A new report highlights a major shift in the global cyber threat landscape, with cybercrime evolving into a large-scale, automated system powered by AI. According to Fortinet, attacks are becoming faster, more organised, and increasingly industrialised.
The 2026 Global Threat Landscape Report shows that ransomware activity and cyber incidents grew by 389% year-over-year. In 2025 alone, Mexico recorded 58.1 billion cyberattack attempts and 30 billion active scans.
“At the time that cybercrimes continue to use AI exponentially to drive their tactics, cyber defenders must evolve cybersecurity operations toward an industrialized defense and adopt AI-driven tools that respond at the same speed as modern threats,” said Derek Manky.
Globally, reconnaissance activity surged. Asia-Pacific recorded 260.13 billion scans, followed by Europe, Middle East, and Africa with 168.36 billion, North America with 156.68 billion, and Latin America with 54.65 billion.
Attack cycles are now continuous, with six stages identified: exposure, weaponization, exploitation, post-exploitation, impact, and decisions. The time-to-exploit has reduced to 24 to 48 hours, with some attacks occurring on the same day vulnerabilities are disclosed. In 2025, 121.99 billion exploitation attempts were recorded, up 25.49%. Of 635 active vulnerabilities, 53.86% had proof-of-concept code and 31.18% had weaponised code.
Identity data has become a key target. 4.62 billion stealer logs were traded on the darknet, a 79.07% increase. Malware like RedLine (911968 infections), Lumma (499784), and Vidar (236778) drove these attacks. This exposed over 35 million SSO records, 6.6 million GitHub accounts, and 6 million webmail credentials.
Ransomware remains a major threat, with 7831 victims in 2025. Manufacturing was the most affected sector with 1284 cases, followed by business services (824) and retail (682). The United States recorded 3381 victims, with Canada (374) and Germany (291) also impacted. Groups like Qilin and Akira continue to scale operations using AI-enabled tools.
Cloud attacks are also rising, mainly driven by stolen credentials rather than system vulnerabilities. Attackers use API activity to map systems and escalate access. Hospitals and retail stores are among the most affected due to complex cloud environments.
AI-powered tools like HexStrike AI, APEX AI, and Brute Force AI are automating attacks, reducing the time needed to exploit systems.
The report notes that 7.10 billion botnet detections were recorded in 2025. It recommends that organisations focus on faster detection, response, and containment, as stopping attacks quickly is now critical.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
