Identity-based cyberattacks are now among the most serious and fastest-growing online threats affecting both individuals and organisations across the world. New research from Sophos X-Ops counter threat unit (CTU) shows that the number of stolen login details for sale on the dark web has increased by 106% between June 2024 and June 2025. This sharp rise demonstrates how hackers now view digital identities as a valuable commodity in the world of cybercrime. The Sophos active adversary report revealed that stolen credentials are once again the main cause of cyberattacks for the second year in a row. According to the report, 56% of all incidents investigated by Sophos’ managed detection and response (MDR) and incident response teams involved criminals logging into remote systems usin

See Full Page