ENISA Threat Landscape 2025
- Katarzyna Celińska
- 13 minutes ago
- 1 min read
It’s been a while since European Union Agency for Cybersecurity (ENISA) released its new Threat Landscape 2025 report, and I finally had time to dig into it properly.
Interestingly, the timing coincides with the release of the Microsoft Digital Defense Report 2025, which makes it perfect to compare both perspectives.
And here’s the irony that made me laugh — while Microsoft’s report offers a wide range of recommendations and insights, in ENISA’s findings Microsoft also ranks:
#1 vendor in Known Exploited Vulnerabilities, and
#2 vendor in Disclosed Vulnerabilities.
Photo: https://pl.freepik.com/
Summary
➡️ Ransomware, data breaches, and supply chain attacks remain the top-tier threats.
➡️ Hacktivism has resurged dramatically.
➡️ AI-enhanced attacks — including phishing, deepfakes, and impersonation.
➡️ Cloud exploitation continues to increase due to configuration errors, third-party dependencies, and hybrid complexity.
➡️ Zeroday vulnerabilities are being weaponized faster, with disclosure-to-exploitation times now measured in days, not weeks.
➡️ Ransomware groups shifted from financial extortion to hybrid motives.
➡️ Supply chain attacks are now considered the most impactful threat category due to cascading consequences across sectors.
➡️ Critical infrastructure (remains a top target.
I’ve been reading ENISA’s reports since the very beginning, and I have to admit — they remain comprehensive and neutral threat intelligence publications available. However, it’s fascinating to compare them with industry-driven analyses like Microsoft’s Digital Defense Report 2025. Both share common ground, but differ in narrative. This post is just the beginning — in the next updates, I’ll break down the most interesting findings and recommendations from the report.
Author: Sebastian Burgemejster
Comments