Mid-2025 Threat Report: What’s Surging, What’s Evolving, What’s New

As we cross the halfway mark of 2025, the cybersecurity landscape has once again reshaped itself in surprising — and sometimes alarming — ways. From fast-moving ransomware strains to the emergence of deepfake-as-a-service, this mid-year report explores the threats that are surging, the tactics that are evolving, and the new challenges beginning to surface across networks and industries.

What’s Surging

1. AI-Driven Phishing Campaigns

AI is now the tool of choice for cybercriminals. Phishing emails and messages generated using generative AI models are increasingly difficult to distinguish from genuine communications. Attackers are mimicking tone, context, and even regional spelling conventions, making traditional filters and human intuition less reliable.

2. Ransomware-as-a-Service (RaaS) Goes Corporate

The RaaS model has grown disturbingly efficient. Syndicates now offer 24/7 customer support, detailed dashboards, and “success-based” commission schemes to attract low-skilled criminals. The number of organisations targeted by ransomware has spiked, with healthcare and education remaining prime targets.

3. Exploitation of Cloud Misconfigurations

Cloud infrastructure continues to be a weak spot. As hybrid and multi-cloud strategies become the norm, attackers are taking advantage of rushed deployments and poor access controls. Misconfigured APIs and exposed storage buckets are proving particularly lucrative entry points.

What’s Evolving

1. Social Engineering Gets Hyper-Personal

Gone are the days of generic scam emails. Today’s social engineering campaigns are fuelled by data harvested from breaches, public profiles, and dark web marketplaces. The result? Highly convincing spear-phishing and vishing attempts that incorporate accurate job titles, recent projects, and even personal routines.

2. Zero-Day Brokers Go Mainstream

Zero-day vulnerabilities are no longer just traded in dark web forums or intelligence circles. Commercial zero-day brokers now operate semi-openly, blurring the lines between legal and illicit vulnerability markets. As a result, defenders are playing an increasingly reactive game.

3. Attackers Blend In With Legitimate Activity

Adversaries are adopting “living off the land” techniques to stay under the radar — using tools already available in the environment rather than deploying obvious malware. This makes detection harder, and response times slower, particularly in overburdened SOCs.

What’s New

1. Deepfake-as-a-Service Emerges

Synthetic media technology has reached a point where it’s now being packaged and sold as a service. Deepfake video and audio — often used to impersonate executives during fraud attempts — are now accessible to threat actors with minimal technical skill.

2. Cybercrime in the Metaverse

While the metaverse hasn’t exploded in popularity as once predicted, it’s now large enough to be targeted. Scams involving digital assets, identity theft via avatar hijacking, and virtual harassment are surfacing in decentralised platforms and virtual social spaces.

3. Regulatory Pressure Increases

Governments worldwide, including the UK’s National Cyber Strategy initiatives, are imposing stricter cybersecurity regulations. This includes mandatory reporting of certain cyber incidents and increased scrutiny of supply chain security, driving demand for compliance automation.

Final Thoughts

The threat landscape in 2025 is marked by sophistication, scalability, and speed. While many attacks leverage familiar techniques, their execution has reached a level of maturity that demands smarter defences and continuous awareness. Organisations need to invest in layered security, staff training, and threat intelligence — not just technology — to stay ahead.

Cybercriminals are innovating. The question is: are we?