Network traffic tied to genAI platform usage increased 73% over the prior three-month period.

Approximately 29% of organisations are utilising Microsoft Azure OpenAI.

Swedish language use in BEC scams is 3.8%.

Account verification and updates account for 20% of approaches in phishing emails.

9% of threat actor updates in H1 2025 were attributed to hacktivists.

Both infostealer infections and compromised credentials are on track to surpass 2024 figures, which saw over 4.3 million machines infected with approximately 330 million compromised credentials. This indicates a 24% increase YoY in these areas.

3,662 ransomware victims were tracked globally by KELA in the first half of 2025. This represents a 54% increase year-over-year (YoY) compared to the first half of 2024, as KELA tracked a total of 5,230 victims in all of 2024.

After CEOs and executives, the remaining BEC impersonation efforts are aimed at directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).

Among the unidentifiable phishing kits used by phishing sites, other generic kits account for 5%.

For Business Email Compromise (BEC) attacks, English-speaking executives remain the most targeted at 42%.

Ramalama is used by 0.6% of organisations.

Norwegian language use in BEC scams is 1.5%.

76% of breaches in H1 2025 stemmed from hacking or IT incidents.

73% of organisations in India reported implementing GenAI.

5.5% of organisations have users running agents generated from popular AI agent frameworks on-premises.

13% of organisations have users making API calls to api.anthropic.com.

Among the unidentifiable phishing kits used by phishing sites, Evilginx accounts for 20%.

Urgency-based messaging is the second most tried approach in phishing emails, at 25%.

Package delivery messages account for 5% in phishing emails.

Two-thirds (66%) of organisations have users making API calls to api.openai.com.