2025 Cyber Chronicles: The Year’s Most Impactful Cybersecurity and Cyberattack Events

2025 was a significant year in the world of cybersecurity, marked by major cyberattacks, data breaches, and the exploitation of zero-day vulnerabilities. Some stories stood out more than others, capturing the attention of readers across the globe.

1. The PornHub Data Breach
   The ShinyHunters extortion gang targeted PornHub, stealing Premium member activity data through a third-party analytics provider. The stolen data, comprising over 200 million records, included subscribers’ viewing, search, and download activity. The attackers threatened to release the data unless their extortion demands were met. While no financial credentials were compromised, the potential release of sensitive adult-content activity could have severe personal and reputational consequences for affected users.

2. ClickFix Social Engineering Attacks
   ClickFix attacks gained popularity in 2025, with various threat actors adopting this method. These attacks involved creating webpages that displayed fake error messages, security warnings, or update notices, tricking victims into running malicious commands that installed malware on their devices. ClickFix attacks evolved throughout the year, with new variants constantly emerging. The commercialization of these attacks with platforms like ‘ErrTraffic’ further escalated the threat landscape.

3. The $1.5 billion ByBit Crypto Heist
   In one of the largest cryptocurrency thefts ever recorded, attackers stole approximately $1.5 billion in Ethereum from ByBit’s cold wallet. The theft was linked to North Korea’s Lazarus hacking group, with the FBI confirming their involvement. The attackers exploited a compromised developer machine to manipulate transaction approvals, draining the cold wallet. Other crypto thefts targeting exchanges and wallets were also reported, underscoring the growing threat posed by cybercriminals in the cryptocurrency space.

4. Oracle Data Theft Attacks
   Oracle fell victim to a widespread data theft campaign orchestrated by the Clop extortion group. Exploiting multiple zero-day vulnerabilities in Oracle E-Business Suite, the attackers breached servers and stole data. Organizations targeted in these attacks included prominent institutions like Harvard University, Logitech, and Korean Air. The Clop group later threatened to leak the stolen data if a ransom was not paid, highlighting the increasing sophistication of ransomware tactics.

5. DDoS Attacks Increase in Strength
   2025 witnessed a surge in distributed denial-of-service (DDoS) attacks, with Cloudflare mitigating several record-breaking incidents. The Aisuru botnet emerged as a significant force behind these attacks, leveraging over 500,000 IP addresses in assaults targeting Azure and other platforms. Law enforcement agencies conducted takedowns of DDoS-for-hire services, aiming to curb the growing threat posed by these attacks.

6. Rise in Developer Supply Chain Attacks
   Cybercriminals increasingly targeted developers in 2025, abusing open-source repositories to distribute malware. Platforms like npm and PyPi were flooded with malicious packages, while IDE extension marketplaces like VSCode Marketplace were also compromised. The Shai-Hulud malware campaign infected hundreds of npm packages, highlighting the vulnerabilities in developer supply chains. These attacks underscored the need for enhanced security measures in the software development ecosystem.

7. North Korean IT Workers
   The infiltration of North Korean IT workers into Western companies emerged as a significant identity threat in 2025. These workers funneled their earnings to the DPRK regime, using fake identities and legitimate employment to gain access to corporate environments. The US government uncovered operations across multiple states, exposing the tactics used by North Korean actors to access sensitive information. Sanctions were imposed on individuals involved in these schemes, emphasizing the geopolitical implications of state-sponsored cyber activities.

8. The Continued Salt Typhoon Telco Attacks
   The Salt Typhoon attacks persisted in 2025, targeting global telecommunications infrastructure with a focus on long-term access and espionage. Chinese state-aligned actors were attributed to these attacks, exploiting vulnerabilities in Cisco network devices to collect network configurations and potentially intercept communications. The breaches extended to military networks, highlighting the security risks posed by cyber-espionage campaigns targeting critical infrastructure.

9. AI Prompt-Injection Attacks
   Researchers identified a new class of vulnerabilities known as prompt injection attacks in 2025, exploiting AI models’ interpretation of instructions. Attackers manipulated AI systems to leak sensitive data, generate malicious output, or perform unintended actions by feeding them specially crafted inputs. These attacks highlighted the evolving threat landscape posed by AI-powered cyber intrusions, underscoring the need for robust defenses against emerging attack vectors.

10. Targeting Help Desks in Social Engineering Attacks
    Threat actors focused on social engineering campaigns targeting BPO providers and IT help desks in 2025, bypassing security controls to gain unauthorized access to corporate networks. Impersonation tactics were used to trick help desks into granting access, leading to major breaches in U.S. companies. The rise of social engineering attacks underscored the importance of employee awareness and stringent security protocols in mitigating insider threats.

11. Insider Threats
    Insider threats posed a significant challenge in 2025, with multiple high-profile incidents demonstrating the risks associated with employees or consultants abusing trusted access. Data breaches at companies like Coinbase and CrowdStrike were attributed to insiders providing sensitive information to threat actors. Disgruntled or former employees also posed a threat, engaging in sabotage or selling credentials for financial gain. These incidents highlighted the need for robust insider threat detection and response mechanisms in organizations.

12. Massive IT Outages
    A series of massive IT outages disrupted services worldwide in 2025, showcasing the reliance of global commerce on cloud infrastructure. While not caused by cybersecurity breaches, these outages underscored the vulnerabilities inherent in interconnected digital systems. The incidents served as a wake-up call for organizations to reinforce their IT resilience and contingency plans to mitigate the impact of future disruptions.

13. The Salesforce Data-Theft Attacks
    Salesforce became a frequent target of data theft and extortion campaigns in 2025, with threat actors exploiting compromised accounts and third-party services to gain access to customer data. Companies across various industries were impacted by these attacks, with the ShinyHunters extortion group setting up a data-leak site to extort affected organizations. The breaches underscored the importance of securing third-party integrations and enhancing data protection measures in cloud-based platforms.

14. Zero-Day Attacks
    Zero-day vulnerabilities remained a prevalent method for cyber intrusions in 2025, targeting network edge devices and internet-exposed services. Exploits in Cisco, Fortinet, Citrix, and Microsoft products were actively exploited by threat actors for data theft and ransomware attacks. Commercial spyware and undisclosed flaws in consumer and enterprise software were also leveraged to compromise systems. The prevalence of zero-day attacks highlighted the ongoing arms race between cyber defenders and adversaries in the digital landscape.

15. AI-Powered Attacks
    AI tools became instrumental for attackers in 2025, enabling faster exploitation, adaptive malware, and automated attacks. Threat actors leveraged large language models to automate reconnaissance, credential theft, and malware deployment. The emergence of AI-powered malware families and proof-of-concept attacks like S1ngularity showcased the evolving tactics used by cybercriminals. The integration of AI in cyber operations underscored the need for advanced threat detection and mitigation strategies in defending against next-generation cyber threats.

    In conclusion, 2025 was a transformative year in cybersecurity, marked by evolving tactics, sophisticated attacks, and the increasing convergence of technology and threat landscape. Organizations must remain vigilant, adapt to emerging threats, and prioritize cybersecurity measures to safeguard their digital assets in an ever-changing and challenging environment.