Researchers Track 2.9 Billion Compromised Credentials

The sheer volume of compromised credentials—approaching three billion—highlights how attackers are exploiting every entry point, from traditional username/password combos to session tokens and cookies. The unprecedented surge in macOS infostealer infections, leaping from under a thousand to over seventy thousand machines, signals that threat actors are broadening their focus beyond Windows‑centric environments, forcing security teams to adopt cross‑platform monitoring and rapid credential rotation strategies.

Ransomware remains a dominant revenue stream, with victims up 45% year‑over‑year, while the number of active ransomware groups swelled to 147, including 80 newcomers. Simultaneously, the vulnerability landscape tightened as 238 flaws entered the CISA KEV catalog, reflecting a 29% increase. Hacktivist activity and DDoS attacks also exploded, driven by geopolitical tensions, underscoring the need for robust network resilience and real‑time threat intelligence to mitigate multi‑vector assaults.

Perhaps the most consequential shift is the integration of artificial intelligence into the cyber kill chain. KELA reports that over 80% of attacks now incorporate AI, enabling autonomous workflow execution, AI‑assisted malware, and sophisticated prompt‑injection techniques. This evolution diminishes the effectiveness of static defenses and places a premium on AI‑enhanced detection, behavior analytics, and automated response capabilities. Organizations that fail to adopt AI‑driven security risk being outpaced by increasingly self‑learning adversaries.