{"id":5241,"date":"2026-04-30T07:36:42","date_gmt":"2026-04-30T07:36:42","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/04\/30\/researchers-track-2-9-billion-compromised-credentials\/"},"modified":"2026-04-30T07:36:42","modified_gmt":"2026-04-30T07:36:42","slug":"researchers-track-2-9-billion-compromised-credentials","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/04\/30\/researchers-track-2-9-billion-compromised-credentials\/","title":{"rendered":"Researchers Track 2.9 Billion Compromised Credentials"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The threat landscape in 2025 was characterized by a surge in compromised credentials, extortion and vulnerability exploitation, according to a new report from KELA. \u00a0<\/p>\n<p>The threat intelligence firm tracked nearly 2.9 billion compromised credentials last year globally, it said in its latest report, <em>The State of Cybercrime 2026: Emerging Threats &#038; Predictions<\/em>.<\/p>\n<p>These included usernames, passwords, session tokens, cookies found in URL, login and\u00a0password (ULP)\u00a0lists, breached email repositories\u00a0and cybercrime marketplaces. At least 347 million were originally obtained by infostealers found on around 3.9 million infected machines.<\/p>\n<p>The numbers were boosted by a massive increase in macOS infostealer infections which surged from under 1000 in 2024 to over 70,000 in 2025.<\/p>\n<p><em>Read more on infostealers:<\/em><em> New &#8216;Storm&#8217; Infostealer Remotely Decrypts Stolen Credentials<\/em><\/p>\n<p>Although the credentials themselves may or may not have been valid, the figures reflect \u201cthe sheer scale and persistence of the threat,\u201d according to KELA.<\/p>\n<p>Elsewhere, KELA found:<\/p>\n<ul>\n<li>A 45% annual increase in ransomware victims to 7549 \u2013 although it\u2019s not clear how many of these paid their extorter. Attacks were claimed by 147 active groups, including 80 new entities<\/li>\n<li>238 vulnerabilities added to CISA&#8217;s KEV Catalog in 2025, up 29% from 185 in 2024. Markets now favor \u201cfully weaponized mass-exploitation scripts and exclusive exploits over basic PoC code,\u201d the report noted<\/li>\n<li>250 new hacktivist groups and a 400% increase in DDoS to 3500 attacks in 2025, as geopolitical tensions increased<\/li>\n<li>The weaponization of the software supply chain, through OAuth compromise and open source worms in developer ecosystems<\/li>\n<\/ul>\n<h2><strong>AI Dominates the Kill Chain<\/strong><\/h2>\n<p>KELA also noted the growing use of AI to power various stages of attacks.<\/p>\n<p>\u201cCybercriminals and APT groups have moved from using AI merely as a supportive tool in attacks to making it an essential component in the complexity, enhancement, and escalation of those attacks,\u201d it warned.<\/p>\n<p>Specifically, attacks have moved on from basic jailbreaking of LLMs to vibe hacking for autonomous execution of entire workflows, the report claimed. AI-assisted malware and prompt injection attacks designed to hijack agents are also increasingly common, KELA said.<\/p>\n<p>&#8220;We\u2019re seeing a fundamental pivot in adversary behavior with the shift from AI-assisted tools to fully autonomous, agentic malicious workflows, where over 80% of operations require minimal human oversight,\u201d said David Carmiel, CEO of\u00a0KELA.<\/p>\n<p>\u201cAttackers no longer need to break in through a backdoor, they can quickly find the key and walk through the front using stolen credentials. Organizations relying on stale intelligence and legacy defenses instead of AI-powered solutions are leaving the door wide open to attacks.\u201d<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The threat landscape in 2025 was characterized by a surge in compromised credentials, extortion and vulnerability exploitation, according to a new report from KELA. \u00a0 The threat intelligence firm tracked nearly 2.9 billion compromised credentials last year globally, it said in its latest report, The State of Cybercrime 2026: Emerging Threats &amp; Predictions. These included<\/p>\n","protected":false},"author":2,"featured_media":5242,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5241-fb42451e-f01e-4552-b09d-fcfa2fafd4c0-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5241"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5241\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5242"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5241"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}