Hackers are increasingly exploiting public-facing applications to launch devastating cyber attacks, according to new research from IBM.
In its 2026 X-Force Threat Intelligence Index, IBM says such hacks have risen by 44 per cent. Their rise can be attributed to hackers leveraging missing authentication protocols and AI tools for finding security vulnerabilities.
Ransomware and extortion also continue to be a big problem, with the number of active groups in these vectors increasing by 49 per cent in the past year. The number of victims affected by these attacks increased by 12 per cent, based on publicly available data, IBM added.
IBM said it’s becoming increasingly easier for hackers to conduct ransomware attacks due to leaked tooling and hacking playbooks. Meanwhile, automated tools are enabling hackers to ramp up their ransomware campaigns.
Another increasing cybercrime trend is hackers targeting the software supply chain, which often provides an entrypoint into enterprise systems. Major attacks in this area have grown fourfold in the last six years.
Once the focus of nation-state hackers with deep pockets, supply chain attacks can now be perpetuated by any cybercriminal gang looking to make big bucks. This, according to IBM, is because the supply chain attack tactics adopted by nation-state hackers are being shared across dark web hacking forums.
Most of the cyber attacks analysed by IBM’s X-Force threat intelligence experts happened because hackers exploited security vulnerabilities in software. This was the case for 40 per cent of incidents.
While hackers are increasingly leveraging AI tools to conduct cyber attacks, they’re also actively targeting mainstream AI tools themselves. By deploying info-stealing malware, IBM claims cyber crooks were able to harvest 300,000 ChatGPT credentials last year. This provides the basis for stealing personal information stored in AI applications and tampering with their code for output manipulation.
Elsewhere in IBM’s new research, it found that manufacturing was the industry most commonly targeted by hackers in 2025 – a trend that has stayed the same for the past five years. Twenty-nine per cent of IBM X-Force-detected cyber incidents affected manufacturing firms. And 24 per cent of all attacks impacted American victims, which hasn’t been the case for six years.
Mark Hughes, global managing partner for cybersecurity services at IBM, said: “Attackers aren’t reinventing playbooks, they’re speeding them up with AI. The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed.
“With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.”
