Report Identifies Surge in Credential͏͏ Theft͏͏ and͏͏ Breaches͏͏

A recent report from cybersecurity firm Flashpoint detected an escalation of threat activity across͏͏ multiple͏͏ fronts͏͏ during͏͏ the͏͏ first͏͏ half͏͏ of͏͏ 2025. Based͏͏ on͏͏ monitoring͏͏ of͏͏ more͏͏ than͏͏ 3.6͏͏ petabytes͏͏ of͏͏ original-source͏͏ data,͏͏ "Flashpoint͏͏ Global͏͏ Threat͏͏ Intelligence͏͏ Index:͏͏ Midyear͏͏ Edition" documents growth͏͏ in͏͏ credential͏͏ theft,͏͏ vulnerability͏͏ disclosures͏͏ and͏͏ exploit͏͏ availability,͏͏ as͏͏ well͏͏ as͏͏ a͏͏ rise͏͏ in͏͏ ransomware͏͏ attacks͏͏ and͏͏ large-scale͏͏ data͏͏ breaches.

The͏͏ report,͏͏ which͏͏ covers͏͏ activity͏͏ from͏͏ Jan.͏͏ 1͏͏ to͏͏ June͏͏ 30,͏͏ found͏͏ that͏͏ infostealer͏͏ malware͏͏ was͏͏ the͏͏ leading͏͏ cause͏͏ of͏͏ stolen͏͏ credentials͏͏ for͏͏ the͏͏ first͏͏ half͏͏ of͏͏ 2025.͏͏ Flashpoint͏͏ reported͏͏ an͏͏ 800͏͏% increase͏͏ in͏͏ stolen͏͏ credentials͏͏ linked͏͏ to͏͏ infostealer͏͏ infections͏͏ compared͏͏ to͏͏ the͏͏ same͏͏ period͏͏ last͏͏ year,͏͏ with͏͏ a͏͏ total͏͏ of͏͏ 1.8͏͏ billion͏͏ compromised͏͏ records.͏͏ These͏͏ records͏͏ included͏͏ usernames,͏͏ passwords,͏͏ session͏͏ cookies,͏͏ and͏͏ autofill͏͏ data͏͏ collected͏͏ by͏͏ popular͏͏ malware.͏͏ According͏͏ to͏͏ the͏͏ report,͏͏ "these͏͏ pieces͏͏ of͏͏ digital͏͏ identity͏͏ are͏͏ often͏͏ the͏͏ starting͏͏ point͏͏ for͏͏ larger͏͏ malicious͏͏ campaigns,͏͏ allowing͏͏ threat͏͏ actors͏͏ to͏͏ gain͏͏ initial͏͏ access͏͏ — often͏͏ through͏͏ a͏͏ single͏͏ infostealer͏͏ infection."

"The͏͏ theft …͏͏ underscores͏͏ how͏͏ these͏͏ stolen͏͏ digital͏͏ identities͏͏ underpin͏͏ major͏͏ malicious͏͏ campaigns,"͏͏ said͏͏ Flashpoint.͏͏ "They͏͏ enable͏͏ initial͏͏ access͏͏ that͏͏ can͏͏ cascade͏͏ into͏͏ significant͏͏ data͏͏ breaches͏͏ across͏͏ organizations͏͏ and͏͏ their͏͏ supply͏͏ chains."

Flashpoint͏͏ also͏͏ reported͏͏ a͏͏ 246͏͏% increase͏͏ of͏͏ newly͏͏ disclosed͏͏ vulnerabilities͏͏ over͏͏ the͏͏ same͏͏ time͏͏ period͏͏ last͏͏ year,͏͏ while͏͏ the͏͏ volume͏͏ of͏͏ publicly͏͏ available͏͏ exploits͏͏ increased͏͏ by͏͏ 179͏͏%.͏͏ Flashpoint͏͏ analysts͏͏ said͏͏ that͏͏ attackers͏͏ are͏͏ "exploiting͏͏ gaps͏͏ in͏͏ the͏͏ vulnerability͏͏ intelligence͏͏ landscape,"͏͏ particularly͏͏ where͏͏ security͏͏ teams͏͏ rely͏͏ exclusively͏͏ on͏͏ official͏͏ feeds͏͏ such͏͏ as͏͏ the͏͏ U.S.͏͏ National͏͏ Vulnerability͏͏ Database,͏͏ which͏͏ may͏͏ delay͏͏ or͏͏ omit͏͏ emerging͏͏ exploit͏͏ intelligence.

Ransomware͏͏ gangs͏͏ ramped͏͏ up͏͏ their͏͏ activity͏͏ in͏͏ early͏͏ 2025,͏͏ Flashpoint͏͏ found,͏͏ with͏͏ attacks͏͏ up͏͏ 179͏͏% over͏͏ the͏͏ previous͏͏ year.͏͏ The͏͏ firm͏͏ blamed͏͏ the͏͏ surge͏͏ on͏͏ a͏͏ familiar͏͏ set͏͏ of͏͏ issues:͏͏ stolen͏͏ login͏͏ credentials,͏͏ outdated͏͏ software,͏͏ and͏͏ a͏͏ growing͏͏ market͏͏ of͏͏ ready-made͏͏ ransomware͏͏ kits.

At͏͏ the͏͏ same͏͏ time,͏͏ global͏͏ data͏͏ breaches͏͏ climbed͏͏ 235͏͏%,͏͏ with͏͏ over͏͏ 9.45͏͏ billion͏͏ records͏͏ exposed.͏͏ About͏͏ two-thirds͏͏ of͏͏ that͏͏ data͏͏ came͏͏ from͏͏ U.S.-based͏͏ organizations,͏͏ which͏͏ Flashpoint͏͏ identified͏͏ as͏͏ the͏͏ most͏͏ frequently͏͏ targeted͏͏ region͏͏ so͏͏ far͏͏ this͏͏ year.

