Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Credential theft has become the dominant initial access vector for attackers, with Recorded Future indexing nearly two billion stolen credentials in 2025. The second half of 2025 saw a 50% increase over the first half, driven by industrialized infostealer malware, malware-as-a-service ecosystems, and AI-enabled phishing. Nearly two-thirds of analyzed credentials with identifiable URLs were tied to authentication systems like Okta, Azure AD, or corporate VPNs. Critically, 31% of malware-sourced credentials included active session cookies enabling full MFA bypass. Experts recommend shifting from perimeter and MFA-centric defenses to continuous identity monitoring, phishing-resistant MFA (FIDO2), device-based conditional access policies, and treating high-risk IAM credentials as Tier-0 assets.

More Attackers Are Logging In, Not Breaking In