THE threat landscape in 2025 was characterised by a surge in compromised credentials, extortion and vulnerability exploitation, according to a new report from KELA. The threat intelligence firm tracked nearly 2.9 billion compromised credentials last year globally, it said in its latest report, The State of Cybercrime 2026: Emerging Threats & Predictions. These included usernames, passwords, session tokens, cookies found in URL, login and password (ULP) lists, breached email repositories and cybercrime marketplaces.
At least 347 million were originally obtained by infostealers found on around 3.9 million infected machines, with the numbers boosted by a massive increase in macOS infostealer infections that surged from under 1000 in 2024 to over 70,000 in 2025. AI dominates the kill chain, with claims that cybercriminals and APT groups have moved to autonomous, agentic malicious workflows, where over 80% of operations require minimal human oversight.
According to the report, attackers can now use stolen credentials to walk through the front door, underscoring the need for AI-powered resilience rather than stale intelligence.