What's Happening?
A recent report by threat intelligence firm KELA has revealed a significant increase in compromised credentials, with nearly 2.9 billion tracked globally in 2025. The report, titled 'The State of Cybercrime
2026: Emerging Threats & Predictions,' highlights the growing threat landscape characterized by extortion, vulnerability exploitation, and a surge in macOS infostealer infections. The compromised credentials include usernames, passwords, session tokens, and cookies, with a notable portion obtained through infostealers on approximately 3.9 million infected machines. Additionally, the report notes a 45% increase in ransomware victims and a 400% rise in DDoS attacks, driven by geopolitical tensions. The weaponization of the software supply chain and the increasing use of AI in cyberattacks are also emphasized.
Why It's Important?
The findings underscore the escalating cybersecurity threats facing organizations worldwide, particularly in the U.S., where businesses and government entities are prime targets for cybercriminals. The surge in compromised credentials poses a significant risk to data security and privacy, potentially leading to financial losses and reputational damage. The report's emphasis on AI's role in enhancing cyberattacks highlights the need for advanced security measures and AI-powered solutions to counter these threats. As cybercriminals increasingly leverage AI for more sophisticated attacks, organizations relying on outdated defenses may find themselves vulnerable to breaches.
What's Next?
Organizations are expected to enhance their cybersecurity strategies by adopting AI-driven solutions to detect and mitigate threats more effectively. The report suggests a shift towards proactive threat intelligence and real-time monitoring to address the evolving threat landscape. As the use of AI in cyberattacks becomes more prevalent, businesses and government agencies may need to invest in advanced technologies and cybersecurity training to protect their assets. Additionally, collaboration between public and private sectors could play a crucial role in developing comprehensive cybersecurity frameworks to combat these emerging threats.
Beyond the Headlines
The report's findings highlight the ethical and legal challenges associated with the use of AI in cyberattacks. As AI becomes a central component in the complexity and escalation of cyber threats, questions arise about the responsibility and accountability of AI developers and users. The potential for AI to be used in autonomous malicious workflows raises concerns about the need for regulatory frameworks to govern its use in cybersecurity. Furthermore, the increasing weaponization of the software supply chain underscores the importance of securing open-source ecosystems and ensuring the integrity of software development processes.
