed data breaches. The second half, the cyber risk posture deep dive, covers a thorough analysis of the 1,700 organizations that are still online and in business today.

The Red Report 2025 focuses on the top ten most frequently observed MITRE ATT&CK techniques, presenting a roadmap for organizations to use to understand and prioritize their defenses. From process injection and credential theft to impairing defenses and data exfiltration over encrypted channels, these techniques represent the core strategies employed by todayʼs attackers to achieve their objectives.

This report highlights the real-world impact of these changes, offering 2025 insights and recommendations from and for CISCOs. With over a decade of analysis, Check Point Research insights come from unparalleled data sources that no other company combines. By incorporating incident response, dark web, and open-source findings, we achieve visibility in over 170 countries to reveal global and regional trends.

Hornet security’s cybersecurity solutions process more than 4 and a half billion emails every month. By analyzing the threats identified in these communications, combined with a detailed knowledge of the wider threat landscape, the Security Lab reveals major security trends, threat actor actions and can make informed projections for the future of Microsoft 365 security threats, enabling businesses to act accordingly. Those findings and data are contained within this report.

In this report, nearly half of organizations anticipate a threefold increase in the total number of identities, with machine identities squarely in the driver’s seat (but largely under-secured and over-privileged). This growth in vulnerable identities, boosted by the ongoing AI transformation and pervasive cloud computing, is a here-and-now threat ready to be exploited by bad actors with the AI-powered ability to execute at scale. In the last 12 months, 93% of organizations suffered two or more identity-related breaches.

Nuspire has witnessed shifting trends in the ransomware, dark web and exploit sections of our report. Our research revealed that ransomware extortion publications increased by 8%, Lumma Stealer fiercely reclaimed its top spot as the leading infostealer, and threat actors are focusing heavily on exploiting VPN technology.

This year, we also delve deeper into the threats facing critical infrastructure, particularly within Operational Technology and mobile networks. With increased connectivity and the adoption of IoT and 5G, these systems offer an expanded attack surface that calls for comprehensive, cross-functional defenses. Our goal is not only to adopt the latest technologies but to do so thoughtfully, balancing progress with caution to secure a safer digital world.

In this report, they we anticipate malicious actors will continue their rapid adoption of AI-based tools to augment and assist their online operations across various phases of the attack lifecycle. We expect to see cyber espionage and cyber crime actors continue to leverage deepfakes for identity theft, fraud, and bypassing know-your-customer (KYC) security requirements. As AI capabilities become more widely available throughout 2025, enterprises will increasingly struggle to defend themselves against these more frequent and effective compromises.

The 2024 Data Threat Report (DTR) analyzes how core security practices have changed in response to or in anticipation of changing threats. This report also offers perspectives on what organizations can do to leverage data assets to expand opportunities to make their businesses more agile and build trust with their customers. It analyzes global trends in threats to data and the underlying controls, regulations, risks and emerging technologies that need to be addressed.

1Password’s 2022 State of Access Report, an annual survey of North American workers’ sentiments and behaviors around cybersecurity and other critical aspects of modern work, reveals that the acute burnout detected in last year’s survey has paved the way for a widespread sense of distraction in a time of “permacrisis.” When security protocols and practices aren’t automated, even the most well-intentioned employees can unwittingly cause a breach.

This year’s edition of the Cyber Readiness Report explores the critical role of robust cyber resilience in mitigating evolving organisational risks and safeguarding reputations. This year’s research reveals that concerns of reputational damage, caused by the loss of sensitive information, is a driving force behind responses to ransomware attacks. Over the past 12 months, the top three reasons organisations paid ransom were: to protect their customer data, to protect their reputation, and to recover their data because they did not have any back-ups.

Cisco has a unique vantage point when it comes to cybersecurity. We resolve an average of 715 billion daily DNS requests, we see more threats, more malware, and more attacks than any other security vendor in the world. This report looks at the top threats that exploited DNS for cyberattacks, as well as how DNSlayer security provides better accuracy and detection of malicious activity and compromised systems.