In March 2025, NDC and its subsidiary AMTEC were targeted by the Interlock Ransomware Group, resulting in the theft of approximately 4.2 TB of sensitive data. While classified materials were not confirmed as exposed, procurement and logistics information were compromised, demonstrating that even defense contractors are vulnerable to cyber threats.
In April 2025, a zero-day vulnerability in Windows Common Log File System (CLFS), identified as CVE-2025-29824, was exploited by the Storm-2460 group using malware dubbed “PipeMagic.” This exploit allowed attackers to escalate privileges and deploy ransomware across various sectors, highlighting the risks associated with unpatched system vulnerabilities.
In June 2025, Canadian airline WestJet experienced a cybersecurity incident that disrupted its website and mobile app. Operations largely continued, but internal systems were compromised. The incident is believed to have been caused by social engineering tactics, emphasizing the need for robust defenses against such attacks.
In February 2025, over $1.46 billion in Ethereum was stolen from Bybit’s cold wallets, attributed to North Korea’s Lazarus group. This incident underscores the importance of securing cryptocurrency infrastructure against sophisticated cyber threats.
A cyberattack disrupted city services in St. Paul, Minnesota, affecting online payments, internal networks, and public WiFi. The attack was significant enough to warrant a state of emergency, highlighting the vulnerability of municipal systems to cyber threats.
In late August to September 2025, a cyberattack forced JLR to halt production in multiple plants outside China for weeks, affecting thousands of suppliers. This incident demonstrates how attacks on one company can have cascading effects across the supply chain.
On September 19, 2025, an attack on the MUSE check-in/boarding software used by airports caused widespread flight delays and cancellations across Europe. This incident illustrates how vulnerabilities in third-party software can disrupt critical infrastructure.
Allianz Life experienced a breach impacting approximately 1.1 million U.S. customers, exposing names, addresses, phone numbers, and emails. While financial data was not compromised, the breach underscores the importance of safeguarding personal information.
Nearly 194,000 individuals’ data were exposed, including names, Social Security numbers, driver’s licenses, bank information, and medical test results. This breach highlights the critical need for securing health and identity data.
In March 2025, hacker group Codebreakers claimed to have infiltrated Bank Sepah, extracting over 12 TB of data belonging to more than 42 million individuals, including military personnel information and account numbers. The bank initially denied the breach, but the claim raised significant concerns about the security of financial institutions.
Recent breaches arise from weak links in vendors or software supply chains. Attackers often bypass the main target by compromising a trusted third party.
Many 2024-2025 attacks used previously undocumented vulnerabilities (zero days) in widely used enterprise software, enabling stealthy access before patches are issued.
Several hospital systems and health networks faced ransomware attacks, crippling operations and demanding payment for data recovery. These reinforce that healthcare remains a prime target.
A recurring motif in analysis: attackers steal or guess credentials and move laterally in corporate networks, exfiltrating data quietly before detection.
Financial institutions continue to be targeted for customer data, trading data, or proprietary models. Recent cases show threat actors probing APIs, internal tools, or cloud misconfigurations.
A telecom operator was breached, exposing customer account data and network logs. This kind of attack hits many downstream users.
Municipal systems (e.g. payment portals, utility management) are under attack. The 2025 St. Paul, MN case is one example.
Attackers are increasingly seeking to impact energy grids, water treatment, or transport systems, aiming for disruption more than just data theft.
A common vector in cloud storage was left open or misconfigured, exposing large troves of documents, logs, and secrets.
Attackers compromised a marketing analytics vendor, then used that access to reach customer databases in many downstream client firms.
In some 2025 cases, top executives were targeted via highly tailored phishing or voice deepfake attacks, giving attackers privileged access.
A global shipping or logistics firm was hit by ransomware, halting deliveries and operations across multiple countries.
A SaaS provider’s internal development or admin system was breached, giving attackers access to customer instances or data.
Massive dumps of usernames, emails, hashed passwords have been pushed publicly, often gleaned from aggregated past breaches, then reused in replay attacks.
Media houses have been breached, leading to leaks of editorial, subscriber, or internal email data.
Read more on Security Boulevard
