Argentina registered 5.7 billion cyber attack attempts during 2025, according to a new global threat survey prepared by FortiGuard Labs, the threat intelligence unit of Fortinet.
The data is part of the Global Report on the 2026 Threat Landscape, which analyzes the evolution of cybercrime over the last year and marks an underlying trend: attacks are faster, more automated and increasingly supported by artificial intelligence tools.
Although the companies’ reports show data related to their measurement systems and are not absolute parameters, they guide and provide an overview of what is happening in the world of computer systems and their protection against different types of threats, from viruses and hoaxes to ransomware (extortion through data encryption).
In Latin Americathe report states that there were around 843.3 billion cyberattack attempts during 2025. Brazil, Mexico and Colombia appear as the most affected countries in the region, while Argentina was exposed to a sustained volume of malicious activity, including 2 billion active scans.
The survey also warns that cybercrime operates with logic that is increasingly similar to that of an industry. There are access sellers, botnet operators, malware credential theft (known as infostealers) and offensive tools offered as a service on underground forums.
In fact, a few weeks ago, a report from the organization Digital Rights exposed how personal information is sold in data trading forums and Telegram, one of the best-known chat applications in the world.
The trend also appears in other surveys of the sector. In your M-Trends 2026Mandiant, the cybersecurity unit of Google Cloud, points out that the average time spent by attackers within a network rose by 11 to 14 daysdriven by espionage operations and campaigns linked to North Korean IT workers. And the same report indicates that the average time between an initial opportunistic access (such as a password theft) and the transfer to another criminal group fell from more than 8 hours in 2022 to just 22 seconds in 2025.
Faster attacks and expanding ransomware
One of the central points of the report is the drastic reduction in the time it takes for attackers to exploit critical vulnerabilities. According to FortiGuard Labs, exploitation time fell to a window of between 24 and 48 hours, compared to the 4.7 days recorded in previous reports.
This acceleration forces organizations to review their response times. “A published and unpatched vulnerability can become a gateway in a matter of hours, especially when attackers automate the recognition and exploitation stages“, they explain from the company.
The ransomware also showed a strong jump. FortiRecon identified 7,831 confirmed victims globally during 2025, compared to about 1,600 the previous year. The increase is equivalent to an increase of 389%, almost five times more in a single year.
At this point it is worth making a reservation: ransomware is decreasing in terms of economic return that cybercriminals can extract from their victims, but this does not mean that the threat has ceased to exist, quite the opposite.
In recent years, there have been cases that have had a lot of media impact. In the public sector, the cases included the Senate of the Nation, which suffered an attack with data hijacking, the PAMI, where cybercriminals published stolen information, including medical records, studies and personal data, and the UBA, which had to deal with the failure of systems used by teachers and students.
In the private sector, there were also relevant incidents: OCASA, with its website down, Ingenio Ledesma, which suffered data encryption and a ransom demand; and the Rossi Group, which brings together Rossi, Stamboulian and Laboratorio Hidalgo, affected by an attack that impacted medical study centers.
Thus, the extortion scheme is still active. In this context, the most affected sectors were manufacturing, financial services and commerce. The highest concentration of victims was recorded in United States, Canada and Germany, although the phenomenon has a global impact due to the connection between suppliers, clients, leaked credentials and shared access between companies.
“Cybercrime has become one of the most persistent and costly threats globally. Our latest report shows how malicious actors are leveraging artificial intelligence agents to execute increasingly sophisticated attacks,” said Derek Manky, global vice president of Threat Intelligence at FortiGuard Labs.
This is what he warned Gartnerwhich revealed that more than 57% of the employees consulted used personal generative AI accounts to work and that 33% admitted to having uploaded sensitive information to unapproved tools.
Stolen credentials, cloud and AI tools
The report also identifies digital identity as one of the weakest points in cloud environments. According to FortiCNAPP, the majority of cloud incidents in 2025 originated in stolen, exposed or misused credentials.
According to the report, the most impacted sectors were health and commerce, due to the volume of users, the number of integrations and the use of federated access. In those environments, a valid credential may be sufficient to enter internal systems without needing to exploit a complex technical flaw.
FortiGuard Labs research also detected an evolution in data theft. Attackers are increasingly targeting entire sets of information, rather than isolated credentials. In the dark web, databases and password compilations with users (what is known as “combolists” in jargon) accounted for more than two-thirds of the information announced and shared.
This change reduces the work of attackers, they explain, because in the same package they can find users, passwords, cookies, data saved in browsers and other elements that allow them to advance more quickly within a network.
Fortinet also revealed the presence of AI-powered offensive tools, including variants of WormGPT y FraudGPT (two malware generators that became well known in the world of cybersecurity and hacking), as well as solutions capable of automating attacks.
Thus, the data is consistent with a Microsoft data report, the Digital Defense Report 2025, where the Redmond-based company maintains that 28% of the security breaches investigated by its response team began with phishing or social engineering, while 18% originated from unpatched web assets and 12% from exposed remote services.
The attacks are becoming more sophisticated but, beyond their complexity, the entry point is usually to set foot inside the organization with social engineering.
Finally, a problem that the report reveals is the use of un”whitewashed” AI among organizations. IBM, in its Cost of a Data Breach Report 2025recorded that one in five organizations analyzed reported a gap linked to “shadow AI”, Additionally, 63% of affected organizations did not have an AI governance policy or were still developing one.
Technology is already present in various aspects, not only in daily life, but in work ecosystems around the world.