Cybersecurity risks continued to climb worldwide as the latest Kaspersky Security Bulletin 2025 statistics report highlights a sharp rise in several key threat categories.
Methodology and reporting period
All statistics in this report are based on data from the Kaspersky Security Network (KSN), a global cloud service that aggregates telemetry from security components installed on user devices. Millions of Kaspersky customers around the world voluntarily contribute this information, enabling detailed tracking of emerging threats.
The bulletin covers the period from November 2024 through October 2025. However, it is important to note that this edition does not include mobile-related data, which the company plans to disclose separately in its annual mobile malware report. That said, the current snapshot already shows a significant escalation in desktop and laptop attacks.
Overall exposure of Windows and macOS users
During the reporting period, 48% of Windows users and 29% of macOS users faced at least one cyberthreat detected by Kaspersky solutions. These figures characterize the broad reach of current attacks across both major desktop platforms. Moreover, they emphasize that Apple systems, while traditionally perceived as safer, remain a meaningful target for cybercriminals.
The data suggests that almost one in two Windows users and nearly one in three macOS users encountered malicious activity of some kind. However, the specific type and origin of these threats can vary widely, from web-based infections to on-device payloads delivered through compromised software or removable media.
Web versus on-device threats
Across all platforms, 27% of Kaspersky users were exposed to web threats, while 33% of users were affected by on-device, or local, threats during the same period. These numbers indicate that attacks delivered directly to the device remain at least as significant as browser-based compromises. Moreover, organizations should account for both vectors in their endpoint protection strategies.
The highest share of users affected by web threats was recorded in the CIS region, where 34% of users encountered online attacks. However, local threats were most prevalent in Africa, where they were detected on 41% of user systems. This regional divergence underlines how infrastructure, connectivity patterns, and local cybercrime ecosystems shape risk profiles.
Password stealers and spyware on the rise
Kaspersky reports that its solutions prevented nearly 1.6 times more password stealer attacks during the period compared to the previous year. This sharp growth shows that credential theft remains a core objective for many threat actors, whether they target individuals, enterprises, or financial platforms. Moreover, stolen passwords can fuel further intrusions and fraud.
The trend is even more pronounced in APAC, where detections of password stealers surged by 132% year-on-year. This APAC cyberthreat surge suggests that regional users and businesses are increasingly in the crosshairs of credential-focused campaigns, which often exploit phishing, malicious downloads, or compromised websites.
Alongside these figures, Kaspersky solutions also detected 1.5 times more spyware attacks than in the previous year. However, the bulletin does not just highlight the raw increase; it also implies growing sophistication in surveillance-focused malware, which can silently exfiltrate sensitive data or monitor user activity over extended periods.
Positioning within the wider Kaspersky Security Bulletin series
This installment of the Kaspersky Security Bulletin continues the annual tradition of outlining the most significant trends in attacks observed through KSN telemetry. The 2025 statistics section concentrates on desktop and laptop environments, with mobile insights to follow in a dedicated publication. That said, the figures already help contextualize the evolving strategies of cybercriminals.
Within this broader series, the current statistics refine the picture of how kaspersky security technologies interact with real-world threat campaigns. They show not only where attacks are most common, but also which techniques, such as password theft and spyware deployment, are gaining momentum across regions.
Outlook and where to find the full data
The numbers from November 2024 to October 2025 underscore a clear message: credential theft, spyware, and both web-based and local infections are intensifying in many parts of the world. Moreover, differing regional patterns in the CIS, Africa, and APAC highlight why security strategies must be tailored to local realities rather than relying solely on global averages.
Readers seeking deeper, country-level breakdowns and additional yearly web threat statistics can view the full report, which provides extended charts, comparative baselines with the previous year, and a more granular view of how these attacks evolve over time.
In summary, the Kaspersky Security Bulletin 2025 statistics show that nearly half of Windows users and a sizable share of macOS users faced cyber risks between late 2024 and late 2025, while password-stealing malware and spyware grew strongly in both global and regional terms.
Source: https://en.cryptonomist.ch/2025/12/02/kaspersky-security-bulletin-2025/