Major Cybersecurity Incidents and Threat Trends in Late 2025
A surge of significant cybersecurity incidents and threat trends marked the end of 2025, with attackers exploiting both newly disclosed and longstanding vulnerabilities across diverse platforms. Notably, a critical vulnerability in MongoDB, tracked as CVE-2025-14847 and dubbed "MongoBleed," was actively exploited, putting over 87,000 instances at risk of data leakage. The year also saw the emergence of advanced Android malware like Frogblight, which targeted users through fraudulent apps to steal banking credentials and personal data, and a continued expansion of malware campaigns beyond Windows, affecting Android and macOS users with sophisticated banking Trojans and infostealers. Meanwhile, the fallout from the 2022 LastPass breach persisted, as attackers continued to crack stolen encrypted vaults and siphon cryptocurrency through 2025, leveraging Russian cybercrime infrastructure for laundering stolen funds.
The threat landscape was further shaped by large-scale DDoS campaigns, such as those orchestrated by the pro-Russian group NoName057(16), which targeted hundreds of domains across Europe, and by the exploitation of vulnerabilities in widely used devices like WatchGuard Firebox firewalls (CVE-2025-14733). High-profile breaches, including those involving Salesforce integrations and third-party contractors, exposed sensitive data from major organizations. The year also witnessed a record number of Microsoft vulnerabilities, with attackers rapidly exploiting zero-days and privilege escalation flaws, underscoring the shrinking window between disclosure and exploitation. These developments highlight the increasing sophistication, scale, and persistence of cyber threats facing organizations worldwide as 2025 concluded.
Related Entities
Vulnerabilities
Threat Actors
Organizations
Affected Products
Sources
5 more from sources like malwarebytes labs, socradar blog, securityaffairs, help net security and cyberthrone
Related Stories
Major Cybersecurity Incidents and Threat Trends of 2025
The cybersecurity landscape in 2025 was marked by a series of high-profile breaches, advanced persistent threat (APT) campaigns, and evolving tactics by both cybercriminals and state-linked actors. Notable incidents included the PornHub data breach, where the ShinyHunters group exfiltrated and extorted sensitive user activity data, and the Knownsec leak, which exposed the espionage tools and global targeting strategies of a major Chinese cybersecurity firm. Supply-chain attacks continued to proliferate, with attackers compromising widely used software libraries and cloud services, impacting thousands of organizations and individuals. The year also saw a surge in sophisticated social engineering campaigns, such as ClickFix attacks, and a significant number of APT operations targeting government and military institutions, particularly in South and East Asia. Cloud service outages, such as the prolonged AWS disruption, highlighted the dependency of IoT and critical infrastructure on cloud reliability, causing widespread operational impacts. The threat actor ecosystem became more industrialized, leveraging AI, ransomware-as-a-service, and multi-stage attacks to increase scale and efficiency. Cryptocurrency platforms suffered major heists, and new vulnerabilities like MongoBleed were rapidly exploited in the wild. The cumulative effect of these incidents underscored the need for robust supply-chain security, improved cloud resilience, and enhanced detection and response capabilities against both opportunistic and targeted attacks.
2 months agoGlobal Cyber Threat Trends and Major Incidents in Late 2025
Kaspersky reported that nearly half of Windows users and almost a third of macOS users encountered cyberthreats between November 2024 and October 2025, with significant increases in password stealer and spyware attacks. The highest rates of web threats were observed in the CIS region, while Africa saw the most local threats. Notably, password stealer detections surged by 132% in the Asia-Pacific region, and overall spyware attacks rose by 1.5 times compared to the previous year, highlighting a global escalation in both the volume and sophistication of cyberattacks. In parallel, the cybersecurity landscape in late 2025 was marked by the emergence of new ransomware threats such as Kraken and Zorab, as well as high-profile incidents like the Korean Leaks operation, which targeted South Korea’s financial sector through a combination of ransomware-as-a-service and state-linked actors. Additionally, there were warnings about credential leaks via online code formatting tools and reports of cyberattacks on London councils, underscoring the diverse and evolving nature of cyber risks facing organizations worldwide.
3 months agoMajor Cyberattack and Malware Trends in 2025
Cybersecurity threats in 2025 were marked by a surge in sophisticated attacks targeting both enterprises and critical infrastructure. Notable incidents included the exploitation of a zero-day vulnerability (`CVE-2025-61882`) in Oracle E-Business Suite by the Clop ransomware group, leading to data theft and extortion campaigns against multiple organizations. Ransomware activity overall increased, with Akira and Qilin dominating the ransomware-as-a-service market, and new strains like Warlock and HybridPetya introducing advanced evasion and destructive capabilities. The year also saw a significant rise in software supply chain attacks and the emergence of AI-powered malware such as PromptLock, which can generate malicious scripts dynamically. State-sponsored campaigns remained a persistent threat, exemplified by the BRICKSTORM malware attributed to Chinese actors, which targeted VMware and Windows systems in government and IT sectors. Data breaches, such as the API compromise at 700Credit affecting over 5.6 million individuals, highlighted ongoing risks in third-party integrations and API security. Malware-as-a-service platforms like CloudEyE (GuLoader) surged in prevalence, facilitating the distribution of infostealers and ransomware. The threat landscape was further complicated by the proliferation of EDR killers and the rapid evolution of Android NFC-based threats, underscoring the need for robust detection and response strategies across all platforms.
3 months ago