Threat Landscape Report 2025 - Second semester

This report provides an in-depth analysis of the evolving cyber threat landscape, with a particular focus on how geopolitical tensions are increasingly shaping the security of governments and critical infrastructure. It reviews the most significant incidents observed during the second half of 2025, including ransomware campaigns, the growing sophistication of malware, large-scale phishing operations, and supply chain compromises.

Special emphasis is placed on the rising role of hacktivist groups and state-sponsored Advanced Persistent Threat (APT) groups, along with the most prevalent attack techniques and the rapid exploitation of zero-day vulnerabilities by cybercriminal organisations.

This edition provides exclusive information on the threat landscape in the second half of the year by country, based on data from Thales’ eight Security Operations Centers (SOCs), which monitor cybersecurity alerts 24 hours a day, 7 days a week, in real time and around the world.

Beyond analysis, this report is designed as a strategic resource for cybersecurity professionals and decision-makers across both public and private sectors. By highlighting the intersection between geopolitics and cyber threats, it provides a comprehensive overview of current and emerging risks, informing organisations of their exposure and prioritisation of critical assets.

Finally, the report offers practical guidance for strengthening resilience, developing risk management policies tailored to specific sectors, and fostering cooperation between industry and government. It also serves as a foundation for scenario planning and threat modelling exercises, encouraging a shift from reactive responses to proactive anticipation and mitigation.

Download the report and find out more about the threats analysed and discovered by the Thales Cyber Threat Intelligence team!

To download the full report, click here.