The latest report from Fortinet, a cybersecurity company, shows a sharp increase in AI-enabled cybercrime, faster attack cycles, and a major spike in ransomware victims worldwide. These findings are included in its 2026 Global Threat Landscape Report from FortiGuard Labs.
Based on FortiGuard Labs telemetry, the report analyzes cyberattacks in 2025 using the MITRE ATT&CK framework. It shows that modern cybercrime is no longer made up of isolated attacks. Instead, it now operates like a connected system, with attackers using AI tools to speed up the entire attack process from start to finish.
“Cybercrime is one of the world’s most widespread and costly threats, and our latest Global Threat Landscape Report shows how malicious actors are starting to use agentic AI to carry out more advanced attacks,” said Derek Manky, chief security strategist and global VP of threat intelligence, Fortinet FortiGuard Labs. “As cybercriminals increasingly use AI to strengthen their tactics, defenders must evolve cybersecurity operations into industrial-scale defense and adopt AI-enabled tools that respond at the same speed as modern threats.”
Time-to-exploit has dropped sharply to 24-48 hours for critical vulnerabilities, compared to 4.76 days in previous reports. In some cases, attackers began exploiting systems within hours of public vulnerability disclosures.
Ransomware victims jump 389%
FortiRecon data found 7,831 confirmed ransomware victims globally, up from about 1,600 in the 2025 report. The increase is linked to AI-powered crime tools such as WormGPT, FraudGPT, and BruteForceAI. The most targeted sectors were manufacturing (1,284 victims), business services (824), and retail (682). The United States led with 3,381 cases, followed by Canada (374) and Germany (291).
FortiCNAPP intelligence showed most cloud breaches came from stolen or misused login credentials, not system hacks. Hospitals and retail firms were the top targets due to large identity systems and complex access setups.
Attackers are using “shadow agents” and AI-based tools to automate hacking tasks. While brute force attempts dropped 22% year over year, attackers still carried out about 67.65 billion global attempts using smarter targeting methods.
Credential-stealing malware also remains widespread, led by RedLine (911,968 infections), Lumma (499,784), and Vidar (236,778).
Fortinet and Crime Stoppers International also launched a Cybercrime Bounty program to encourage safe reporting of cyber threats through anonymous submissions.