Flashpoint

The theft of credentials via information-stealing malware has skyrocketed by 800% since the start of 2025.

Vulnerability disclosures increased by 246% since the start of 2025.

Ransomware has risen by 179% since the start of 2025.

Over the past four months, data breaches surged by 235%.

Publicly-available exploits rose by 179% since the start of 2025.

Unauthorized access accounted for nearly 78% of all reported data breach incidents

Over 1.8 billion credentials were stolen in the first half of 2025 alone. The 1.8 billion stolen credentials represent an 800% increase.

The volume of disclosed vulnerabilities is up by a staggering 246% since February 2025.

N-day vulnerabilities represent over 80% of all Known Exploited Vulnerabilities (KEVs) tracked over the past four years.

Average Time to Exploit (TTE) declines year-by-year: 745 days in 2020, 518 days in 2021, 405 days in 2022, 296 days in 2023, 115 days in 2024, and 44 days in 2025.

In 2025, 37 N-day vulnerabilities and 52 zero-day vulnerabilities specifically targeted security and perimeter software.

Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).

The Lazarus threat actor group has over 40 distinct designations across the industry.

Exploit weaponization can occur in under 24 hours.

Most large organizations have accurate inventories for only about 25% of their total assets.