Ransomware attacks are on the rise, zero-day vulnerabilities are increasing, and your IP camera could be the next target.

Cyber attackers are increasingly exploiting overlooked and unconventional corners of networks, as highlighted in Forescout’s 2025H1 Threat Review. The report reveals a staggering 46 per cent rise in zero-day exploits and an average of 20 ransomware attacks per day. An analysis of over 23,000 vulnerabilities and 885 threat actors across 159 countries indicates that adversaries are now targeting non-traditional equipment, such as edge devices, IP cameras, and BSD servers. These entry points facilitate lateral movement across IT, OT, and IoT environments, enabling attackers to penetrate deeper into networks and compromise critical systems. Sai Molige, Senior Manager of Threat Hunting at Forescout, notes that attackers often gain initial access through overlooked IoT devices or infostealers, subsequently pivoting across various environments. The ValleyRAT hunt, which uncovered the Chinese threat actor Silver Fox targeting healthcare systems, exemplifies how these attackers exploit blind spots to escalate access.

The report further reveals a shift towards exploiting older vulnerabilities and unconventional devices, with 47 per cent of newly exploited vulnerabilities published before 2025. Published vulnerabilities increased by 15 per cent, with 45 per cent rated as high or critical. Zero-day exploitation surged by 46 per cent, and CVEs added to CISA KEV jumped by 80 per cent. Ransomware actors are increasingly targeting non-traditional equipment, which often lacks Endpoint Detection and Response (EDR) capabilities, making them ideal for undetected lateral movement. Ransomware incidents rose by 36 per cent year on year, with 3,649 documented attacks in the first half of 2025. The United States was the primary target, accounting for 53 per cent of all incidents, with the healthcare sector being particularly vulnerable, averaging two breaches per day. Nearly 30 million individuals were affected by breaches in H1 2025, with 76 per cent stemming from hacking or IT incidents. Researchers have identified trojanized DICOM imaging software delivering malware directly to patient systems, blurring the lines between hacktivists and state-sponsored actors. 

Categories: Cybersecurity Threats, Vulnerability Exploitation, Targeted Sectors 

Tags: Cyber Attackers, Zero-Day Exploits, Ransomware Attacks, Vulnerabilities, Lateral Movement, IoT Devices, Critical Infrastructure, Healthcare Breaches, Unconventional Entry Points, Threat Actors