Malware email attacks surged by 131% year-over-year in 2025

11% of people have fallen victim to Malvertising.

Account takeover fraud accounted for 82% of fraud attempts targeting the authentication process in the payments industry.

In Q3 2025, the 'Others' category of ransomware actors decreased from 40% to 16% of cases compared to the previous quarter.

55% of people receive scam text messages weekly.

In 2025, deepfakes were linked to 20% of biometric fraud attempts.

There was a 229% spike in phishing scams on Black Friday.

69% of organizations suspect or have evidence that employees are using prohibited public generative AI.

The pass rates for Log Injection vulnerabilities were near 12% across all evaluated models.

In Q3 2025, over 200,000 passwords, hundreds of credit card records, and more than 4 million browser cookies were harvested by the PXA Stealer campaign.

The average time from vulnerability disclosure to patch deployment in operational technology environments exceeds 180 days, compared to 30 days for traditional IT systems.

10% of consumers have been victims of marketplace scams.

Only 16% of organizations listed risk reduction as the primary driver for their third-party risk management programs.

37% of Defense Industrial Base members are not scheduled for a Cybersecurity Maturity Model Certification assessment or are unsure of their next steps.

40% of people have been targeted by Malvertising.

Email scams increased by 34.7% in 2025

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

Qwen3 Coder achieved a 50% pass rate on security tests.

In Q3 2025, INC Ransomware claimed 119 posts on their public leak site.

Only 41% of organizations include non-technical roles in cyber incident simulations.