Quarterly Threat Report: Third Quarter, 2025

In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

In Q3 2025, the majority of MDR incidents were contained within the early and middle stages of attack, with early-stage attacks at 44% and middle-stage attacks at 44%.

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

In Q3 2025, leak site posts increased by 11% from Q2 to Q3.

In Q3 2025, the Akira ransomware group claimed 167 posts on their public leak site.

In Q3 2025, the 'Others' category of ransomware actors decreased from 40% to 16% of cases compared to the previous quarter.

In Q3 2025, over 200,000 passwords, hundreds of credit card records, and more than 4 million browser cookies were harvested by the PXA Stealer campaign.

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

In Q3 2025, INC Ransomware claimed 119 posts on their public leak site.

In Q3 2025, Beazley Security published 11 critical zero-day advisories, marking a 38% increase from Q2.

In Q3 2025, the number of newly published vulnerabilities reached over 11,700, with nearly 1,800 classified as high-risk.

In Q3 2025, 29 vulnerabilities were confirmed to be actively exploited in the wild, representing a 26% decrease from the previous quarter.

In Q3 2025, the Akira ransomware group accounted for approximately 39% of Beazley Security incident response cases.

In Q3 2025, INC Ransomware accounted for approximately 8% of Beazley Security incident response cases.