December 2025 saw sustained high cyber threat activity, with ransomware remaining at record levels and attackers rapidly exploiting critical authentication bypass and pre-auth RCE vulnerabilities across enterprise and perimeter technologies. Ransomware disclosures averaged ~724 victims across 40+ active groups, led by Qilin and Akira, while multiple large-scale data breaches highlighted growing supply chain and third-party risk. India experienced notable activity through hacktivist-driven DDoS campaigns, ransomware incidents, and major crackdowns on cross-border fraud operations. Overall, the month reinforced a clear shift toward large-scale, multi-vector attacks combining ransomware, zero-days, and downstream compromise.
Key Highlights
- 724 ransomware disclosures across 40+ active groups
- Rapid exploitation of multiple critical enterprise and network vulnerabilities
- Major data breaches driven by third-party compromise and misconfiguration
- Elevated hacktivist DDoS activity impacting public-facing services
- Continued ransomware, DDoS, and fraud-related cyber activity in India
Click here to read the full threat report: Complete December 2025 Threat Intelligence Briefing