SAN FRANCISCO, Aug 12 (Bernama-GLOBE NEWSWIRE) —Picus Security, the leading security validation company, today released the Blue Report™ 2025, based on more than 160 million real-world attack simulations in live production environments. Now in its third year, the report provides a data-driven assessment of how well security controls perform against today’s threats — and this year’s findings are the most concerning to date.
While cyberattacks grow in both volume and sophistication, defensive effectiveness is declining. This year’s data paints a particularly grim picture: In 46% of environments, at least one password hash was successfully cracked, and data exfiltration attempts were only stopped 3% of the time, down from 9% in 2024. Combined, these trends show how quickly a single compromised credential can open the door to lateral movement and large-scale data theft. With infostealer malware tripling in prevalence and attackers increasingly bypassing defenses using valid logins, organizations face escalating risk from persistent and nearly invisible threats.