This year we find that cyber debt continues to build with GenAI, rise of machine identities, and increasing third- and fourth-party risks. This growth in vulnerable identities, boosted by the ongoing AI transformation and pervasive cloud computing, is a here-and-now threat ready to be exploited by bad actors with the AI-powered ability to execute at scale. Perhaps the only thing more disturbing than the emergence of deepfake videos is our collective overconfidence that we won’t be fooled by them.

Threat actors are augmenting traditional ransomware and extortion with attacks designed to intentionally disrupt operations. Amid these trends, we’re also seeing a multi-pronged approach in attacks, as threat actors target multiple areas of the attack surface. In fact, 70% of the incidents Unit 42 responded to happened on three or more fronts, underscoring the need to protect endpoints, networks, cloud environments and the human factor in tandem. These incidents involved large organizations grappling with extortion, network intrusions, data theft, advanced persistent threats and more.

The IR case data is augmented with telemetry from the Arctic Wolf Aurora Platform and research from our threat intelligence team, digital forensics experts, incident responders, and professional ransomware negotiators. The vast majority of these IR engagements were initiated as part of cyber insurance policies, through our partnerships with insurance providers and privacy law practitioners. While cyber insurance is a valuable risk transfer option for any organization, it’s important to recognize that certain industries are more likely to have coverage than others, and that our sample cases will reflect this distribution.

The GreyNoise 2025 Mass Internet Exploitation Report provides security leaders, SOC analysts, vulnerability managers, and threat intelligence teams with actionable insights. Attackers are industrializing reconnaissance and exploitation. Security teams must adapt. This report provides the intelligence needed to prioritize, respond, and defend against the next wave of mass exploitation.

This report gives a detailed analysis of key adversarial behaviors, techniques, and trends we saw in 2024, highlighting the escalating risks that non-enterprise businesses and managed service providers (MSPs) need to be aware of This analysis will empower organizations of all sizes to strengthen their defenses against modern cyber threats by giving them actionable insights into a constantly evolving threat landscape.

Our goal at Black Kite is to make sure you gain awareness of what is most relevant in the threat landscape going into the new year. The focus remains on understanding emerging vulnerabilities seized by cybercriminals, as well as target industries falling victim to breaches, stemming from a lack of due diligence. We studied why certain industry sectors faced higher susceptibility to an attack, as well as the most vulnerable vendors to the initial breach themselves.

For this report, Black Kite Research decided to approach the cost of a data breach from a new angle, to build upon survey-based data in a comprehensive way. The first half of this report provides insight into the 2,400 analyzed data breaches. The second half, the cyber risk posture deep dive, covers a thorough analysis of the 1,700 organizations that are still online and in business today.

The Red Report 2025 focuses on the top ten most frequently observed MITRE ATT&CK techniques, presenting a roadmap for organizations to use to understand and prioritize their defenses. From process injection and credential theft to impairing defenses and data exfiltration over encrypted channels, these techniques represent the core strategies employed by todayʼs attackers to achieve their objectives.

This report highlights the real-world impact of these changes, offering 2025 insights and recommendations from and for CISCOs. With over a decade of analysis, Check Point Research insights come from unparalleled data sources that no other company combines. By incorporating incident response, dark web, and open-source findings, we achieve visibility in over 170 countries to reveal global and regional trends.

Hornet security’s cybersecurity solutions process more than 4 and a half billion emails every month. By analyzing the threats identified in these communications, combined with a detailed knowledge of the wider threat landscape, the Security Lab reveals major security trends, threat actor actions and can make informed projections for the future of Microsoft 365 security threats, enabling businesses to act accordingly. Those findings and data are contained within this report.

In this report, nearly half of organizations anticipate a threefold increase in the total number of identities, with machine identities squarely in the driver’s seat (but largely under-secured and over-privileged). This growth in vulnerable identities, boosted by the ongoing AI transformation and pervasive cloud computing, is a here-and-now threat ready to be exploited by bad actors with the AI-powered ability to execute at scale. In the last 12 months, 93% of organizations suffered two or more identity-related breaches.

Nuspire has witnessed shifting trends in the ransomware, dark web and exploit sections of our report. Our research revealed that ransomware extortion publications increased by 8%, Lumma Stealer fiercely reclaimed its top spot as the leading infostealer, and threat actors are focusing heavily on exploiting VPN technology.

This year, we also delve deeper into the threats facing critical infrastructure, particularly within Operational Technology and mobile networks. With increased connectivity and the adoption of IoT and 5G, these systems offer an expanded attack surface that calls for comprehensive, cross-functional defenses. Our goal is not only to adopt the latest technologies but to do so thoughtfully, balancing progress with caution to secure a safer digital world.

Reporting over the course of 2023 and 2024, ETL highlights findings on the cybersecurity threat landscape during a yearlong geopolitical escalation. Throughout the latter part of 2023 and the initial half of 2024, there was a notable escalation in cybersecurity attacks, setting new benchmarks in both the variety and number of incidents, as well as their consequences.

This report is based on real-world monitoring and analysis of attacks between Q1 2020 and Q1 2021 discovered in the wild by the BeyondTrust Labs team. This research report provides insights and analysis into threats and privileged account misuse on Windows devices across the globe. 66% of the techniques either recommend using Privileged Account Management, User Account Management, and Application Control as mitigations or list Administrator / SYSTEM accounts as being a prerequisite for the technique to succeed.

In this report we begin by examining the prevalence of those vulnerabilities across assets to determine which ones are most common. Then we measure how quickly those vulnerabilities are remediated and what factors speed up or slow down that process. We’ll begin our foray into the wilds of the vulnerability landscape by examining the product vendors that shape it. This is important because these technologies are commonly used, thus vulnerabilities affecting them can have a widespread impact on cyber risk posture.

This report is based on the summary statistical analysis of over 10,000 cyber claims for incidents that occurred during the five-year period 2019–2023. We see enormous variances in the magnitude of loss data. The smallest claims were less than $1,000; the largest were over $500M. The numbers of records exposed ranged from 1 to over 140M.

The 2024 edition of the DNSFilter Security Report is about LLM’s, AI, ChatGPT, threats by region, predictions for the upcoming year and more. In December of 2023, we even launched a Generative AI category to assist our customers in blocking these types of sites for better protection over PII and plagiarism.

This year’s research shows that, while most businesses have a ransomware strategy in place, many are incomplete. They’re either missing a documented plan or the right people to execute it. As a result, we see that many organizations are paying the ransom. Likewise, whilst many have cyber insurance, too many simply don’t know if or to what degree it covers them for ransomware attacks.

This report looks back at the major cyber security events of 2023, offering insights and analysis to help understand and prepare for the challenges ahead. Our goal is to provide valuable information to organizations, policy makers, and cyber security professionals, helping them to build stronger defenses in an increasingly digital world. Check Point Research reports that threat actors in hacking forums have started making use of AI tools like ChatGPT, in order to create malware and attack tools such as info-stealers and encryptors.

Blackpoint observed attempts to gain initial access and move laterally through an organization, specifically targeting endpoint devices, constituted 95% of the threat landscape seen on these devices. A common thread you will find throughout our threat report is the subject of initial access. Initial access covers the various methods a threat actor may use to gain unauthorized entry into a computer network or system. It is where a threat actor begins, and, when up against Blackpoint’s 24/7 Security Operations Center (SOC), is detained.