Key Terms
ransomware
technical
Ransomware is malicious software that locks or encrypts a company’s computer files and systems, then demands payment for their release — like a thief changing the locks on a business and asking for a ransom. It matters to investors because attacks can halt operations, trigger large cleanup costs, damage customer trust, lead to regulatory fines or legal claims, and reduce future revenue, all of which can hurt a company’s financial value.
llm
technical
A large language model (LLM) is an advanced computer system trained on vast amounts of written text to understand and generate human-like language, similar to a very fast, well-read assistant that can summarize documents, draft messages, or answer questions. Investors care because LLMs can speed up research, automate customer support, and reduce costs, while also creating new product opportunities and risks around accuracy, bias, and regulatory oversight that can affect a company’s performance.
phishing
technical
Phishing is a type of online scam where fraudsters send fake emails, texts or websites that mimic legitimate firms to trick people into giving up passwords, account numbers or other sensitive information—like a fake baited hook pretending to be a trusted service. For investors, falling for phishing can lead to stolen funds or trading accounts, unauthorized trades, lost personal data and costly reputational or regulatory problems for firms that fail to protect client information.
zero-day
technical
A zero-day is a software flaw that the maker does not yet know how to fix or has no available patch for, so attackers can exploit it immediately. Investors should care because a successful exploit can cause data breaches, service outages, regulatory fines and lost customer trust—outcomes that can reduce revenue and damage a company’s stock value, similar to a hidden broken lock that lets thieves in before anyone notices.
cvss
technical
Common Vulnerability Scoring System (CVSS) is a standardized way to rate the severity of software security flaws on a numeric scale, summarizing how easily a vulnerability can be exploited and how much damage it could cause. For investors, CVSS scores act like a storm severity chart for a company’s digital systems — higher scores signal greater operational, financial and reputational risk, possibly leading to remediation costs, downtime, or regulatory scrutiny that can affect a firm’s value.
dark web
technical
The dark web is a hidden part of the internet that standard search engines and browsers don’t show, accessible only with special software and settings that mask users’ identities. For investors, it matters because stolen customer data, leaked corporate documents or illegal marketplaces found there can lead to regulatory fines, cleanup costs, loss of customer trust and sudden drops in a company’s stock value—like a hidden back alley that can damage a storefront’s reputation and finances.
Analysis of global cyber activity in 2025 reveals evolving attacker tactics, increased reliance on AI, and sharply different threat patterns across regions
HERZLIYA,
Cognyte Software Ltd. (NASDAQ: CGNT) (“Cognyte”), a global leader in investigative analytics software, released new findings from its LUMINAR Threat Intelligence Group in the LUMINAR 2026 Annual Threat Report. The report analyzes the global threat landscape, showing how AI is reshaping cyber operations, ransomware is rising worldwide and attackers are exploiting vulnerabilities and stolen credentials at scale. It also reveals distinct regional threat patterns and documents what Cognyte refers to as the first known AI-orchestrated cyber espionage campaign using a popular LLM.
“We’re seeing a fundamental shift in how cyber threats are carried out and scaled,” said Gilad Zahavi, Cognyte’s VP of Threat Intelligence. “AI, ransomware groups and nation-state actors are no longer separate challenges – they’re increasingly working in tandem, creating attacks that move faster and are harder to detect. Organizations must prepare for a threat landscape that is changing faster than ever.”
Key Findings in the LUMINAR 2026 Threat Landscape Report
AI is increasingly used by cyber attackers and defenders.
-
In 2025, AI enabled attackers to automate up to 80–
90% of a specific nation-state espionage campaign and generate most phishing content (82.6% ), while defenders used LLM-assisted tools to identify vulnerabilities, including the zero-day CVE-2025-6965.
Exploited vulnerabilities remain a key attack vector.
- In 2025, nearly 50,000 new vulnerabilities were disclosed (average CVSS score of 6.6), with major flaws such as React2Shell (CVE-2025-55182) widely discussed on the dark web, while Linux Kernel recorded the highest number of reported vulnerabilities (2,257).
Stolen credentials remain a major driver of cyber intrusions.
-
In 2025, stolen credentials were linked to
22% of data breaches, even as dark web sales ads dropped by about50% (to ~7 million), with the Lumma infostealer responsible for 2.2 million listings – roughly42% of the total.
Ransomware attacks are on the rise globally.
-
In 2025, ransomware groups claimed 7,809 victims – a
27.3% increase year over year – led by the Qilin group (12.8% of attacks), while total payments fell23% as attackers increasingly shifted toward targeting small and medium-sized businesses.
Threat activity varies significantly by region, reflecting different dominant actors and priorities.
-
The
U.S. accounted for roughly one-third of global ransomware incidents, while nation-state activity dominated theMiddle East (56.6% ) and APAC (67% ); cybercriminal groups led inNorth America (52% ) and showed a similar pattern inEurope , with notable state-linked involvement.
The 2026 LUMINAR Threat Landscape Report also includes an overview of Cognyte’s recommendations and general best practices to protect against the common threat vectors and threats addressed in the report. The full report is available for download here.
Research Methodology
Cognyte’s 2026 LUMINAR Threat Landscape Report is based on in-depth analysis of cybersecurity incidents worldwide in 2025, supported by AI-driven insights and data from the company’s proprietary threat intelligence repository. The LUMINAR Threat Intelligence Group analyzed more than 2,300 real-life cyber incidents using generative AI capabilities, where they uncovered new attack vectors, emerging ransomware groups and the continued evolution of trends first identified in 2024.
LUMINAR is AI-driven external threat intelligence software that enables security and risk management leaders to maintain visibility of their threat landscape. By consolidating all critical threat intelligence capabilities into a unified solution, users can extract timely, accurate and actionable insights that can be applied before, during and after threats reach an organization.
About Cognyte
Cognyte is a leading software-driven technology company, focused on solutions for data processing and investigative analytics that allow customers to generate Actionable Intelligence for a Safer World™. Cognyte’s solutions empower law enforcement, national security, national and military intelligence agencies, and other organizations to navigate an increasingly complex threat landscape. With offerings that leverage state-of-the-art technology, including Artificial Intelligence (AI), big data analytics and advanced machine learning, Cognyte helps customers make smarter, faster decisions with their data for successful outcomes. Hundreds of customers rely on Cognyte’s investigative analytics solutions to uncover critical insights from past events and anticipate emerging threats. By harnessing AI-driven intelligence, Cognyte accelerates investigations with exceptional speed and accuracy while enabling customers to better investigate, anticipate, predict and mitigate risks with greater precision. Learn more at www.cognyte.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260421190857/en/
Media Relations Contact:
Michelle Allard McMahon
Rainier Communications on behalf of Cognyte Software
prcognyte@rainierco.com
Source: Cognyte Software Ltd.
Click Here For The Original Source.
