Report Identifies Surge in Credential͏͏ Theft͏͏ and͏͏ Breaches͏͏

• By Chris Paoli
• 08/12/25

A recent report from cybersecurity firm Flashpoint detected an escalation of threat activity across͏͏ multiple͏͏ fronts͏͏ during͏͏ the͏͏ first͏͏ half͏͏ of͏͏ 2025. Based͏͏ on͏͏ monitoring͏͏ of͏͏ more͏͏ than͏͏ 3.6͏͏ petabytes͏͏ of͏͏ original-source͏͏ data,͏͏ "Flashpoint͏͏ Global͏͏ Threat͏͏ Intelligence͏͏ Index:͏͏ Midyear͏͏ Edition" documents growth͏͏ in͏͏ credential͏͏ theft,͏͏ vulnerability͏͏ disclosures͏͏ and͏͏ exploit͏͏ availability,͏͏ as͏͏ well͏͏ as͏͏ a͏͏ rise͏͏ in͏͏ ransomware͏͏ attacks͏͏ and͏͏ large-scale͏͏ data͏͏ breaches.

The͏͏ report,͏͏ which͏͏ covers͏͏ activity͏͏ from͏͏ Jan.͏͏ 1͏͏ to͏͏ June͏͏ 30,͏͏ found͏͏ that͏͏ infostealer͏͏ malware͏͏ was͏͏ the͏͏ leading͏͏ cause͏͏ of͏͏ stolen͏͏ credentials͏͏ for͏͏ the͏͏ first͏͏ half͏͏ of͏͏ 2025.͏͏ Flashpoint͏͏ reported͏͏ an͏͏ 800͏͏% increase͏͏ in͏͏ stolen͏͏ credentials͏͏ linked͏͏ to͏͏ infostealer͏͏ infections͏͏ compared͏͏ to͏͏ the͏͏ same͏͏ period͏͏ last͏͏ year,͏͏ with͏͏ a͏͏ total͏͏ of͏͏ 1.8͏͏ billion͏͏ compromised͏͏ records.͏͏ These͏͏ records͏͏ included͏͏ usernames,͏͏ passwords,͏͏ session͏͏ cookies,͏͏ and͏͏ autofill͏͏ data͏͏ collected͏͏ by͏͏ popular͏͏ malware.͏͏ According͏͏ to͏͏ the͏͏ report,͏͏ "these͏͏ pieces͏͏ of͏͏ digital͏͏ identity͏͏ are͏͏ often͏͏ the͏͏ starting͏͏ point͏͏ for͏͏ larger͏͏ malicious͏͏ campaigns,͏͏ allowing͏͏ threat͏͏ actors͏͏ to͏͏ gain͏͏ initial͏͏ access͏͏ — often͏͏ through͏͏ a͏͏ single͏͏ infostealer͏͏ infection."

"The͏͏ theft …͏͏ underscores͏͏ how͏͏ these͏͏ stolen͏͏ digital͏͏ identities͏͏ underpin͏͏ major͏͏ malicious͏͏ campaigns,"͏͏ said͏͏ Flashpoint.͏͏ "They͏͏ enable͏͏ initial͏͏ access͏͏ that͏͏ can͏͏ cascade͏͏ into͏͏ significant͏͏ data͏͏ breaches͏͏ across͏͏ organizations͏͏ and͏͏ their͏͏ supply͏͏ chains."

Flashpoint͏͏ also͏͏ reported͏͏ a͏͏ 246͏͏% increase͏͏ of͏͏ newly͏͏ disclosed͏͏ vulnerabilities͏͏ over͏͏ the͏͏ same͏͏ time͏͏ period͏͏ last͏͏ year,͏͏ while͏͏ the͏͏ volume͏͏ of͏͏ publicly͏͏ available͏͏ exploits͏͏ increased͏͏ by͏͏ 179͏͏%.͏͏ Flashpoint͏͏ analysts͏͏ said͏͏ that͏͏ attackers͏͏ are͏͏ "exploiting͏͏ gaps͏͏ in͏͏ the͏͏ vulnerability͏͏ intelligence͏͏ landscape,"͏͏ particularly͏͏ where͏͏ security͏͏ teams͏͏ rely͏͏ exclusively͏͏ on͏͏ official͏͏ feeds͏͏ such͏͏ as͏͏ the͏͏ U.S.͏͏ National͏͏ Vulnerability͏͏ Database,͏͏ which͏͏ may͏͏ delay͏͏ or͏͏ omit͏͏ emerging͏͏ exploit͏͏ intelligence.

Ransomware͏͏ gangs͏͏ ramped͏͏ up͏͏ their͏͏ activity͏͏ in͏͏ early͏͏ 2025,͏͏ Flashpoint͏͏ found,͏͏ with͏͏ attacks͏͏ up͏͏ 179͏͏% over͏͏ the͏͏ previous͏͏ year.͏͏ The͏͏ firm͏͏ blamed͏͏ the͏͏ surge͏͏ on͏͏ a͏͏ familiar͏͏ set͏͏ of͏͏ issues:͏͏ stolen͏͏ login͏͏ credentials,͏͏ outdated͏͏ software,͏͏ and͏͏ a͏͏ growing͏͏ market͏͏ of͏͏ ready-made͏͏ ransomware͏͏ kits.

