Infosecurity’s Top 10 Cybersecurity Stories of 2025：Infosecu

Infosecurity Magazine Home » News » Infosecurity’s Top 10 Cybersecurity Stories of 2025. # Infosecurity’s Top 10 Cybersecurity Stories of 2025. Cybersecurity dominated headlines throughout 2025, with a year marked by high-profile breaches, evolving attack techniques and major shifts in industry practices. From critical zero-day vulnerabilities and supply chain threats to AI-driven risks and vendor shake-ups, the security landscape has been anything but static. In this roundup, we’ll dive into some of Infosecurity Magazine’s most-read stories of the year, covering the incidents, innovations and trends that shaped the conversation in cybersecurity. Three major cybersecurity firms, Microsoft, SentinelOne and Palo Alto Networks, did not participate in MITRE’s 2025 ATT&CK Evaluations. A criminal proxy network infected thousands of internet-of-things (IoT) and end-of-life consumer devices worldwide, primarily residing in an infrastructure based in Turkey, turning them into an open “proxy-for-rent” service that enables anonymous malicious activities like ad fraud, distributed denial-of-service (DDoS), brute‑force attacks and data exploitation.

网络安全行业深度分析

1. 2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and

# 2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising. **Bitdefender’s 2025 Cybersecurity Assessment Report** paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over **1,200 IT and security professionals** across six countries, along with an analysis of **700,000 cyber incidents** by Bitdefender Labs. This year’s findings spotlight a disturbing trend: **58% of security professionals were told to keep a breach confidential**, even when they believed disclosure was necessary. The pressure is especially acute for **CISOs and CIOs**, who report higher levels of expectation to remain quiet compared to frontline staff. In response, **68% of surveyed organizations list attack surface reduction as a top priority**, with the U.S. The Hidden Security Risks of Shadow AI in Enterprises.

查看完整报道 →

2. 10 Major Cyberattacks And Data Breaches In 2025

In January, three more U.S. telecommunications providers impacted in the attacks by the China-linked espionage group tracked as Salt Typhoon were disclosed, according to the *Wall Street Journal*. Attacks targeting the systems continued to impact SonicWall customers until the end of the year, with the company disclosing exploitation of a new, zero-day SMA1000 vulnerability in December. In the case of attacks targeting the telecommunications industry, the report found a 130-percent increase in such attacks from nation-state threat actors, driven by dramatically increased operations from China-nexus groups. Along with the Microsoft SharePoint attacks in July, major campaigns tied to China-based attackers in 2025 included a wave of espionage attacks targeting VMware vSphere systems, which was disclosed in December. In November, Anthropic disclosed what it called “the first reported AI-orchestrated cyber espionage campaign.” The China-linked attack involved a manipulation of an Anthropic coding tool, Claude Code, according to a report posed by the company.

查看完整报道 →

3. 5 must-read cybersecurity stories of 2025 | World Economic Forum

# 5 must-read cybersecurity stories of 2025. Hands at a computer as cybersecurity was in the headlines in 2025. Cybersecurity – and cyberattacks – have hit the headlines in 2025.Image: Unsplash. Head of the Centre for Cybersecurity, Member of the Executive Committee, World Economic Forum. * Cybersecurity was a key topic in 2025, on the global news agenda and for the World Economic Forum. * From headline-making cyberattacks to the impact of AI and skills shortages, here are some of our must-read stories from the past 12 months. It has been a year of paradoxes for the cybersecurity community. 2025 will be remembered as the year the “cyber resilience” conversation shifted from theory to practice. From defending the final frontier to ‘fighting AI fire with fire’, here are the must-read stories that defined cybersecurity in 2025. The intersection of AI and cybersecurity was a hot topic at the Forum’s Annual Meetings of the Global Future Councils and Cybersecurity in Dubai in October.

查看完整报道 →

4. 2025 Cyber Threat Trends: AI, Ransomware, and Access Risk

The volume, diversity, and impact of cyber incidents continued to grow, but more importantly, clear patterns emerged in how attackers operate, which sectors they prioritize, and where defensive strategies continue to fall short. Rather than relying solely on new exploits or disruptive malware, attackers increasingly focused on obtaining and reusing legitimate credentials to maintain access, move laterally, and blend into normal operations. Erie Insurance disclosed a disruptive cyber incident consistent with the group’s methods, and Aflac confirmed a breach believed to be linked to Scattered Spider, with attackers potentially accessing highly sensitive personal and health data. A July report from Cyble highlighted a growing trend in **hacktivist operations targeting industrial control systems and access-based infrastructure**. In July, reporting also revealed that the Iranian-linked ransomware group Pay2Key.I2P offered affiliates up to **80 percent of ransom proceeds** **for attacks targeting U.S. and Israeli organizations**, generating approximately $4 million since February.

查看完整报道 →