Flashpoint’s 2025 Midyear Threat Intelligence Index paints a compelling, and deeply concerning, picture of the current cyber risk environment. According to the report, organizations worldwide are contending with unprecedented rises in credential theft, vulnerability disclosures, and ransomware incidents—each amplifying the overall threat landscape.
Credential Theft Soars to Unprecedented Heights
The most dramatic surge highlighted by the Flashpoint report is in credential theft. In the first half of 2025 alone, over 1.8 billion credentials—including emails, cookies, and passwords—were stolen. This represents an extraordinary 800% (ninefold) increase compared to previous periods.
Infostealers, a type of malicious software engineered to extract login details from compromised devices, are primarily driving this trend. Once obtained, these credentials are rapidly sold or leveraged to infiltrate organizations, often before victims become aware of the breach. The explosion in credential theft underscores the criticality of identity protection, as compromised credentials often serve as the launchpad for broader cyberattacks.
Vulnerability Disclosures Accelerate
The report also indicates a dramatic 3.5-fold (246%) surge in vulnerability disclosures since February 2025. Further compounding the risk, the prevalence of publicly available exploit code has jumped by 179%. This escalation substantially raises the risks for organizations, particularly those unable to promptly identify and remediate new vulnerabilities. With tens of thousands of vulnerabilities residing unaddressed in major industry databases, security teams are increasingly challenged by the sheer volume and velocity of threats they must manage.
Ransomware Attacks Nearly Triple
Ransomware incidents—criminal campaigns in which attackers encrypt organizational data and demand payment for its release—have also skyrocketed, with a 179% increase since the start of the year. Ransomware continues to pose significant financial and operational risks across sectors, notably manufacturing, technology, and retail. The growing prevalence of “malware-as-a-service” (MaaS) models has lowered the barrier to entry for cybercriminals, enabling even less-skilled attackers to conduct highly disruptive ransomware operations.
A Converging Threat Landscape
Beyond individual attack types, Flashpoint’s index reveals a sharp 235% increase in data breaches and a growing tendency for attackers to orchestrate multi-stage campaigns that combine credential theft, vulnerability exploitation, and ransomware. This evolution is fueled by rapid digital transformation, heightened dependence on remote work, and persistent lapses in timely patching of software vulnerabilities.
