Cyber Threat Landscape in 2025: Key Incidents and Vulnerabilities

In 2025, the cybersecurity landscape witnessed significant threats and incidents. Taiwan faced 2.63 million daily cyberattack attempts, primarily targeting its energy sector, attributed to Chinese threat actors. Two malicious Chrome extensions, with 900,000 users, were discovered stealing conversations from ChatGPT and DeepSeek. In France, ENI and Ofii confirmed customer data leaks, while Ledger reported a breach at Global-e. A substantial data leak involving 17.5 million Instagram accounts from 2024 surfaced on the dark web. The European Space Agency (ESA) suffered a loss of 500 GB of sensitive data, claimed by the group Scattered Lapsus$ Hunters. Critical vulnerabilities were identified in n8n (allowing remote code execution), D-Link routers (permitting command injection), and HPE OneView (CVE-2025-37164, enabling unauthenticated remote code execution). MongoDB instances were exploited to extract plaintext passwords and tokens. The threat group BlueDelta, associated with APT28, targeted critical infrastructure in 2025. The cryptocurrency sector experienced significant losses, with $2.7 billion stolen, including $1.4 billion from Bybit. The Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025. Additionally, Iran implemented internet shutdowns to suppress protests. These incidents highlight the evolving and sophisticated nature of cyber threats, emphasizing the importance of robust security measures and continuous monitoring.