Identity attacks and infostealers dominate the 2025 Threat Detection Report

Red Canary’s 2025 Threat Detection Report analyzes nearly 93,000 threats observed in 2024 across more than 4 million identities, endpoints, and cloud assets, calling out a shift toward cloud- and identity-enabled attacks (Cloud Accounts as the top MITRE ATT&CK technique), rising identity attacks, infostealers, macOS threats, business email compromise, VPN abuse, and notable threats such as SocGholish, LummaC2, and HijackLoader, with guidance for detection and mitigation.