Once again, Forescout Research – Vedere Labs widens its mid-year lens with a macro look at the most pressing cybersecurity risks to date. From 3,649 ransomware attacks to state-sponsored intrusions to new trends in lateral movement, here are the new threat patterns and cyber attack behavior you need to know right now.
CISA KEV additions
0-day exploits
Ransomware attacks
Ransomware attacks
In today’s geo-political landscape, this line is increasingly blurred, often by design. Identity-shifting threat actors use this ambiguity to confuse attribution and complicate response. The image is from the group “APT Iran” who has claimed many attacks against Israel and the US in 2025, but have not been independently verified.
The most targeted industries are government, technology, financial services, telecommunications, and energy. Financial services dropped from second to third place while energy rose from eighth to fifth — reflecting increased threat activity against this sector.
In 2025H1, 63 vulnerabilities were exploited as 0-days, up from the 43 in 2024H1. These 0-days impacted products from 27 vendors: 2025 is on track to exceed the record 100 exploited 0-days from 2024.
IoMT devices – pump controllers, medication dispensing systems and workstations – have some of the most dangerous vulnerabilities – and highlight healthcare security risks.
The top five industries remain in the top 5 with a minor change: Healthcare had more attacks than retail last year. Financial services: +72% more ransomware in 2025H1. Retail increased 66% YoY. Technology rose by 48%. Manufacturing increased by 24%.
Stay on top of this year’s trends, so you can know where to focus your cybersecurity and OT defenses. Get all the data and analysis, including:
