As travel surges this summer, Zimperium, the global leader in mobile security, is sounding the alarm on escalating mobile cyber threats targeting employees on the move.
According to new threat intelligence from Zimperium, over 5 million unsecured public Wi-Fi networks have been detected globally since the beginning of 2025—with a staggering 33% of users still connecting to these open networks, putting enterprise data at immediate risk.
Mobile devices are now a primary gateway to corporate data, but during travel, they’re also the most vulnerable. Unsecured Wi-Fi, phishing disguised as travel alerts, and risky sideloaded apps are creating an ideal attack surface for cybercriminals—especially in peak travel months.
Zimperium researchers have identified significant spikes in mobile malware activity across Southeast Asia, with Vietnam, Malaysia, and the Philippines experiencing some of the highest infection volumes. Notably, Luxembourg has emerged as a global outlier with elevated mobile malware targeting international travelers and corporate devices.
In the U.S., major cities like Los Angeles, New York, Portland, Miami, and Seattle are now seeing increased levels of mobile threats, driven by high numbers of business and vacation travelers, high mobile usage, and widespread unsecured network access. For enterprises with mobile workforces, this trend represents a growing risk of data exposure and potential breach.
According to the Zimperium 2025 Global Mobile Threat Report, attackers are actively shifting to a mobile-first attack strategy. The most common threats facing traveling employees include:
- Man-in-the-Middle (MiTM) Attacks via public or rogue Wi-Fi
- Phishing disguised as travel alerts, such as fake itineraries or boarding passes
- Risky sideloaded apps downloaded during travel
- Captive portals collecting emails or phone numbers, increasing phishing risk
These are not hypothetical threats. They’re happening now, and they’re hitting devices that may lack even basic protection.
Zimperium urges organizations to ensure visibility into all mobile endpoints, enforce device compliance, and block connections to unsecured networks. Businesses are encouraged to adopt enterprise-grade mobile threat defense to protect employee devices during travel.
Kern Smith, VP of Global Solutions at Zimperium
Mobile devices are now a primary gateway to corporate data, but during travel, they’re also the most vulnerable. Unsecured Wi-Fi, phishing disguised as travel alerts, and risky sideloaded apps are creating an ideal attack surface for cybercriminals—especially in peak travel months.
Kern Smith, VP of Global Solutions at Zimperium
These are not hypothetical threats. They’re happening now, and they’re hitting devices that may lack even basic protection.
