177,000 new malicious packages were detected across registries in the last year.

56 malicious extensions were identified on OpenVSX.

Secrets detection is active at just 28% of organizations.

45% of security and DevOps professionals say reviewing and hardening AI-generated code is now a major time drain.

97% of organizations claim they have certified model governance.

In 2025, 27.89% of all adversary infrastructure tracked was hosted in the US, an increase from 23.63% in 2024.

China remained the second largest adversary infrastructure hosting location at 13.55%, down from 17.57% the previous year.

The median threat actor researched or used AI assistance in 15 different documented techniques, with some Actors leveraging as many as 40 or 50.

40% higher click rates make mobile devices the new favorite target.

Only 26% of critical vulnerabilities were fully remediated by organizations in 2025, a drop from the previous year’s 38%.

The median time for full resolution of critical vulnerabilities went up to 43 days, almost two weeks more than the previous year’s 32 days.

69% of ransomware victims didn’t pay.

265 unique automotive-specific vulnerabilities identified in Q1 2026

28% increase in automotive vulnerabilities in Q1 2026 compared to Q4 2025

102% year-on-year increase in automotive vulnerabilities (Q1 2026 vs Q1 2025)

Q1 2026 automotive vulnerabilities span 77 unique CWEs

Q1 2026 automotive vulnerabilities map to 25 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

Web and Local Shell combined for 33% of Q1 2026 automotive attack vectors

In-vehicle and Backend systems accounted for more than 81% of Q1 2026 automotive vulnerability targets

PCA identified 14 unique methods of entry in the Q1 2026 automotive threat landscape