The year 2025 emerged as a watershed moment for global cybersecurity—one that exposed the growing fragility of digital ecosystems while underscoring the urgent need for smarter, faster, and more collaborative defenses. From enterprise firewalls compromised through zero-day flaws to artificial intelligence being weaponized against developers and users alike, cyber risk in 2025 was no longer a niche technical concern but a boardroom-level and national-security priority.
Large-scale breaches, supply-chain compromises, and the rapid evolution of AI-driven threats reshaped how organizations evaluated trust, resilience, and accountability. At the same time, the industry itself underwent visible shifts, with vendors questioning long-standing benchmarks and security communities rallying to stop potentially catastrophic attacks.
Below are the 10 most consequential and widely discussed cybersecurity stories of 2025, which together defined the threat landscape and influenced policy, technology, and operational security strategies worldwide.
1. Major Vendors Exit MITRE ATT&CK Evaluations
In a move that sent ripples across the cybersecurity industry, Microsoft, SentinelOne, and Palo Alto Networks withdrew from the MITRE ATT&CK Evaluations during 2025.
Microsoft exited first in June, followed later by SentinelOne and Palo Alto Networks. Industry observers argued that the evaluations had grown increasingly complex and were drifting toward marketing showcases rather than practical benchmarks of real-world defense capability.
MITRE CTO Charles Clancy acknowledged that the 2025 cycle may have been overly demanding and announced plans to reinstate a vendor forum ahead of the 2026 evaluations to rebuild trust and transparency.
2. Criminal Proxy Network Hijacks Thousands of IoT Devices
Security researchers uncovered a sprawling criminal proxy network that compromised thousands of IoT and end-of-life consumer devices, transforming them into an open “proxy-for-rent” service.
The infrastructure—largely traced to Turkey—enabled anonymous cybercrime activities, including DDoS attacks, ad fraud, credential stuffing, and brute-force intrusions. Although law-enforcement agencies and Lumen Black Lotus Labs succeeded in disrupting parts of the command-and-control network, experts warned that millions of unpatched devices remain vulnerable, ensuring the persistence of similar threats.
3. NIST Introduces ‘Likely Exploited Vulnerabilities’ Metric
In May 2025, NIST unveiled Likely Exploited Vulnerabilities (LEV)—a new metric designed to help organizations prioritize patching based on real-world exploitation risk.
Built on the Exploit Prediction Scoring System (EPSS), LEV correlates historical exploit data with the Known Exploited Vulnerabilities (KEV) list, offering insight into whether a CVE has likely already been used in active attacks.
4. 15,000 Fortinet Firewalls Exposed by New Hacking Group
A previously unknown threat actor, the Belsen Group, leaked sensitive configuration data from nearly 15,000 FortiGate firewalls.
The exposed data included VPN credentials, admin usernames, device certificates, and firewall rules. Investigations traced the leak back to a 2022 zero-day vulnerability (CVE-2022-40684) affecting FortiOS 7.0.x and 7.2.x. Firms such as CloudSEK verified the authenticity of the dump, triggering urgent global patching and credential resets.
5. QR-Code Phishing (‘Quishing’) Goes Mainstream
Cybercriminals increasingly turned to QR-code-based phishing, or “quishing,” to bypass traditional email security controls. Victims who scanned malicious codes were redirected to credential-harvesting portals or malware downloads.
Researchers warned that QR codes are harder for conventional security tools to analyze than standard URLs, making this technique one of 2025’s most effective social-engineering tactics.
6. Open-Source Community Stops Massive npm Supply Chain Attack
A potentially devastating npm supply chain attack was narrowly avoided after attackers compromised a verified developer account and injected a crypto-clipper payload into widely used packages.
Once detected, malicious versions were removed within hours. While some experts described it as the largest attempted supply-chain attack in history, the incident highlighted the power of rapid, community-driven response in open-source ecosystems.
7. Grok-4 Jailbroken Days After Release
The AI model Grok‑4 was successfully jailbroken just two days after launch by researchers at NeuralTrust.
By combining the “Echo Chamber” and “Crescendo” techniques, researchers bypassed safety controls without overtly malicious prompts—demonstrating persistent weaknesses in LLM safeguards.
8. AI Hallucinations Enable ‘Slopsquatting’ Attacks
Researchers identified “slopsquatting,” a novel supply-chain threat exploiting AI hallucinations. Attackers publish malicious packages under names hallucinated by LLMs during code generation.
Studies by Virginia Tech found that nearly 20% of AI-recommended packages across Python and JavaScript ecosystems did not exist, creating a dangerous opening for attackers.
9. OWASP Releases Agentic AI Security Guidance
In July 2025, OWASP released the Securing Agentic Applications Guide v1.0, addressing risks posed by autonomous, AI-driven systems.
The guidance focused on preventing AI-enabled abuse such as automated account takeovers, unauthorized tool usage, and malicious code execution in systems operating without continuous human oversight.
10. Fortinet Confirms Actively Exploited Zero-Day
At the start of 2025, Fortinet disclosed a critical zero-day vulnerability (CVE-2024-55591, CVSS 9.6) affecting FortiGate firewalls and FortiProxy.
Threat intelligence from Arctic Wolf confirmed large-scale exploitation beginning in late 2024, reinforcing long-standing concerns about exposed enterprise firewall interfaces.
Cybersecurity in 2025 made one reality unmistakably clear: attack surfaces are expanding faster than traditional defenses can keep pace. From firewall zero-days and supply-chain compromises to AI-enabled manipulation and IoT botnets, organizations were forced to rethink how they assess and manage digital risk.
At the same time, 2025 also demonstrated the value of collaboration—whether through open-source vigilance, improved vulnerability metrics, or emerging AI security standards.
In essence, 2025 was not merely a year of cyber incidents—it was a turning point that reshaped how trust, security, and resilience are defined in the digital age.
