Increased Exploitation of Unauthenticated Vulnerabilities and AI-Enhanced Attack Techniques

First reported

25.02.2026 18:16

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

IBM X-Force's 2025 Threat Intelligence Index reveals that 56% of tracked vulnerabilities required no authentication before exploitation. The report highlights the growing threat of infostealer credential theft, with 300,000 ChatGPT credentials discovered on the dark web. AI is being weaponized by attackers to find weak access points, create deepfakes, and exploit agentic AI systems, expanding the blast radius of compromises. Supply chain attacks have quadrupled over the last five years, with criminals and state-sponsored actors adopting advanced techniques, blurring the lines between their tactics.

Timeline

25.02.2026 18:16 1 articles · 2h ago

IBM X-Force 2025 Threat Intelligence Index Released
The report reveals that 56% of tracked vulnerabilities required no authentication before exploitation. It also highlights the growing threat of infostealer credential theft, with 300,000 ChatGPT credentials discovered on the dark web. The report emphasizes the weaponization of AI by attackers and the quadrupled rate of supply chain attacks over the last five years.
Show sources

The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI — www.securityweek.com — 25.02.2026 18:16
Open in new tab

Information Snippets

56% of 400,000 vulnerabilities tracked by IBM X-Force in 2025 required no authentication before exploitation.
First reported: 25.02.2026 18:16

1 source, 1 article
Show sources
- The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI — www.securityweek.com — 25.02.2026 18:16
300,000 ChatGPT credentials were discovered on the dark web, likely stolen by infostealers.
First reported: 25.02.2026 18:16

1 source, 1 article
Show sources
- The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI — www.securityweek.com — 25.02.2026 18:16
AI is being used by attackers to find weak access points, create deepfakes, and exploit agentic AI systems.
First reported: 25.02.2026 18:16

1 source, 1 article
Show sources
- The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI — www.securityweek.com — 25.02.2026 18:16
Supply chain or third-party breaches have increased fourfold over the last five years.
First reported: 25.02.2026 18:16

1 source, 1 article
Show sources
- The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI — www.securityweek.com — 25.02.2026 18:16
Criminals and state-sponsored actors are adopting advanced techniques, blurring the lines between their tactics.
First reported: 25.02.2026 18:16

1 source, 1 article
Show sources
- The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI — www.securityweek.com — 25.02.2026 18:16

Summary

Timeline

IBM X-Force 2025 Threat Intelligence Index Released

Information Snippets