IT͏͏ Response

The͏͏ report͏͏ calls͏͏ attention͏͏ to͏͏ the͏͏ limitations͏͏ of͏͏ reactive͏͏ security͏͏ strategies͏͏ and͏͏ recommends͏͏ organizations͏͏ adopt͏͏ intelligence-driven͏͏ approaches͏͏ that͏͏ prioritize͏͏ threats͏͏ based͏͏ on͏͏ active͏͏ adversary͏͏ behavior,͏͏ rather͏͏ than͏͏ treating͏͏ all͏͏ vulnerabilities͏͏ equally.͏͏ Flashpoint͏͏ also͏͏ advises͏͏ that͏͏ organizations͏͏ monitor͏͏ for͏͏ compromised͏͏ credentials͏͏ on͏͏ underground͏͏ marketplaces,͏͏ track͏͏ exploit͏͏ availability͏͏ from͏͏ unofficial͏͏ sources,͏͏ and͏͏ implement͏͏ multi-factor͏͏ authentication͏͏ and͏͏ privileged͏͏ access͏͏ monitoring͏͏ across͏͏ environments.

The͏͏ findings͏͏ reflect͏͏ broader͏͏ patterns͏͏ noted͏͏ in͏͏ other͏͏ industry͏͏ research.͏͏ IBM's͏͏ X-Force͏͏ Threat͏͏ Intelligence͏͏ Index͏͏ earlier͏͏ this͏͏ year͏͏ highlighted͏͏ a͏͏ substantial͏͏ increase͏͏ in͏͏ phishing͏͏ campaigns͏͏ delivering͏͏ infostealers,͏͏ along͏͏ with͏͏ a͏͏ shift͏͏ in͏͏ attacker͏͏ focus͏͏ toward͏͏ identity-based͏͏ access͏͏ vectors.͏͏ These͏͏ developments͏͏ have͏͏ contributed͏͏ to͏͏ the͏͏ growing͏͏ adoption͏͏ of͏͏ zero-trust͏͏ frameworks͏͏ across͏͏ enterprise͏͏ IT.

Flashpoint͏͏ positions͏͏ its͏͏ midyear͏͏ index͏͏ as͏͏ a͏͏ complement͏͏ to͏͏ its͏͏ annual͏͏ Global͏͏ Threat͏͏ Intelligence͏͏ Report,͏͏ providing͏͏ defenders͏͏ with͏͏ a͏͏ near͏͏ real-time͏͏ view͏͏ into͏͏ adversary͏͏ behavior.͏͏ "Our͏͏ goal͏͏ with͏͏ this͏͏ midyear͏͏ update͏͏ is͏͏ to͏͏ provide͏͏ security͏͏ teams͏͏ with͏͏ timely͏͏ insight͏͏ to͏͏ help͏͏ inform͏͏ decisions͏͏ during͏͏ the͏͏ second͏͏ half͏͏ of͏͏ the͏͏ year," according to the report.͏͏ "Understanding͏͏ how͏͏ threats͏͏ are͏͏ evolving͏͏ midstream͏͏ allows͏͏ defenders͏͏ to͏͏ make͏͏ better͏͏ use͏͏ of͏͏ their͏͏ existing͏͏ intelligence,͏͏ technology͏͏ and͏͏ staff."

With͏͏ the͏͏ second͏͏ half͏͏ of͏͏ 2025͏͏ underway,͏͏ the͏͏ report͏͏ indicates͏͏ that͏͏ credential-based͏͏ attacks,͏͏ exploit͏͏ weaponization,͏͏ and͏͏ data͏͏ leaks͏͏ will͏͏ remain͏͏ critical͏͏ areas͏͏ of͏͏ concern.͏͏ The͏͏ report͏͏ suggests͏͏ that͏͏ while͏͏ new͏͏ technologies͏͏ and͏͏ frameworks͏͏ offer͏͏ some͏͏ mitigation,͏͏ threat͏͏ actors͏͏ continue͏͏ to͏͏ adapt͏͏ rapidly͏͏ —͏͏ often͏͏ faster͏͏ than͏͏ enterprise͏͏ defenses͏͏ can͏͏ keep͏͏ pace.͏͏ Security͏͏ teams,͏͏ the͏͏ report͏͏ concludes,͏͏ will͏͏ need͏͏ to͏͏ be͏͏ equally͏͏ agile͏͏ in͏͏ order͏͏ to͏͏ respond͏͏ to͏͏ the͏͏ expanding͏͏ threat͏͏ landscape.

The full report is available here on the Flashpoint site (registration required).

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • laptop displaying a red padlock icon sits on a wooden desk with a digital network interface background

    Reports Highlight Domain Controllers as Prime Ransomware Targets

    A recent report from Microsoft reinforces warnings about the critical role Active Directory (AD) domain controllers play in large-scale ransomware attacks, aligning with U.S. government advisories on the persistent threat of AD compromise.

  • various technology icons including a cloud, AI chip, and padlock shield above a laptop displaying charts and cloud data

    AI-Focused Data Security Report Identifies Cloud Governance Gaps

    A new Varonis data security report notes that excessive permissions and AI-driven risks are leaving cloud environments dangerously exposed.

  • abstract pattern of cybersecurity, ai and cloud imagery

    OpenAI Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.