H1 2025 Malware and Vulnerability Trends Analysis

This technical report analyzes malware and vulnerability trends observed in the first half of 2025 (H1 2025). It highlights that vulnerabilities in Microsoft products and edge security appliances were the most exploited, with state-sponsored actors responsible for over half of the exploitation campaigns. The report notes a 16% increase in disclosed Common Vulnerabilities and Exposures (CVEs) compared to H1 2024, with 161 vulnerabilities actively exploited. Remote Access Trojans (RATs) such as XWorm and Remcos gained prominence, marking a shift from infostealers. Additionally, ransomware groups adopted new affiliate models and evasion tactics. The report also discusses the rise of mobile malware threats, particularly Android banking trojans employing innovative attack methods. It emphasizes the need for organizations to prioritize patching of internet-facing systems and enhance detection capabilities to counter evolving threats. The findings indicate a fragmented threat landscape, necessitating a proactive approach to cybersecurity.