Threat Insights Report September 2025

Email remained the top vector for delivering malware, accounting for 61% of threats caught by HP Sure Click in Q2 2025. This was a 1 percentage point drop compared to Q1 2025.

In Q2 2025, 13% of malicious emails (phishing, malware, etc.) were not blocked by the email gateway security system. This is 1 percentage point higher than in Q1 2025.

In Q2 2025, 40% of all detected cyber threats (malware, phishing payloads, etc.) were sent inside archive files (like .zip, .rar, .7z). This share is 2 percentage points higher than in Q1 2025.

Malicious spreadsheets (e.g., XLS, XLSX) totaled 4% of threats in Q2 2025, showing a 2 percentage point drop from Q1 2025.

PDF files were responsible for 8% of threats in Q2 2025, a 2 percentage point fall compared to Q1 2025.

Executables and scripts were the second most popular delivery type, making up 35% of threats in Q2 2025, a 1 percentage point growth from Q1 2025.

Documents, such as Microsoft Word formats (e.g., DOC, DOCX), accounted for 9% of threats in Q2 2025, growing by 1 percentage point over the previous quarter.

Malicious web browser downloads made up 23% of threats in Q2 2025, with no change compared to Q1 2025.

Threats delivered by other vectors, such as removable media, slightly grew by 1 percentage point in Q2 2025 compared to the previous quarter, reaching 16% of threats.