At͏͏ the͏͏ same͏͏ time,͏͏ global͏͏ data͏͏ breaches͏͏ climbed͏͏ 235͏͏%,͏͏ with͏͏ over͏͏ 9.45͏͏ billion͏͏ records͏͏ exposed.͏͏ About͏͏ two-thirds͏͏ of͏͏ that͏͏ data͏͏ came͏͏ from͏͏ U.S.-based͏͏ organizations,͏͏ which͏͏ Flashpoint͏͏ identified͏͏ as͏͏ the͏͏ most͏͏ frequently͏͏ targeted͏͏ region͏͏ so͏͏ far͏͏ this͏͏ year.

IT͏͏ Response

The͏͏ report͏͏ calls͏͏ attention͏͏ to͏͏ the͏͏ limitations͏͏ of͏͏ reactive͏͏ security͏͏ strategies͏͏ and͏͏ recommends͏͏ organizations͏͏ adopt͏͏ intelligence-driven͏͏ approaches͏͏ that͏͏ prioritize͏͏ threats͏͏ based͏͏ on͏͏ active͏͏ adversary͏͏ behavior,͏͏ rather͏͏ than͏͏ treating͏͏ all͏͏ vulnerabilities͏͏ equally.͏͏ Flashpoint͏͏ also͏͏ advises͏͏ that͏͏ organizations͏͏ monitor͏͏ for͏͏ compromised͏͏ credentials͏͏ on͏͏ underground͏͏ marketplaces,͏͏ track͏͏ exploit͏͏ availability͏͏ from͏͏ unofficial͏͏ sources,͏͏ and͏͏ implement͏͏ multi-factor͏͏ authentication͏͏ and͏͏ privileged͏͏ access͏͏ monitoring͏͏ across͏͏ environments.

The͏͏ findings͏͏ reflect͏͏ broader͏͏ patterns͏͏ noted͏͏ in͏͏ other͏͏ industry͏͏ research.͏͏ IBM's͏͏ X-Force͏͏ Threat͏͏ Intelligence͏͏ Index͏͏ earlier͏͏ this͏͏ year͏͏ highlighted͏͏ a͏͏ substantial͏͏ increase͏͏ in͏͏ phishing͏͏ campaigns͏͏ delivering͏͏ infostealers,͏͏ along͏͏ with͏͏ a͏͏ shift͏͏ in͏͏ attacker͏͏ focus͏͏ toward͏͏ identity-based͏͏ access͏͏ vectors.͏͏ These͏͏ developments͏͏ have͏͏ contributed͏͏ to͏͏ the͏͏ growing͏͏ adoption͏͏ of͏͏ zero-trust͏͏ frameworks͏͏ across͏͏ enterprise͏͏ IT.

Flashpoint͏͏ positions͏͏ its͏͏ midyear͏͏ index͏͏ as͏͏ a͏͏ complement͏͏ to͏͏ its͏͏ annual͏͏ Global͏͏ Threat͏͏ Intelligence͏͏ Report,͏͏ providing͏͏ defenders͏͏ with͏͏ a͏͏ near͏͏ real-time͏͏ view͏͏ into͏͏ adversary͏͏ behavior.͏͏ "Our͏͏ goal͏͏ with͏͏ this͏͏ midyear͏͏ update͏͏ is͏͏ to͏͏ provide͏͏ security͏͏ teams͏͏ with͏͏ timely͏͏ insight͏͏ to͏͏ help͏͏ inform͏͏ decisions͏͏ during͏͏ the͏͏ second͏͏ half͏͏ of͏͏ the͏͏ year," according to the report.͏͏ "Understanding͏͏ how͏͏ threats͏͏ are͏͏ evolving͏͏ midstream͏͏ allows͏͏ defenders͏͏ to͏͏ make͏͏ better͏͏ use͏͏ of͏͏ their͏͏ existing͏͏ intelligence,͏͏ technology͏͏ and͏͏ staff."

With͏͏ the͏͏ second͏͏ half͏͏ of͏͏ 2025͏͏ underway,͏͏ the͏͏ report͏͏ indicates͏͏ that͏͏ credential-based͏͏ attacks,͏͏ exploit͏͏ weaponization,͏͏ and͏͏ data͏͏ leaks͏͏ will͏͏ remain͏͏ critical͏͏ areas͏͏ of͏͏ concern.͏͏ The͏͏ report͏͏ suggests͏͏ that͏͏ while͏͏ new͏͏ technologies͏͏ and͏͏ frameworks͏͏ offer͏͏ some͏͏ mitigation,͏͏ threat͏͏ actors͏͏ continue͏͏ to͏͏ adapt͏͏ rapidly͏͏ —͏͏ often͏͏ faster͏͏ than͏͏ enterprise͏͏ defenses͏͏ can͏͏ keep͏͏ pace.͏͏ Security͏͏ teams,͏͏ the͏͏ report͏͏ concludes,͏͏ will͏͏ need͏͏ to͏͏ be͏͏ equally͏͏ agile͏͏ in͏͏ order͏͏ to͏͏ respond͏͏ to͏͏ the͏͏ expanding͏͏ threat͏͏ landscape.

The full report is available here on the Flashpoint site (registration required).