The theft of credentials via information-stealing malware has skyrocketed by 800% since the start of 2025.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Infostealer Credentials
Vulnerability disclosures increased by 246% since the start of 2025.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Vulnerability disclosures
Ransomware has risen by 179% since the start of 2025.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Ransomware
Over the past four months, data breaches surged by 235%.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Data breaches
Publicly-available exploits rose by 179% since the start of 2025.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Publicly-available exploits
Unauthorized access accounted for nearly 78% of all reported data breach incidents
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Data breaches
Over 1.8 billion credentials were stolen in the first half of 2025 alone. The 1.8 billion stolen credentials represent an 800% increase.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Credentials
The volume of disclosed vulnerabilities is up by a staggering 246% since February 2025.
COPY Flashpoint Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition · Jul 31, 2025
Vulnerabilities
N-day vulnerabilities represent over 80% of all Known Exploited Vulnerabilities (KEVs) tracked over the past four years.
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Vulnerabilities Exploit Trends N-Day Vulnerabilities KEVs
Average Time to Exploit (TTE) declines year-by-year: 745 days in 2020, 518 days in 2021, 405 days in 2022, 296 days in 2023, 115 days in 2024, and 44 days in 2025.
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Vulnerability Management Average Time To Exploit TTE
In 2025, 37 N-day vulnerabilities and 52 zero-day vulnerabilities specifically targeted security and perimeter software.
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Vulnerabilities N-Day Vulnerabilities Zero-Day Vulnerabilities Security Software Perimeter Software
Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Ransomware Vulnerabilities BlackBasta CVEs
The Lazarus threat actor group has over 40 distinct designations across the industry.
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Threat Actors Attribution Lazarus
Exploit weaponization can occur in under 24 hours.
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Exploitation Exploit Weaponization
Most large organizations have accurate inventories for only about 25% of their total assets.
COPY Flashpoint N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation · Feb 11, 2025
Asset Management Enterprise Security Asset Inventory
Topics Covered Vulnerabilities (4) Credentials (2) Ransomware (2) Data breaches (2) N-Day Vulnerabilities (2) Infostealer (1) Vulnerability disclosures (1) Publicly-available exploits (1) Exploit Trends (1) KEVs (1) Vulnerability Management (1) Average Time To Exploit (1) TTE (1) Zero-Day Vulnerabilities (1) Security Software (1)