By Limor Kessem
Publication Date: 2026-02-25 00:00:00
Reviewing the trends from our 2025 incident response and investigations data, the exploitation of public-facing applications emerged as the most common initial access vector—up 44% from the previous year. The expanding vulnerability landscape, amplified by misconfigurations and increasingly complex application stacks, continues to broaden the attack surface. Notably, many exploited vulnerabilities did not require authentication, emphasizing the need for more rigorous access control, patch governance and secure implementation practices.
The rapid growth of AI chatbot adoption has created an additional credential harvesting ecosystem. In 2025, over 300,000 ChatGPT credential sets were advertised on the dark web, driven largely by infostealer malware operators who expanded their target lists to include AI services. Password reuse across personal and enterprise accounts continues to create indirect attack paths, where low-value consumer credentials are leveraged for high-value…
