Cyble Threat Report Highlights Rise In AI and Hacktivist

Surge in AI-Driven Cybercrime, Escalating Ransomware Operations, and Widespread Exploitation of Vulnerabilities Highlight Growing Risk to Global Enterprises and Governments

Cyble Inc. released its Annual Threat Landscape Report 2025, revealing a rapidly evolving cyber threat environment shaped by the widespread adoption of artificial intelligence by threat actors, the continued dominance of ransomware operations, and a sharp rise in geopolitically motivated hacktivism. The report provides a comprehensive analysis of cyber threats observed throughout 2025, drawing from intelligence collected across underground forums, dark web marketplaces, and global threat actor ecosystems.

The analysis highlights how cyber adversaries are increasingly leveraging automation, AI-enabled tooling, and interconnected digital ecosystems to scale attacks, reduce time-to-compromise, and maximize operational impact across industries and regions.

“The 2025 threat landscape demonstrates a fundamental shift in how cybercrime operates, with attackers moving faster, operating more efficiently, and exploiting trust across digital ecosystems,” said Daksh Nakra, Senior Manager of Research and Intelligence at Cyble. “Organizations must assume that threats will be more adaptive, more automated, and more persistent than ever before.”

Ransomware Operations Continue to Dominate

Cyble researchers observed ransomware remaining the most disruptive cyber threat in 2025, with threat actors refining extortion-only models, rotating affiliates across multiple Ransomware-as-a-Service platforms and repeatedly targeting organizations that demonstrated a willingness to pay.

Dominant ransomware groups maintained consistent attack volumes, leveraging stolen credentials, exposed services, and zero-day vulnerabilities to gain initial access and execute high-impact intrusions.

AI and Automation Accelerate Cybercrime

The report documents increased use of artificial intelligence across phishing campaigns, malware development, social engineering, and reconnaissance activities. Threat actors leveraged AI to generate realistic lures, automate vulnerability exploitation, and conduct large-scale credential harvesting with minimal human involvement.

Hacktivism and Geopolitical Cyber Activity Surge

Hacktivist operations expanded significantly in 2025, with data leaks, service disruptions, and destructive attacks increasingly aligned with geopolitical conflicts. Government agencies, critical infrastructure, transportation, and energy sectors were frequent targets of coordinated campaigns.

Key Takeaways

• Cybercrime operations increasingly adopted AI-driven automation

• Ransomware remained the most disruptive and financially motivated threat

• Hacktivist activity surged alongside global geopolitical tensions

• Identity abuse and supply chain attacks continued to expand

• Exploited vulnerabilities enabled rapid and large-scale compromise