Key Takeaways
- One in four breaches today exploits a third-party vulnerability rather than a direct internal attack.
- 30% of cyber intrusions are through the use of valid credentials, often stolen in phishing attacks.
- In 2025, cyber attackers shifted away from “frequent but contained” events and toward fewer attacks with larger financial impacts.
Supply chain vulnerabilities and AI-powered phishing attacks are the latest trends in cybersecurity, according to a new threat report.
Among the top threats in the new analysis are the vulnerabilities inherent the digital supply chain, and the third-party suppliers that compose it. In fact, third-party software represents a 20% increase in risk over direct internal attacks.
Meanwhile, AI tools are behind a massive 80% of phishing events recorded worldwide in 2025. Here’s what to know.
Moderate Risks Can Still Lead to a $100M Loss
The new analysis, titled “2026 Cyber Threat Landscape Report,” emerged last week from risk intelligence company Dataminr.
Last year alone, the company processed 6.3 million external threat alerts, 4.8 million vulnerability alerts, and 3.1 million digital risk alerts. The dangers of third-party vulnerabilities were one of their top takeaways.
This just in! View
the top business tech deals for 2026 👨💻
“One in four modern breaches now exploits a third-party vulnerability (CVE), escalating the risk magnitude by 20% compared to direct internal attacks. This ‘Vendor Pivot’ is characterized by extreme velocity; 96% of these vulnerabilities are weaponized within the same calendar year of disclosure, frequently bypassing internal detection and resulting in twice the data impact per incident.” -the report
In some cases, the risk of a CVE is moderate… but financial losses from the potential data breach or ransomware event “could easily exceed $50M to $100M+.”
AI-Powered Phishing Is Rising Concern
Other takeaways from the threat report?
- Valid credentials, not break-ins: A big chunk (30%) of cyber intrusions now come through the use of valid credentials — attackers log in with stolen details rather than try to break in through a backdoor.
- Phishing resilience: Phishing is still the biggest intrusion vector in 60% of cases.
- Artificial intelligence powers phishing attacks: AI-supported phishing campaigns represented over 80% of observed social engineering activity around the globe in 2025.
- Refusal to pay is trending: 63% of organizations opted not to pay ransoms last year, an uptick up from 59% in 2024.
- Fewer attacks but bigger impacts: “From a financial loss perspective, 2025 marked a clear shift from frequent but contained cyber losses toward fewer events with materially larger financial and mission impact,” says the report.
AI and the Future of Cybersecurity
It’s no wonder Gartner’s recent cybersecurity predictions for 2026 made sure to call for stronger governance and increased oversight of AI tools to reduce the potential security risks they pose.
With usage of AI agents only set to increase in 2026, cybersecurity professionals are once again on the cutting edge of unprecedented security problems.
Businesses can respond with increased training and more security tools. Plus, 94% of respondents in one recent survey say that AI can spearhead positive changes in cybersecurity in 2026.
Still, with AI voices and video footage becoming more convincing by the day, phishing attacks will likely continue to grow as a problem.
