Rapid7 Q3 2025 Threat Landscape Report Highlights Ransomware Activity and AI Weaponization

Rapid7 released its Q3 2025 Threat Landscape Report, detailing the evolving tactics of threat actors, including the integration of Artificial Intelligence (AI) and the ongoing patterns in vulnerability exploitation. The report draws on data from Rapid7’s Intelligence Hub, AttackerKB, and Managed Detection and Response (MDR) telemetry to inform organizations about adapting to the changing threat landscape.

Raj Samani, Chief Scientist at Rapid7, stated that ransomware strategies have matured significantly, with groups resembling shadow corporations that employ infrastructure and public relations tactics to project dominance. This shift in operational strategies presents heightened risks to various industries.

The report notes a 21% decrease in newly exploited vulnerabilities from Q2 to Q3, yet there remains a focus on older, unpatched vulnerabilities, indicating that long-standing weaknesses persist as viable attack vectors. The exploitation of weaknesses in Microsoft SharePoint (CVE-2025-53770) exemplifies the immediate risks following vulnerability disclosures.

Christiaan Beek, Senior Director of Threat Intelligence and Analytics at Rapid7, emphasized the urgency for organizations to act immediately upon the disclosure of any vulnerability, as attackers are ready to exploit these weaknesses without delay.

Additionally, the report indicates a rise in ransomware groups, which increased from 65 in Q2 to 88 in Q3. These groups are exploring new tactics, such as fileless attacks, single-extortion data leaks, and forming alliances to enhance their capabilities in targeting industries such as healthcare and manufacturing.

The emergence of Generative AI (GenAI) tools is also outlined, with cybercriminals leveraging these technologies to create more sophisticated phishing campaigns and adaptive malware. Nation-state actors from Russia, China, and Iran are adapting their strategies, focusing on supply chains, identity systems, and stealth operations.

This report provides business leaders with valuable insights into the current cyber threat environment, stressing the importance of proactive vulnerability management and awareness to mitigate risks associated with ransomware and evolving cyber offense tactics.