Analysis

The cybersecurity threat landscape demonstrated significant volatility and evolution in the first half of 2025, according to new research data. A social engineering attack vector known as ClickFix experienced a staggering 517% surge in the past six months, establishing it as the second most common attack method and accounting for nearly 8% of all blocked threats. This technique's effectiveness stems from its ability to bypass traditional security protections by manipulating users into executing malicious scripts themselves, a vulnerability that affects all major operating systems. The commoditization of this attack, with builders for weaponized landing pages being sold, suggests a low barrier to entry and portends continued growth. Concurrently, the infostealer market underwent a major reshuffle. SnakeStealer emerged as the dominant threat, comprising a fifth of all infections, while Agent Tesla's prevalence fell by 57% due to its operators losing access to its source code. This dynamic was further impacted by major law enforcement operations in May 2025, which disrupted the infrastructure of Lumma Stealer and Danabot, two platforms whose activity had grown 21% and 52% respectively in H1 2025 prior to the takedowns. This confluence of a rapidly scaling new attack vector and a shifting malware ecosystem points to a highly dynamic and elevated risk environment for enterprises.