Author: Alexander Ivanyuk — Senior Director, Technology
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in October 2025 and reflect threats that Acronis detected, as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Incident of the month
In October 2025, cybersecurity and networking giant F5 Networks confirmed a major breach that reportedly lasted over a year and was linked to a Chinese state-sponsored hacking group. The attackers maintained undetected access to F5’s internal systems for at least twelve months, raising concerns about potential risks to customers relying on the company’s security infrastructure.
F5 stated that its operations and customer services were not directly affected, but experts warned that any compromise of a core security vendor could have serious downstream effects, including exposure of client data or configuration information. The long intrusion suggested a targeted espionage campaign focused on intelligence gathering rather than financial theft.
The breach highlighted the growing threat of state-backed attacks against technology and cybersecurity providers. It also reignited debate about supply chain security and the vulnerability of trusted vendors whose software and infrastructure underpin critical global networks. While details of the breach remain limited, the incident stands as one of 2025’s most serious cybersecurity compromises, demonstrating that even top-tier security companies remain vulnerable to sustained, highly sophisticated adversaries.
October web-based threat detections
In October, Acronis Cyber Protect blocked almost 13.8 million dangerous URLs on endpoints.
The below tables show the percentage of Acronis clients that had at least one web-based threat blocked at the endpoint, as well as the normalized percentage of clients with at least one web-based threat detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behaviour-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional email security and URL filtering can help you protect against social engineering threats. And, your Acronis #CyberFit score helps you quickly identify systems that need attention, while integrated patch management makes updating your software to the latest versions simple.
Acronis XDR for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.
