More than 32 million high-confidence phishing emails were identified in 2025, signaling a sharp rise in identity-focused cyberattacks, according to new findings from Darktrace.
The cybersecurity firm analyzed incidents across its global customer network, revealing a year marked by growing automation, overlapping attack techniques, and faster execution by threat actors.
Among the total phishing volume, over 8.2 million emails specifically targeted high-profile individuals and executives, representing more than a quarter of all attempts observed. Additionally, 1.6 million phishing messages were traced to newly registered domains, while 1.2 million leveraged malicious QR codes to lure victims.
The report found that 70% of phishing emails bypassed DMARC authentication checks. Spear-phishing accounted for 41% of attacks, and 38% featured new social engineering strategies. Roughly one-third of the phishing emails exceeded 1,000 characters in length, indicating increasingly sophisticated messaging tactics.
Identity Compromise Emerges as Primary Breach Method
The analysis underscores a major shift in cyber intrusion tactics: identity compromise has surpassed vulnerability exploitation as the leading initial access method. Although Common Vulnerabilities and Exposures (CVEs) rose approximately 20% year-over-year, many exploits were deployed even before vulnerabilities were publicly disclosed.
“Identity has become the attacker’s skeleton key. Instead of forcing their way through a firewall, adversaries are logging in with stolen credentials, hijacked tokens and abused permissions, then moving laterally under the cover of legitimacy,” commented Shane Barney, CISO at Keeper Security.
“When identity controls are fragmented or overly permissive, attackers don’t need novel exploits. They just need access that looks routine.”
In the Americas, nearly 70% of reported incidents involved SaaS and Microsoft 365 account takeovers. The manufacturing sector accounted for 17% of documented cases and represented 29% of ransomware incidents in the region. Overall, 47% of global security events tracked in 2025 originated from the Americas.
Regional data further illustrates varying levels of digital resilience and geopolitical pressure.
In Latin America, 44% of incidents stemmed from malware spreading after phishing or credential theft. The education sector was most affected, accounting for 18% of cases. Brazil, Mexico, and Colombia recorded the highest activity levels over the past three years. Across Europe, 58% of security incidents were linked to cloud and email compromise, while 42% were tied to network-based attacks. Africa reported a 60% year-over-year spike in ransomware incidents, with 76% of compromises categorized as network-driven.
In Asia-Pacific and Japan, 84% of organizations indicated that AI-driven threats are already affecting them. However, only 42% said they have formal governance policies in place for safe AI usage.
“Identity is no longer about perimeter-based defense. The rise in AI-based agents and the massivel
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: