The first half of 2025 has ushered in a volatile and rapidly changing cyber threat landscape, according to the Flashpoint Global Threat Intelligence Index: 2025 Midyear Edition.
While this mid-year report builds on the Flashpoint 2025 Global Threat Intelligence Report (GTIR), its latest findings indicate an even more aggressive shift in attacker behavior.
Part of the key findings shows that information-stealing malware has skyrocketed by 800%, driven largely by credential theft campaigns. It also notes that over 1.8 billion credentials were stolen in just six months, a scale that has made identity-based attacks the foundation of modern cybercrime.
“2025 has brought an alarming acceleration in cyber threats,” says Ian Gray, Flashpoint VP of cyber threat intelligence operations. “We’ve seen an 800% increase in credential theft via information-stealing malware, making ‘identity’ a dominant attack vector.”
Malicious activities outpace response capacity
The report outlines a 246% increase in vulnerability disclosures since February 2025 and a 179% rise in publicly available exploit code, creating an overwhelming backlog for traditional security workflows. Within the same period, ransomware operations have also surged by 179%. These overlapping trends are fueling a steep rise in breaches, which have jumped 235% in the same period.
According to Flashpoint, unauthorized access remains the top breach vector, accounting for nearly 78% of incidents. These intrusions often serve as the opening move in extended campaigns that combine credential theft, lateral movement, and extortion. Flashpoint analysts warn that “these distinct threats are converging to form more complex, multi-stage attack chains.”
Geopolitical tensions add another layer of complexity to the threat landscape. The report notes that the global threat map has shifted from proxy battles to open conflict, where cyber operations are wrapped with kinetic warfare, economic sabotage, and terrorism.
“In today’s threat environment, where kinetic conflict, digital sabotage, economic warfare, and terrorism can be intertwined, understanding the full spectrum of risk is critical,” notes Andrew Borene, Flashpoint executive director of international markets and global security.
The action items organizations can address now
The scale and speed of attacks should be sufficient to prompt organizations to reassess their core security assumptions.
Flashpoint’s report urges organizations to move beyond reactive incident response. It emphasizes that deeper visibility into these escalating risks is deemed mission-critical, as the sheer volume of malicious activity demands a proactive approach.
Gray called attention to the need for more than just detection tools. “Effective defense now demands proactive, comprehensive threat intelligence to protect what matters most.”
Executive buy-in will be crucial
Flashpoint’s findings make it clear that cyber threats are no longer technical issues to be handled quietly by IT. They are enterprise risks with reputational, financial, and operational consequences. To counter them, security leaders must present a clear and informed picture to boards and executive teams.
As Borene advises, security professionals must clearly communicate these risks to leadership to build strategic resilience for the challenges ahead. For MSPs, this presents another opportunity to provide not only technical support but also strategic business advice to their clients.