The 2025 Identity Threat Landscape Report highlights a massive surge in credential theft driven by infostealer malware, with LummaC2 leading the ecosystem. A critical finding is the widespread theft of active session cookies, which allows attackers to bypass multi-factor authentication (MFA) and directly access high-value corporate systems, VPNs, and cloud platforms.