Meet Foresiet Nexus — Your smarter Threat Intel hub. See it in action — book a free demo today!
September 2025 Monthly Cover

September 2025 Cybersecurity Threat Report

The September 2025 Cybersecurity Report reveals a sharp shift in global ransomware activity. A few dominant groups — Qilin (16.5%) and Play (16.1%) — drove almost one-third of all global attacks. The United States (60%) faced the highest number of breaches, followed by Germany, Canada, and Japan.

Attackers focused on industries with direct financial and operational value. Manufacturing (15.2%), Technology (13.8%), and Finance (11%) were the most targeted sectors this month.

The report exposes how cybercriminals used vendor and third-party systems as easy entry points. Breaches at Volvo’s HR supplier, Harrods’ CRM vendor, and the Salesforce OAuth token campaign showed how one weak link can impact many companies.

Dark web activity also surged. Stolen data, admin credentials, and tokens appeared on BreachForums and Telegram within hours of leaks. Attackers quickly resold this access to launch new ransomware attacks and phishing campaigns.

Our researchers identified 4,341 new vulnerabilities, including critical flaws in Cisco, SAP, and Android. These issues allowed direct exploitation, increasing risk for unpatched systems.

The September 2025 Cybersecurity Report gives practical guidance for CISOs, SOC leaders, and IT teams. It explains how to counter the rise of access-as-a-service, secure vendor ecosystems, and build stronger defenses with zero-trust models and dark web monitoring.

Download the full report now to understand how ransomware groups are evolving and how your organization can stay protected.

By submitting this form, you consent to us using your contact information for marketing purposes. You can unsubscribe at any time. For details, please review our Privacy Policy.