Reading the ENISA Threat Landscape 2025 report

The report emphasizes how the threat landscape is maturing, characterized by the rapid exploitation of vulnerabilities, the professionalization of cybercrime, and the increasing convergence between criminal, state-aligned, and hacktivist operations.

In parallel, hacktivist tooling and criminal ecosystems increasingly intersect. FunkSec’s emergence in late 2024 brought FunkLocker ransomware, blending political messaging with financial extortion, underscoring how quickly ideology-driven branding can pivot to monetization. Hacktivists, seeking funding and visibility, embraced ransomware beyond DDoS and defacements. CyberVolk, operating in line with Russian interests, has used and promoted multiple strains—AzzaSec, HexaLocker, Parano, as well as LockBit and Chaos—since May 2024. KillSec, originally a pro-Russia hacktivist brand aligned with Anonymous, debuted its platform in June 2024.

State-sponsored and state-aligned actors have simultaneously escalated long-term cyber-espionage campaigns, particularly targeting telecommunications, logistics networks, and manufacturing sectors within the EU. These operations showcase advanced tradecraft, including supply-chain compromises, modular malware, and abuse of signed drivers to maintain persistence and evade detection.

A growing concern highlighted in the report is the role of Artificial Intelligence. By early 2025, AI-assisted phishing and social engineering accounted for over 80% of observed global activity in this category. Attackers are exploiting jailbroken AI models, synthetic voice and video content, and model poisoning to automate reconnaissance, impersonation, and influence operations, making detection and attribution increasingly difficult.

To read the complete article see: Security Affairs.

Apply for our next conference in Kuala Lumpur on December 9th and 10th, 2025 at Rise Malaysia with the passcode: “6f&%dX”, no quotes. The call for papers is here: Call for Papers.