DARKTRACE says it detected more than 32 million high-confidence phishing emails in 2025, marking a substantial rise in identity-driven cyber threats. According to Darktrace, the data were collected from incidents across its global customer base and point to a year defined by automation, convergence and accelerating attacker speed.
The report reveals that over 8.2 million phishing emails targeted VIPs, accounting for more than 25% of all observed phishing attempts, with 1.6 million originating from newly created domains and 1.2 million containing malicious QR codes. It also notes that 70% of phishing emails passed DMARC authentication, 41% were classified as spear-phishing and 38% employed novel social engineering techniques, with one-third exceeding 1000 characters.
The findings indicate that identity compromise has overtaken vulnerability exploitation as the dominant entry vector, with CVEs increasing by about 20% year-on-year and exploitation often occurring before public disclosure.