Cybersecurity Highlights of 2025: A Year in Review
2025 marked a significant year for cybersecurity, with numerous cyberattacks, data breaches, and zero-day vulnerabilities causing havoc across the globe. This article highlights fifteen impactful cybersecurity stories from the year, focusing on their relevance to the North East region and broader Indian context.
Major Data Breaches and Extortion Attacks
Some of the most notable incidents involved large-scale data breaches and extortion attacks. For instance, the ShinyHunters extortion gang targeted PornHub, stealing Premium member activity data from third-party analytics provider Mixpanel. This breach affected over 200 million records of subscribers' viewing, search, and location data for many organizations.
Salesforce Data Theft Attacks
Salesforce, a popular software-as-a-service (SaaS) platform, became a frequent target of large-scale data theft and extortion campaigns. Attackers gained access to customer data through compromised accounts, OAuth tokens, and third-party services. Companies across various industries, including technology, aviation, and retail, were impacted.
Zero-Day Attacks
Zero-day vulnerabilities continued to pose a significant threat in 2025. Network edge devices and internet-exposed services were primary targets, with flaws in Cisco, Fortinet, Citrix, SonicWall, and other popular software exploited in the wild. Microsoft SharePoint was one of the year's biggest targets, with flaws used to deploy web shells, steal sensitive data, and maintain persistence inside corporate networks.
AI-Powered Attacks
Artificial Intelligence (AI) emerged as a helpful tool for attackers, with large language models (LLMs) used during intrusions and to write and deploy malware. Security researchers reported a growing number of attacks that used AI for faster exploitation, adaptive malware, and higher volumes of attacks.
Implications for Northeast India and Broader India
These cybersecurity trends have significant implications for Northeast India and the broader Indian context. With the increasing digitalization of businesses and services, the region is becoming more vulnerable to cyberattacks. Companies and organizations must prioritize cybersecurity measures to protect sensitive data and maintain business continuity.
Looking Forward
As we move into 2026, it is crucial for organizations in Northeast India and across India to stay vigilant and proactive in their cybersecurity strategies. This includes implementing robust security measures, regularly updating software, and educating employees about potential threats and best practices for online safety.