56 malicious extensions were identified on OpenVSX.

Secrets detection is active at just 28% of organizations.

45% of security and DevOps professionals say reviewing and hardening AI-generated code is now a major time drain.

97% of organizations claim they have certified model governance.

More than half of organizations cite integration complexity as their top challenge.

DPRK-nexus actors drove a 51% year-over-year increase in digital asset theft in 2025.

58% of enterprise CISOs agree that a ransomware incident left endpoints inoperable.

In 2025, 27.89% of all adversary infrastructure tracked was hosted in the US, an increase from 23.63% in 2024.

China remained the second largest adversary infrastructure hosting location at 13.55%, down from 17.57% the previous year.

The median threat actor researched or used AI assistance in 15 different documented techniques, with some Actors leveraging as many as 40 or 50.

40% higher click rates make mobile devices the new favorite target.

Only 26% of critical vulnerabilities were fully remediated by organizations in 2025, a drop from the previous year’s 38%.

The median time for full resolution of critical vulnerabilities went up to 43 days, almost two weeks more than the previous year’s 32 days.

69% of ransomware victims didn’t pay.

265 unique automotive-specific vulnerabilities identified in Q1 2026

28% increase in automotive vulnerabilities in Q1 2026 compared to Q4 2025

102% year-on-year increase in automotive vulnerabilities (Q1 2026 vs Q1 2025)

Q1 2026 automotive vulnerabilities span 77 unique CWEs

83% of CISOs report being confident in their businesses' ability to recover from ransomware.

42% of CISOs report legacy system patching is the second most challenging ransomware mitigation method.