Cyble, a global leader in AI-powered cyber threat intelligence, today announced the release of its “Global Threat Landscape Report: May 2025.” The comprehensive analysis details significant upheavals and critical shifts within the global cyber threat landscape and the dark web, offering crucial intelligence for organizations to fortify their defenses.
The report highlights a period of intense transformation, with prominent ransomware groups undergoing dramatic restructuring and cybercrime forums experiencing major migrations. This activity shows the agility and persistent threat posed by threat actors worldwide.
Key Findings from the May 2025 Report Include:
- Ransomware’s Shifting Power Dynamics: May 2025 saw a significant change in ransomware dominance. Following the suspected takedown of RansomHub, new players rapidly ascended, with SafePay emerging as the most active threat actor, claiming 64 victims in May. Other prominent groups include Qilin (58 victims) and Play (44 victims).
- Dark Web Adaptability: The report documents the unexpected shutdown of major cybercrime forums, such as BreachForums. This forced a rapid migration of threat actors to new platforms, demonstrating their remarkable resilience and quick adaptation to disruption.
- Pervasive Attack Vectors: A staggering 40% of all cyber incidents investigated by Cyble researchers in May involved either ransomware or a supply chain attack, highlighting these as critical and frequently exploited attack vectors.
- Alarming Rise in Supply Chain Exploits: Software supply chain attacks continue their alarming ascent, having impacted 22 out of the 24 sectors tracked by Cyble in the first five months of 2025. This points to a growing vulnerability in interconnected IT environments.
- Massive Data Exposures: Cyble’s findings reveal an unsettling 200 billion exposed cloud files, underscoring the urgent need for robust vulnerability and attack surface management.
- Geographical Targeting Trends: The United States remains the primary target, experiencing nearly 48% of all recorded attacks, followed by significant activity in Europe and the Asia-Pacific (APAC) region. India was among the top five targeted in Asia.
“The May 2025 report serves as a critical barometer for the evolving cyber threat landscape,” said Daksh Nakra, Senior Manager – Research and Intelligence at Cyble. “We are witnessing a highly dynamic environment where threat actors are quick to adapt and exploit new opportunities. Understanding these shifts, from the rise of new ransomware groups to the surge in supply chain attacks, is no longer optional but essential for organizations to implement effective, risk-based security measures.”The report emphasizes the need for organizations to prioritize vulnerabilities based on risk, protect web-facing assets, segment networks, harden endpoints, implement strong access controls, and maintain ransomware-resistant backups.
