Security platform and services provider Flashpoint recently published the Flashpoint Global Threat Intelligence Index: 2025 Midyear Edition, a companion and update to the earlier 2025 Global Threat Intelligence Report. The threat landscape has always experienced constant shifting, and this report provides valuable insight into the rapid evolution of the cyberthreat ecosystem. Examining threat intelligence from the beginning of the year to June 30th, the report highlights massive increases in credential theft, ransomware, and public exploits. With many critical threats on the rise, attackers looking to advance their techniques, and massive amounts of sensitive data at risk, 2025 is a watershed moment in cyber defense strategy.
Infostealers and the Identity Crisis
One significant trend noted in the report is a sharp increase in infostealers and credential theft. Threat actors continue to rely on infostealers like Lumma and Redline in spite of takedowns by law enforcement, as well as bringing in new contenders such as StealC and Acreed to make up for restricted operations. Identity is a cascading attack vector in these situations, compromising systems and affecting supply chains.
In the first half of 2025, Flashpoint observed 1.8 billion stolen credentials, a disturbing 800% increase in only six months. This stolen data includes corporate and personal email accounts, passwords, cookies, and more. Organizations should take steps to implement proactive strategies for protecting against credential theft and infostealer attacks, including marketplace monitoring to detect sensitive data exposure, log enrichment to provide valuable context for analysis and detection, and credential-based security alerting.
Vulnerabilities and the CVE/NVD Gap
The Flashpoint report also shows a disturbing trend in vulnerabilities based on analysis across all attack surfaces. The first half of 2025 saw 20,025 new vulnerabilities disclosed, with 6,992 having public exploits available. The National Vulnerability Database (NVD) has a massive backlog of almost 42,000 vulnerabilities awaiting analysis, creating a crisis of visibility that is only compounded by the ongoing instability of funding for the Common Vulnerabilities and Exposures (CVE) database. The CISA Known Exploited Vulnerabilities (KEV) catalog also often falls short due to the narrow scope of its focus.
Flashpoint’s KEV database, on the other hand, tracks over 5,100 vulnerabilities, 700 of which do not have CVE IDs. In order to get the most out of vulnerability intelligence and protect against the risks associated with these vulnerabilities, organizations are recommended to focus on vulnerabilities with public exploits, remote exploitability, and available solutions. By prioritizing this metadata, triage workloads can be reduced by up to 87%.
Ransomware’s Evolution and Industry Targets
The first half of 2025 also saw a stark increase in ransomware attacks, up 179% with more than 3,000 incidents. This surge is partly due to the ransomware group known as Clop carrying out mass exploitation of vulnerabilities in ransomware attacks on managed file transfer platform developer Cleo. Formerly leading Ransomware-as-a-Service group LockBit has continued to decline, leading to groups like Clop and Akira gaining more of the ransomware market.
Recent ransomware trends have hit a wide range of industries, most notably manufacturing, technology, legal, and retail, and these attacks have predominantly targeted the United States. Ransomware prevention demands proactive defenses such as integrated threat and vulnerability intelligence and simulated attack playbooks, accounting for threats adjacent to malware and preparing for likely threat tactics.
Data Breaches: The Breach Is the Business Model
Data breaches are another major part of the threat landscape in 2025, with over 3,100 breaches in H1 exposing more than 9.45 billion records, including credentials, social security numbers, and financial information. Of these breaches, unauthorized access is by far the most common type, making up 78% of all data breach incidents. Additionally, two-thirds of data breaches globally target the United States, with high-risk sectors including finance, healthcare, manufacturing, and information.
Many organizations handle massive volumes of sensitive employee, customer, and enterprise data, which can cause catastrophic damage if breached. The constant expansion and deep intertwining of digital systems lead to visibility and security gaps, putting vast amounts of data at risk. Organizations can suffer greatly from data breaches, not just in data losses, but also regulatory and legal consequences, disrupted operations, lost revenue, and lowered esteem among customers and industry peers.
The Macro Threat Environment: From Proxy Battles to Open War
On a global scale, cyberattack trends can be connected to hybrid warfare and geopolitical instability. Recent military engagements like the Iran-Israel conflict and the Russia-Ukraine war clearly show cyber as a frontline weapon that major political players lean on to enable and enhance war efforts. Armed conflicts, rather than being entirely physical, are increasingly aided by cyber offensives.
The scheme, consisting of North Korean nationals fraudulently acquiring remote IT jobs, while drawn to a close near the end of 2024, has had lasting impacts throughout H1 2025. The multiple infiltrations carried out as part of this scheme have exposed vulnerabilities and weaknesses in the security of high-profile organizations, including Fortune 500 companies. Global terrorist groups have also seized on opportunities presented by ungoverned regions and digital radicalization to launch cyberattacks to help their political goals.
Toward Proactive, Intelligence-Led Security
It is essential to take threat intelligence like this Flashpoint report under consideration and use it to inform security strategies and decisions moving forward. The conclusions drawn from H1 2025 threat trends paint a picture of an interconnected threat matrix rather than isolated cyber incidents. Organizations and security experts must understand the threat landscape and use insight and context from threat intelligence to protect against today’s new and evolving cyber risks.
To this end, it is necessary to make the shift from relying solely on public threat sources to taking advantage of real-time, enriched threat intelligence. Organizations are urged to anticipate digital convergence, bridge gaps in threat intelligence, and embrace holistic defense mechanisms. “In today’s threat environment, where kinetic conflict, digital sabotage, economic warfare, and terrorism can be intertwined, understanding the full spectrum of risk is critical,” says Andrew Borene, Flashpoint Executive Director, International Markets and Global Security. “By recognizing these converging threats and clearly communicating their implications to Boards and C-Suite leaders, security professionals can help their organizations address today’s crises while building the strategic resilience for what comes next.”
Conclusion
The recent Flashpoint Global Threat Intelligence Index report outlines many significant trends observed and analyzed in the first half of this year, offering highly important insight into the threat landscape. Evolving and growing threats in 2025 require a paradigm shift in how organizations view cyber defense in order to protect their systems, devices, and data. Depending on public catalogs and blocking attacks through single vectors is not effective in combating modern threats. Only intelligence-driven, proactive security postures can defend against the multi-dimensional threats of today’s hybrid war era.
