Tue Apr 21, 2026

Cognyte 2026 Threat Landscape Report: AI Accelerates Cyber Threats as Ransomware Surges Worldwide

Analysis of global cyber activity in 2025 reveals evolving attacker tactics, increased reliance on AI, and sharply different threat patterns across regions

HERZLIYA, Israel, April 21, 2026Cognyte Software Ltd. (NASDAQ: CGNT) (“Cognyte”), a global leader in investigative analytics software, released new findings from its LUMINAR Threat Intelligence Group in the LUMINAR 2026 Annual Threat Report. The report analyzes the global threat landscape, showing how AI is reshaping cyber operations, ransomware is rising worldwide and attackers are exploiting vulnerabilities and stolen credentials at scale. It also reveals distinct regional threat patterns and documents what Cognyte refers to as the first known AI-orchestrated cyber espionage campaign using a popular LLM.

“We’re seeing a fundamental shift in how cyber threats are carried out and scaled,” said Gilad Zahavi, Cognyte’s VP of Threat Intelligence. “AI, ransomware groups and nation-state actors are no longer separate challenges – they’re increasingly working in tandem, creating attacks that move faster and are harder to detect. Organizations must prepare for a threat landscape that is changing faster than ever.”

Key Findings in the LUMINAR 2026 Threat Landscape Report

AI is increasingly used by cyber attackers and defenders.

  • In 2025, AI enabled attackers to automate up to 80–90% of a specific nation-state espionage campaign and generate most phishing content (82.6%), while defenders used LLM-assisted tools to identify vulnerabilities, including the zero-day CVE-2025-6965.

Exploited vulnerabilities remain a key attack vector.

  • In 2025, nearly 50,000 new vulnerabilities were disclosed (average CVSS score of 6.6), with major flaws such as React2Shell (CVE-2025-55182) widely discussed on the dark web, while Linux Kernel recorded the highest number of reported vulnerabilities (2,257).

Stolen credentials remain a major driver of cyber intrusions.

  • In 2025, stolen credentials were linked to 22% of data breaches, even as dark web sales ads dropped by about 50% (to ~7 million), with the Lumma infostealer responsible for 2.2 million listings – roughly 42% of the total.

Ransomware attacks are on the rise globally.

  • In 2025, ransomware groups claimed 7,809 victims – a 27.3% increase year over year – led by the Qilin group (12.8% of attacks), while total payments fell 23% as attackers increasingly shifted toward targeting small and medium-sized businesses.

Threat activity varies significantly by region, reflecting different dominant actors and priorities.

  • The U.S. accounted for roughly one-third of global ransomware incidents, while nation-state activity dominated the Middle East (56.6%) and APAC (67%); cybercriminal groups led in North America (52%) and showed a similar pattern in Europe, with notable state-linked involvement.

The 2026 LUMINAR Threat Landscape Report also includes an overview of Cognyte’s recommendations and general best practices to protect against the common threat vectors and threats addressed in the report. The full report is available for download here.

Research Methodology

Cognyte’s 2026 LUMINAR Threat Landscape Report is based on in-depth analysis of cybersecurity incidents worldwide in 2025, supported by AI-driven insights and data from the company’s proprietary threat intelligence repository. The LUMINAR Threat Intelligence Group analyzed more than 2,300 real-life cyber incidents using generative AI capabilities, where they uncovered new attack vectors, emerging ransomware groups and the continued evolution of trends first identified in 2024.

LUMINAR is AI-driven external threat intelligence software that enables security and risk management leaders to maintain visibility of their threat landscape. By consolidating all critical threat intelligence capabilities into a unified solution, users can extract timely, accurate and actionable insights that can be applied before, during and after threats reach an organization.

About Cognyte

Cognyte is a leading software-driven technology company focused on solutions for investigative analytics that enable customers to generate Actionable Intelligence for a Safer World™.​ Cognyte’s solutions empower law enforcement, national security and military intelligence agencies, as well as other organizations, in navigating an increasingly complex threat landscape. With offerings that leverage advanced technologies, including artificial intelligence (AI) and analytics Cognyte helps customers make sense of complex, multi-source data supporting informed, mission-critical investigations and operations. Hundreds of customers worldwide rely on Cognyte’s investigative analytics solutions to uncover insights and reveal what matters, across fragmented data and organizational silos, enabling confident decision-making in high-stakes environments.​ Learn more at www.cognyte.com

### 
Media Relations Contact: 
Michelle Allard McMahon
Rainier Communications on behalf of Cognyte Software
[email protected]

LET'S EMPOWER INVESTIGATIVE ANALYTICS

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors