1 hour ago
Cyberattacks in 2025 grew more sophisticated and coordinated, with generative AI enabling large-scale, stealthy operations that increasingly targeted critical infrastructure and institutional trust, not just data theft.
From Gen AI–driven attacks to large-scale sabotage, 2025 exposed the limits of even the most advanced digital defences.
UPDATED: Dec 31, 2025 19:16 IST
What were once largely opportunistic attacks such as phishing emails, social engineering scams and firewall breaches aimed at data theft or ransom; evolved in the year 2025. More and more sophisticated, coordinated operations were witnessed with one common footprint– Generative AI. Threat actors in 2025 demonstrated an unprecedented ability to compromise systems at scale, using advanced tools to move faster, remain undetected and inflict deeper damage.
The emergence of generative AI as a mainstream technology has played a critical role in this transformation. Cybercriminals leveraged AI to automate and refine attacks, from crafting highly convincing phishing campaigns to generating malicious code. The Anthropic Claude hijack, for instance, highlighted how an AI chatbot could be manipulated to write and execute scripts on behalf of attackers.
Crucially, cyber attacks in 2025 were no longer limited to stealing data. Hackers increasingly targeted operations, critical infrastructure and institutional trust. Research by cybersecurity firm Palo Alto Networks found that 86% of large-scale attacks were focused on sabotage, while generative AI drove a staggering 1,200% rise in phishing attempts—making human judgement the weakest link in digital security.
Here are the 5 Most Major Cyber Incidents of 2025 which changed the landscape:
1. The 16 Billion Credential "Mega Leak"
In early 2025, researchers found a massive database of 16 billion stolen credentials, a "Mega Leak" that effectively ended the era of the simple password. This organised cache of data, fueled by a global surge in infostealer malware, allowed hackers to launch automated attacks on millions of accounts simultaneously. Experts from the SANS Institute warned that this event has forced a global shift toward password-less security.
2. The Anthropic Claude Hijacking
On November 14, 2025, Anthropic reported that Chinese state-sponsored hackers successfully turned their "Claude Code" tool into an autonomous hacking agent. By tricking the AI into believing it was performing a "defensive audit"; the attackers enabled the AI tool to hunt and exploit vulnerabilities. This case marked the first time an AI moved from a helpful assistant to a self-driving weapon in a global spy campaign.
3. Salt Typhoon Telecom Infiltration
In late August 2025, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) confirmed that the hacking group "Salt Typhoon" breached ten major telecom giants, including Verizon and AT&T. The attackers seized Call Detail Records (CDRs), allowing them to track the movements of government officials and the private habits of millions of citizens. This breach turned our national communication backbone into a secret window for foreign intelligence surveillance.
4. Coinbase USD 20M Hack & Bounty
In May 2025, attackers bribed overseas support staff to steal sensitive data from nearly 70,000 Coinbase customers. When the hackers demanded a $20 million ransom, Coinbase boldly refused to pay. Instead, they turned that $20 million into a "bounty" to help the FBI hunt the criminals. While total recovery costs reached $400 million, the move sent a powerful message: Coinbase would rather fund a manhunt than reward a thief.
5. Salesforce-Drift OAuth Attack
In August 2025, Google’s Threat Intelligence Group (GTIG) exposed a stealthy attack that compromised organization data through the Salesloft Drift marketing tool. Hackers stole digital OAuth "keys" to enter Salesforce databases without passwords, quietly exporting massive amounts of customer data. This "Trojan Horse" attack proved that even trusted third-party apps can become the ultimate weak link in any corporate network.
But all was not bad for the cyber world in the past year. Here are some of the breakthrough events from 2025:
1. The WEF Cyber Resilience Compass
On April 24, 2025, the World Economic Forum launched the "Cyber Resilience Compass", shifting the global strategy from stopping attacks to surviving them. This framework provides a roadmap for leaders to maintain business continuity during a crisis, moving security from a technical issue to a boardroom priority. It ensures that even when a breach occurs, the world's most critical systems stay online.
2. China’s 2025 Amendments to the Cybersecurity Law
On 28 October 2025, China’s central legislator approved major amendments to the Cybersecurity Law (CSL), which are set to take effect on 1 January 2026. These updates introduce much heavier penalties for data failures and hold executives personally responsible for AI-related security risks. By setting a hard deadline for compliance, the law forces global firms to treat digital safety as a top-tier legal priority.
3. CrowdStrike "Agentic Security" Workforce
On September 16, 2025, at the Fal.Con conference, CrowdStrike unveiled AI security agents that are capable of stopping threats in real-time without human intervention. These agents can reason through an attack and neutralize a hacker in seconds, drastically closing the window for data theft. This breakthrough marks the beginning of the "Agentic Era," where AI-driven defense can match the AI-driven attacks.
The "Morris II" AI Worm Outbreak In early 2025, a team of researchers from Cornell Tech, Technion, and Intuit discovered the first "zero-click" AI worm, known as Morris II, which can spread between Generative AI assistants without any human help. By hiding malicious instructions inside emails or images, the worm tricks AI systems into stealing private data or sending out spam autonomously. A report by IBM highlighted this breakthrough, warning that as companies connect their LLMs to more apps, these self-replicating worms could turn a helpful assistant into a hidden carrier for digital infections.
Singapore’s Quantum-Safe Framework In October 2025, the Cybersecurity Agency (CSA) of Singapore launched a "Quantum-Safe Framework" to protect its infrastructure against future supercomputers. By proactively upgrading encryption across government and banking sectors, Singapore has ensured its data remains unhackable even as quantum technology advances. This sets the global gold standard for preparing today's data for tomorrow's most powerful threats.
The lessons of 2025 are clear, echoing a sentiment now shared by leaders at CISA and the WEF: in an era of autonomous AI and state-sponsored sabotage, "absolute security" is a myth. The year’s biggest stories showed that success no longer depends on building higher walls, but on building faster responses and more resilient cultures.
- Ends
Published On:
Dec 31, 2025
