Threat research

Prepare for today's changing threat landscape

Understand threat actors' targets and attack behaviors with the 2025 Elastic Global Threat Report — designed to provide your cybersecurity team with crucial insights for the upcoming year.

Get the free report

Threat research you can't get anywhere else

The annual Elastic Global Threat Report reveals real-world adversary actions through billions of data points from our unique telemetry, built on Elastic’s Search AI Platform. This year, we discovered:

  • 32
    %

    Of attacks on Windows focus on execution, double the rate from last year

  • 16
    %

    More generic threats were detected, a rise likely driven by AI

  • 60
    %

    Of cloud attacks focus on initial access, persistence, and credential access

Looking for more?

Check out other assets from the 2025 Elastic Global Threat Report:

  • Executive Summary

    Adversary actions in 2025
    Read executive summary

  • Webinar

    Discovering today's threat landscape: The 2025 Elastic Global Threat Report

    Register for the webinar

  • Video

    Watch Elastic CISO Mandy Andress break down the latest Global Threat Report (GTR) recommendations to help CISOs and their teams strengthen your defenses.

    Watch video

Threat research for everyone

Our team of veteran security researchers, Elastic Security Labs, regularly publishes long-form reports on topics of all kinds, including:

Frequently asked questions

What is the Elastic Global Threat Report?

The Elastic Global Threat Report is a report from Elastic Security Labs that explores a full year of security telemetry. The Global Threat Report provides a comprehensive look at several threat topics, including malware, cloud, endpoint, and adversarial campaigns. 

Where does Elastic get the threat data from?

The telemetry analyzed for the Global Threat Report comes from both public data and Elastic's private data, as well as voluntary user and customer sources.

What months make up the Global Threat Report?

The 2025 Elastic Global Threat Report analyzed data from June 2024 to July 2025 and was published on October 8, 2025.

Where can I find previous reports?

All previous iterations of the Global Threat Report can be found in the Report section of the Elastic Security Labs site.

What threat research does Elastic do?

In addition to our various long-form publications, Elastic Security Labs regularly publishes in-depth articles on threat research, detection engineering, generative AI, and more! Check out the library.

Explore Elastic Security

  • "en": "Blog with pencil", "cn": "用铅笔写博客", "de": "Blog mit Stift", "es": "Blog y lápiz", "fr": "Bloc-notes avec crayon", "jp": "ペンと執筆記事", "kr": "연필이 있는 블로그", "pt": "Blog com lápis"

    Empower your SOC

    Resist advancing threats with AI-driven security analytics, the future of SIEM.

    SIEM, simplified

  • Work smarter with AI

    Detect sooner, investigate faster, and respond before threats have a chance with the Search AI Platform.

    AI for security
  • "en": "Documents", "cn": "文档", "de": "Dokumente", "es": "Documentos", "fr": "Documents", "jp": "ドキュメント", "kr": "문서", "pt": "Documentos"

    Fueled by Elastic Security Labs

    Explore detailed security research on threats, malware, protections, and more from our experts.

    Study our research