Cyble, a leading global provider of AI-powered cyber threat intelligence, has released its comprehensive “Global Threat Landscape Report: May 2025.” This in-depth analysis reveals significant changes and critical shifts within the global cyber threat landscape and the dark web, providing essential intelligence for organizations to strengthen their defenses.

The report highlights a period of intense transformation, marked by prominent ransomware groups undergoing significant restructuring and cybercrime forums experiencing major migrations. This activity demonstrates the agility and persistent threat posed by threat actors worldwide.

Key Findings from the May 2025 Report Include:

• Ransomware’s Shifting Power Dynamics: The May 2025 report reveals a significant change in ransomware dominance. Following the suspected takedown of RansomHub, new players rapidly emerged, with SafePay becoming the most active threat actor, claiming 64 victims in May. Other prominent groups include Qilin (58 victims) and Play (44 victims).
• Dark Web Adaptability: The report documents the unexpected shutdown of major cybercrime forums, such as BreachForums. This forced a rapid migration of threat actors to new platforms, showcasing their remarkable resilience and ability to adapt to disruptions.
• Pervasive Attack Vectors: A staggering 40% of all cyber incidents investigated by Cyble researchers in May involved either ransomware or a supply chain attack, highlighting these as critical and frequently exploited attack vectors.
• Alarming Rise in Supply Chain Exploits: Software supply chain attacks continue to escalate, impacting 22 out of the 24 sectors tracked by Cyble in the first five months of 2025. This points to a growing vulnerability in interconnected IT environments.
• Massive Data Exposures: Cyble’s findings reveal an unsettling 200 billion exposed cloud files, underscoring the urgent need for robust vulnerability and attack surface management.
• Geographical Targeting Trends: The United States remains the primary target, experiencing nearly 48% of all recorded attacks, followed by significant activity in Europe and the Asia-Pacific (APAC) region. India was among the top five targeted countries in Asia.

“The May 2025 report serves as a critical barometer for the evolving cyber threat landscape,” said Daksh Nakra, Senior Manager – Research and Intelligence at Cyble. “We are witnessing a highly dynamic environment where threat actors are quick to adapt and exploit new opportunities. Understanding these shifts, from the rise of new ransomware groups to the surge in supply chain attacks, is no longer optional but essential for organizations to implement effective, risk-based security measures.”The report emphasizes the need for organizations to prioritize vulnerabilities based on risk, protect web-facing assets, segment networks, harden endpoints, implement strong access controls, and maintain ransomware-resistant backups.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get the latest insights & analysis in your inbox.