Critical Start’s Cyber Research Unit (CRU) has released its H1 2025 Cyber Threat Intelligence Report, providing an in-depth look at the rapidly evolving global cyber threat landscape. The report highlights that Banking and Finance has overtaken Manufacturing as the most targeted sector, followed by Business Services, Retail, and Healthcare. These industries face heightened risks due to sensitive data, legacy systems, and reliance on third-party platforms. It also notes a growing concentration of ransomware activity among five major groups — Clop, Akira, Qilin, RansomHub, and Play — which now account for over 43% of tracked incidents. These groups use sophisticated, multi-stage attacks combining data theft, extortion, and repeated targeting of victims, creating significant operational and financial disruption. The report emphasizes that credential-based threats have now surpassed phishing as the primary attack vector, with techniques like Valid Accounts and Password Spraying becoming increasingly dominant. Emerging risks include the use of generative AI to automate phishing and accelerate software supply chain attacks, the exploitation of communication platforms such as Microsoft Teams and WhatsApp for phishing and impersonation, and state-sponsored cyber warfare targeting critical infrastructure and operational technology systems. Critical Start advises organizations to focus on strengthening identity security, leveraging AI-powered detection systems, enhancing ransomware response strategies, securing operational technology environments, and hardening software supply chains to build resilience against today’s most advanced cyber threats.