Credential Theft Surge in H2 2025 as AI‑Powered Infostealers Enable Log‑In Abuse
What Happened – In the second half of 2025, credential theft rates jumped sharply, driven by the industrial‑scale deployment of infostealer malware and AI‑enhanced social‑engineering campaigns. Attackers are increasingly “logging in” with stolen credentials rather than exploiting technical vulnerabilities. The trend spans multiple sectors and threatens any organization that relies on password‑based authentication.
Why It Matters for TPRM –
- Credential‑based attacks bypass traditional perimeter defenses, exposing third‑party data flows.
- AI‑generated phishing increases success rates, making credential hygiene a critical control for vendors.
- The rise in “login abuse” amplifies the risk of downstream supply‑chain compromise.
Who Is Affected – Enterprises across finance, healthcare, SaaS, retail, and other verticals that store or transmit user credentials.
Recommended Actions –
- Enforce MFA for all privileged and remote access accounts.
- Deploy continuous credential‑theft monitoring and dark‑web scanning for vendor accounts.
- Conduct regular phishing‑resilience training and simulate AI‑driven social‑engineering attacks.
- Review and tighten password‑reuse policies across the supply chain.
Technical Notes – Attack vector: AI‑enabled phishing and malicious infostealer malware that harvests saved passwords, browser data, and credential caches. No specific CVE cited; the threat is operational rather than software‑vulnerability‑based. Source: Dark Reading – More Attackers Are Logging In, Not Breaking In