Millions of unsecured Wi-Fi networks are putting data at risk
New threat intelligence from Zimperium reveals over five million unsecured public Wi-Fi networks have been detected globally since the beginning of 2025, with a staggering 33 percent of users still connecting to these open networks, putting enterprise data at risk in the process.
“Mobile devices are now a primary gateway to corporate data, but during travel, they’re also the most vulnerable,” says Kern Smith, VP of global solutions at Zimperium. “Unsecured Wi-Fi, phishing disguised as travel alerts, and risky sideloaded apps are creating an ideal attack surface for cybercriminals -- especially in peak travel months.”
Researchers have identified significant spikes in mobile malware activity across Southeast Asia, with Vietnam, Malaysia, and the Philippines experiencing some of the highest infection volumes. Notably, Luxembourg has emerged as a global outlier with elevated mobile malware targeting international travelers and corporate devices.
In the US, major cities like Los Angeles, New York, Portland, Miami, and Seattle are now seeing increased levels of mobile threats, driven by high numbers of business and vacation travelers, high mobile usage, and widespread unsecured network access. For enterprises with mobile workforces, this trend represents a growing risk of data exposure and potential breach.
Vishrut Iyengar, senior solutions manager at application security company Black Duck, says, “Security teams should no longer treat mobile as an isolated or secondary concern. Mobile applications need to be tested continuously, on real devices, and incorporated into a broader application security strategy. This strategy should cover proprietary code, third-party SDKs, and open-source components to ensure complete risk coverage and application security without compromise.”
The most common threats facing traveling employees include: Man-in-the-Middle (MiTM) attacks via public or rogue Wi-Fi, phishing disguised as travel alerts, such as fake itineraries or boarding passes, risky sideloaded apps downloaded during travel, and captive portals collecting emails or phone numbers, increasing phishing risk.
“These are not hypothetical threats. They’re happening now, and they’re hitting devices that may lack even basic protection,” adds Smith.
You can read more on the Zimperium blog.
Image credit: Maxsims/Dreamstime.com