Author: Balázs Boros

In the first half of 2025, the world of cybersecurity threats underwent significant changes. The Recorded Future research team, Insikt Group, published the H1 2025 Malware and Vulnerability Trends report, which provides a comprehensive overview of the new malware trends, ransomware attacks, and vulnerabilities that shaped the digital landscape during the first six months of 2025.

The report is especially important for businesses, as it highlights how attackers are simultaneously relying on old, well-tested tools and the latest technologies, while using increasingly sophisticated methods to bypass security defenses. This environment places considerable pressure on companies, as protecting IT systems is a constant challenge. However, risks can be significantly reduced with the involvement of experts. If you feel that your organization needs support in developing the right cybersecurity strategy, do not hesitate to contact our company. We are here to help make your organization more secure and resilient.

Vulnerabilities and Exploitation Trends

One of the most striking findings: the number of publicly disclosed CVEs increased by 16% compared to the same period in 2024. Out of these, 161 vulnerabilities were actively exploited by cybercriminals and state-sponsored actors.

The primary focus of attacks included:

  • Microsoft products (Windows and other systems)
  • Edge security appliances such as SSL-VPN solutions, firewalls, and secure gateways

This is no coincidence: compromising network perimeter defenses provides attackers with immediate access to internal systems, while these devices are often subject to less rigorous monitoring.

Malware Trends: The Rise of RATs

A marked shift has been observed in malware trends. While infostealers (e.g., RedLine, LummaC2) dominated in 2024, the first half of 2025 saw Remote Access Trojans (RATs) come to the forefront.

Tools such as XWorm, Remcos, and AsyncRAT provide both data-stealing capabilities and persistent access to infected systems. This dual function makes them far more valuable to cybercriminals, especially for long-term, continuously profitable campaigns.

Additionally, old “classic” malware has resurfaced. Examples like Sality and Tofsee show that code known for more than a decade can be revived when attackers augment it with modern techniques.

Mobile Banking Trojans and NFC Relay Attacks

Mobile threats have also intensified. Android banking trojans are no longer limited to traditional overlay attacks, NFC relay attacks have emerged, enabling real-world financial fraud.

In such schemes, attackers can intercept and relay contactless card data, even enabling ATM transactions without the user’s knowledge. This underscores the importance of mobile banking security and user awareness.

Ransomware: New Models and Evasion Tactics

Ransomware attacks continue to be one of the greatest threats to businesses. In the first half of 2025, groups introduced increasingly sophisticated business models, such as affiliate programs, which make it easier for newcomers to distribute ransomware.

New defense-evasion techniques have also emerged, including:

  • BYOI (Bring-Your-Own-Installer) methods to bypass endpoint defenses
  • JIT hooking and memory injection, making attacks nearly invisible
  • The use of legitimate software (e.g., AnyDesk, PuTTY) to mask malicious activity

These developments highlight that combating ransomware is not only a technical challenge but also a business and strategic concern.

Magecart Attacks: E-Commerce in the Crosshairs

According to the report, Magecart attacks remain a serious issue in e-commerce. While Magento platforms were the primary targets in the past, in 2025 attackers increasingly set their sights on WooCommerce-based online stores.

The new generation of e-skimmers is modular and more difficult to detect, for instance by embedding malicious JavaScript within CSS elements. This makes continuous security audits and compliance with PCI DSS 4.0 standards even more essential.

What Can Businesses Do?

The report’s key message is clear: the threat landscape is simultaneously expanding and fragmenting. Businesses urgently need to take steps such as:

  • Implementing fast patch management, especially for Microsoft and edge security products
  • Extending cybersecurity monitoring to cover perimeter devices and mobile endpoints
  • Integrating threat detection and threat intelligence into daily operations
  • Providing cybersecurity training to employees to help them identify social engineering attacks
  • Enforcing e-commerce security measures: CSP, third-party script audits, and real-time integrity checks

Conclusion

The Recorded Future report makes it clear that cyber threats in 2025 continue to evolve rapidly. The coexistence of both old and new malware trends, the changing ransomware business models, the rise of mobile banking trojans, and ongoing Magecart attacks all demonstrate that cybersecurity is not a static state but a constant race between attackers and defenders.

For businesses, one of the most important messages is this: do not rely on last year’s security measures. Threats are evolving faster than ever, and only those organizations that proactively adapt to this dynamic environment will remain resilient.