Valid account credentials without multi-factor authentication continued to be the dominant initial access vector in cyberattacks last quarter, accounting for 56% of all cybersecurity incidents during the first three months of 2025, Infosecurity Magazine reports.Vulnerability exploitation and brute force attacks were the next most common initial access techniques harnessed in attacks over the same period, with the FortiOS and FortiProxy race condition authentication bypass flaw, tracked as CVE-2024-55591, leveraged to compromise firewalls, according to Rapid7 research presented at Infosecurity Europe 2025. Threat actors were also found to have exploited exposed remote desktop protocol services, SEO poisoning, and exposed remote monitoring and management tools to infiltrate targeted systems. Additional findings showed that 40% of all attacks during the first quarter involved the BunnyLoader malware-as-a-service loader, which features credential theft and additional malware delivery capabilities. Manufacturing was most targeted by cyber incidents, followed by business services, communications, healthcare, retail, and finance.
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Meta has revealed plans to roll out passkeys for Facebook on Android and iOS soon, as well as for Messenger in the coming months, in a bid to bolster user account security, The Hacker News reports.
