--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: The Cybersecurity Service for the Union institutions, bodies, offices and agencies --- Our annual Threat Landscape Report 2025 is here, and there’s a lot to unpack. In 2025, the cyber threat landscape grew more complex. Threat actors diversified their methods, expanded their targets, and increasingly turned to artificial intelligence to sharpen their attacks. Global events – from elections to armed conflicts to sanctions – continued to fuel cyber operations against Union entities and their ecosystem. Here’s what stood out in our [Threat Landscape Report 2025](https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf): - We tracked 174 threat actors, up from 110 last year. Union entities had critical exposure to five of them. - Cyberespionage and prepositioning remained the dominant motive at 38%. - We responded to nine significant incidents, seven of which were caused by vulnerability exploitation (including two zero-days). - Social engineering is moving beyond e-mail. Voice phishing, AI-generated deepfakes, OAuth abuse, and ClickFix attacks all gained ground. - For the first time, we analysed threats targeting 90 partner organisations. Public administrations accounted for 60% of that activity. - 198 software products used by Union entities were targeted: an 80% increase from 2024. - Edge devices (firewalls, VPNs, network appliances) remained the highest-impact entry points. They need to be patched first. [The report](https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf) also includes a new conclusion with strategic foresight for 2026 and ten prioritised recommendations: from phishing-resistant MFA to end-to-end encryption for sensitive communications. For a summary, [read our blog post](https://www.cert.europa.eu/blog/threat-landscape-report-2025). For the full picture, [dive into the complete report](https://www.cert.europa.eu/publications/threat-intelligence/tlr2025/pdf).