{
    "file_item": {
        "filepath": "threat-intelligence",
        "filename": "TLP-CLEAR-CERT-EU-TLR-2025-Year-V1.pdf"
    },
    "title": "Threat Landscape Report 2025 - A Year In Review",
    "publish_date": "08-04-2026 16:00:00",
    "description": "CERT-EU Cyber Threat Landscape Report for 2025 - Year Review",
    "url_title": "tlr2025",
    "content_markdown": "\nOur annual Threat Landscape Report 2025 is here, and there\u2019s a lot to unpack.\n\nIn 2025, the cyber threat landscape grew more complex. Threat actors diversified their methods, expanded their targets, and increasingly turned to artificial intelligence to sharpen their attacks. Global events\u2009\u2013\u2009from elections to armed conflicts to sanctions\u2009\u2013\u2009continued to fuel cyber operations against Union entities and their ecosystem.\n\nHere\u2019s what stood out in our [Threat Landscape Report 2025](https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf):\n\n- We tracked 174 threat actors, up from 110 last year. Union entities had critical exposure to five of them.\n- Cyberespionage and prepositioning remained the dominant motive at 38%.\n- We responded to nine significant incidents, seven of which were caused by vulnerability exploitation (including two zero-days).\n- Social engineering is moving beyond e-mail. Voice phishing, AI-generated deepfakes, OAuth abuse, and ClickFix attacks all gained ground.\n- For the first time, we analysed threats targeting 90 partner organisations. Public administrations accounted for 60% of that activity. \n- 198 software products used by Union entities were targeted: an 80% increase from 2024. \n- Edge devices (firewalls, VPNs, network appliances) remained the highest-impact entry points. They need to be patched first. \n\n[The report](https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf) also includes a new conclusion with strategic foresight for 2026 and ten prioritised recommendations: from phishing-resistant MFA to end-to-end encryption for sensitive communications.\n\nFor a summary, [read our blog post](https://www.cert.europa.eu/blog/threat-landscape-report-2025). For the full picture, [dive into the complete report](https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf).\n\n",
    "content_html": "<p>Our annual Threat Landscape Report 2025 is here, and there\u2019s a lot to unpack.</p><p>In 2025, the cyber threat landscape grew more complex. Threat actors diversified their methods, expanded their targets, and increasingly turned to artificial intelligence to sharpen their attacks. Global events\u2009\u2013\u2009from elections to armed conflicts to sanctions\u2009\u2013\u2009continued to fuel cyber operations against Union entities and their ecosystem.</p><p>Here\u2019s what stood out in our <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf\">Threat Landscape Report 2025</a>:</p><ul><li>We tracked 174 threat actors, up from 110 last year. Union entities had critical exposure to five of them.</li><li>Cyberespionage and prepositioning remained the dominant motive at 38%.</li><li>We responded to nine significant incidents, seven of which were caused by vulnerability exploitation (including two zero-days).</li><li>Social engineering is moving beyond e-mail. Voice phishing, AI-generated deepfakes, OAuth abuse, and ClickFix attacks all gained ground.</li><li>For the first time, we analysed threats targeting 90 partner organisations. Public administrations accounted for 60% of that activity. </li><li>198 software products used by Union entities were targeted: an 80% increase from 2024. </li><li>Edge devices (firewalls, VPNs, network appliances) remained the highest-impact entry points. They need to be patched first. </li></ul><p><a rel=\"noopener\" target=\"_blank\" href=\"https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf\">The report</a> also includes a new conclusion with strategic foresight for 2026 and ten prioritised recommendations: from phishing-resistant MFA to end-to-end encryption for sensitive communications.</p><p>For a summary, <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cert.europa.eu/blog/threat-landscape-report-2025\">read our blog post</a>. For the full picture, <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf\">dive into the complete report</a>.</p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}