CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Exponential growth in compromised credential collections driven by infostealers and macOS targeting in 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Global compromised credential collections surged to nearly 2.9 billion in 2025, driven by widespread infostealer activity and a 7,000% increase in macOS infostealer infections. The data spans usernames, passwords, session tokens, cookies, breached email repositories, and cybercrime marketplaces. At least 347 million credentials originated from infostealers operating across 3.9 million infected systems. The scale reflects persistent and evolving credential harvesting threats targeting both traditional and Apple ecosystems. Ransomware victims rose 45% to 7,549 across 147 groups, including 80 new entities. CISA’s Known Exploited Vulnerabilities (KEV) Catalog expanded by 29% to 238 entries, with markets favoring weaponized exploits over proof-of-concept code. Hacktivist groups increased by 250, while DDoS attacks surged 400% to 3,500 incidents amid rising geopolitical tensions. AI integration in attack chains has shifted from supportive tools to core components, enabling autonomous workflows, malware deployment, and prompt injection attacks across compromised identities.

Timeline

  1. 29.04.2026 16:00 1 articles · 2h ago

    2025 global credential theft reaches 2.9 billion as infostealer campaigns surge, particularly targeting macOS

    Global tracking of compromised credentials in 2025 revealed a total of 2.9 billion entries, including credentials harvested via infostealers on 3.9 million systems. macOS infostealer infections increased from under 1,000 to over 70,000 year-over-year, indicating rapid expansion of cross-platform credential theft operations. Ransomware victims rose 45% to 7,549, while CISA’s KEV Catalog grew by 29% to 238 entries. DDoS incidents surged 400% to 3,500, with 250 new hacktivist groups identified. AI integration into attack workflows has transitioned from supportive to core operational capability, enabling autonomous adversary actions across compromised identities.

    Show sources
    Open in new tab

Information Snippets

  • Nearly 2.9 billion compromised credentials were tracked globally in 2025, including usernames, passwords, session tokens, cookies, breached email repositories, and cybercrime marketplace listings.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources

  • At least 347 million credentials were obtained via infostealers deployed across approximately 3.9 million infected machines.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources

  • macOS infostealer infections increased from under 1,000 in 2024 to over 70,000 in 2025, representing a 7,000% year-over-year surge.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources

  • Ransomware victims rose by 45% to 7,549 in 2025, claimed by 147 active groups, including 80 newly emerged entities.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources

  • 238 vulnerabilities were added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog in 2025, a 29% increase from 185 entries in 2024.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources

  • DDoS attacks increased 400% to 3,500 incidents in 2025, alongside the formation of 250 new hacktivist groups amid escalating geopolitical tensions.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources

  • AI adoption in cyber attacks has evolved from supportive tools to essential components, enabling autonomous workflows, prompt injection attacks, and agentic malicious operations requiring minimal human oversight.

    First reported: 29.04.2026 16:00
    1 source, 1 article
    Show sources