InfoSecBulletin Cybersecurity for mankind
The cybersecurity landscape in 2025 saw an increase in the scale and sophistication of cyber threats. Nation-states, organized crime, and hybrid groups blurred the lines between espionage and financial crime, while supply chain weaknesses and social engineering became major attack methods.
Massive data theft targeting cloud platforms like Salesforce exposed sensitive data from numerous organizations due to third-party compromises and API abuse. Additionally, state-sponsored groups made headlines, such as a $1.5 billion crypto heist linked to North Korea, illustrating the role of digital assets in geopolitical conflicts.
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the WildÂ
APT operations in telecommunications targeted critical infrastructure, highlighting ongoing espionage threats to communication networks. Developer supply chain risks increased as attackers exploited trusted components, and the IoT faced severe botnet attacks, converting everyday devices into attack tools. Social engineering persisted as a major tactic, involving credential scams and advanced manipulation methods.
Industry groups like OWASP have created security guidelines for agentic AI in response to the new threats posed by AI-driven tools, acknowledging that defense strategies must adapt to the evolving technologies used by attackers.
These trends illustrate a cyber threat landscape that is increasingly automated, interconnected, and harmful, requiring not just technical measures but also strategic intelligence and collaboration across sectors.
A list of notable cyber attacks in 2025:
- The Salesforce Data-theft Attacks
- The Continued Salt Typhoon Telco Attacks
- North Korean IT Workers scam
- Rise in Developer Supply Chain Attacks
- Oracle data theft attacks
- The $1.5 billion ByBit crypto heist
- ClickFix Social Engineering Attacks
- Criminal Proxy Network Infects Thousands of IoT Devices
- New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls
- OWASP Launches Agentic AI Security Guidance
