Forescout Technologies Inc

Abuse of Amazon and Google infrastructure is responsible for more than 15% of attacks, up from 11% in 2024.

71% of exploited vulnerabilities are not in the CISA KEV catalog.

Cyber criminals are responsible for nearly six times more cyber incidents than state-sponsored actors.

Exploits against IoT devices increase from 16% to 19%, with IP cameras and NVRs the most frequent targets.

Exploits targeting network infrastructure devices represent 19% of all observed exploits, making them the second most common attack category.

Two of the top 10 most exploited Autonomous Systems from 2024 drop off the top-10 list in 2025, while three new Autonomous Systems had not previously ranked in the top 500.

242 vulnerabilities are added to the CISA Known Exploited Vulnerabilities catalog, a 30% year-over-year increase, and 285 vulnerabilities are added to the Vedere Labs KEV, a 213% year-over-year increase.

Discovery activity accounts for 91% of post-exploitation actions, up from 25% in 2023.

Attacks using OT protocols surge by 84%, led by Modbus (57%), Ethernet/IP (22%), and BACnet (8%).

The top 10 countries account for 61% of malicious traffic, down 22% compared to 2024.

Web applications are the most attacked service type at 61%, up from 41% in 2024; remote management protocols account for 15%.