What's Happening?
A report by threat intelligence firm KELA has revealed that nearly 2.9 billion compromised credentials were tracked globally in 2025. These credentials, which include usernames, passwords, and session tokens, were found in various cybercrime marketplaces
and breached repositories. The surge in compromised credentials is attributed to a significant increase in macOS infostealer infections and the growing sophistication of cybercriminal activities. The report also highlights a rise in ransomware attacks, with 7549 victims reported, and an increase in vulnerabilities added to CISA's KEV Catalog. The use of AI in cyberattacks has become more prevalent, with cybercriminals employing AI to enhance the complexity and effectiveness of their operations.
Why It's Important?
The massive scale of compromised credentials underscores the persistent threat posed by cybercrime to individuals and organizations. The increasing use of AI by cybercriminals to automate and enhance attacks presents a significant challenge for cybersecurity professionals. This trend highlights the need for organizations to adopt advanced security measures and AI-powered solutions to protect against evolving threats. The report's findings also emphasize the importance of staying informed about emerging cyber threats and vulnerabilities to mitigate potential risks.
Beyond the Headlines
The growing reliance on AI in cyberattacks raises ethical and legal concerns about the use of technology in malicious activities. As AI becomes more integrated into cybercriminal operations, there is a pressing need for regulatory frameworks to address the misuse of AI and protect against potential abuses. Additionally, the report's findings may prompt discussions about the role of AI in cybersecurity and the need for collaboration between governments, technology companies, and security experts to develop effective countermeasures.
