Between H2 2024 and H1 2025, Kaspersky detected over 6 million attacks disguised as work tools.

Attacker activity precedes the public disclosure of a new vulnerability in edge devices and its Common Vulnerabilities and Exposures (CVE) number in 80% of cases. This pre-disclosure activity can precede the CVE disclosure by up to six weeks.

38% of companies that paid ransoms did so multiple times.

The top cybersecurity challenge facing organizations is the sophistication of attacks (37%).

73% of security leaders reported receiving at least one notification of a software supply chain vulnerability or incident within the past year.

The second biggest cybersecurity challenge facing organizations is attacks against organizations' identity infrastructure, most commonly Active Directory (32%).

55% of respondents conduct independent code reviews.

Phishing and deception made up 31.6% of traffic on DNSFilter's network, marking an increase compared to the prior quarter. This amounted to over 750 million queries.

15% of Google Gemini use by employees was via personal accounts.

New domains accounted for nearly 40% of traffic requests categorized as malicious.

Cybersecurity breaches are a top concern for the C-Suite at industrial organizations, at 45%.

In the US, the rate of regulatory blackmail threats (hackers threatening to file regulatory complaints against victims if they didn't report the ransomware incident) jumped to 58%, representing a 23% increase.

46% of security leaders are uneasy about AI-driven features and large language models.

Between H2 2024 and H1 2025, Kaspersky experts detected 6,146,462 attacks disguised as platforms or content related to 20 popular work tools.

47% of attacked companies across various countries (US, UK, France, Germany, Spain, Italy, Singapore, Canada, Australia, New Zealand) reported that hackers threatened to file regulatory complaints against them if they didn't report the ransomware incident.

From July 2024 to June 2025, Kaspersky experts detected over 650,000 attempts to visit phishing pages disguised as LinkedIn alone

The DNSFilter network processed billions more DNS queries in Q2 2025 compared to the previous quarter. June specifically recorded the highest DNS traffic volume for that quarter.

Nearly 20% of companies that paid a ransom either received corrupt decryption keys or the hackers still published stolen data

55% of security leaders are constantly worried that a single employee mistake could put their entire organisation at risk.

Nearly nine in 10 security leaders (88%) view penetration testing as an essential component of their overall security programme.