Credential Abuse Surges as Global Cyber Vulnerabilities Rise 20%
Event summary
- Registered software vulnerabilities rose 20% in 2025, with attackers increasingly shifting toward credential abuse over traditional exploitation.
- Nearly 70% of incidents in the Americas began with stolen or misused accounts, reflecting a global shift toward identity-led intrusions.
- Azure was the most targeted cloud provider, drawing 43.5% of observed malware samples.
- Darktrace detected a 28% increase in QR code-based phishing attacks from 2024 to 2025.
The big picture
The 2026 Darktrace Annual Threat Report underscores a critical pivot in cybersecurity, where attackers are bypassing traditional vulnerabilities in favor of credential abuse and identity-led intrusions. This shift is driven by the widespread adoption of cloud and SaaS environments, which have expanded the attack surface and made identity the new perimeter. The report highlights the need for continuous visibility into user behavior and the adoption of AI-driven security measures to detect and respond to these evolving threats.
What we're watching
- Identity Security
- How the shift toward identity-led intrusions will force organizations to prioritize behavioral AI for detecting abnormal account activity.
- Cloud Vulnerabilities
- Whether Azure and other cloud providers can mitigate their heightened exposure to malware and malicious IP addresses.
- Phishing Evolution
- The pace at which AI-assisted phishing techniques will outmaneuver traditional email filters and require more sophisticated detection methods.
Related topics