1、By Insikt GroupAugust 28,2025H1 2025 Malware and Vulnerability TrendsVulnerabilities in Microsoft products and edge security appliances were the most exploited in H1 2025,with state-sponsored actors driving over half of observed exploitation campaigns.RATs such as XWorm and Remcos overtook infosteal

2、ers as primary tools for persistent access and data theft compared to H1 2024,while ransomware groups adopted new affiliate models and evasion tactics.Android banking trojans adopted overlays and NFC relay attacks for real-world fraud,while Magecart operators expanded beyond Magento to WooCommerce a

3、nd used modular e-skimmers to evade detection.CYBERTHREATANALYSISCYBER THREAT ANALYSIS Executive Summary The first half of 2025 H1 2025 reflected a rapidly evolving threat landscape defined by the convergence of persistent legacy threats and advanced new tactics.The total disclosed CVEs increased by

4、 16%from H1 2024,and threat actors exploited 161 vulnerabilities 1with assigned CVEs,with nearly half linked to malware or ransomware campaigns.Microsoft remained the most targeted vendor,while edge security and gateway devices continued to be high-value targets for initial access.Malware activity w

5、as similarly dynamic:while law enforcement takedowns disrupted major players like LummaC2,a resurgence of legacy malware such as Sality indicated that old tools still offer utility for modern actors.Remote access trojans RATs like AsyncRAT,XWorm,and Remcos also gained prominence,marking a tactical s

6、hift away from the previous dominance of dedicated information stealers(infostealers)in H1 2024 toward more versatile tools that combine data theft capabilities with persistent,hands-on access.Mobile malware threats continued to grow in H1 2025,with Android banking trojans adopting virtualization-ba