Hindi 
English 
The year 2025 has seen cyberattacks become severe, and attacks are directed towards companies and government agencies around the globe. Ransomware, data theft, and zero-day attacks have disrupted the operations of many organizations and extorted them by threat actors. EverythingโIT distribution behemoths, food distributors, and even government departmentsโhas been hit by high-profile breaches. Microsoft SharePoint servers, VPNs, and routers have been compromised, exposing vulnerabilities in widely used business systems. With cybersecurity teams scrambling to patch their systems and limit the extent of damage, security experts caution that such attacks are just a taste of what is to come, and organizations need to become even more aware of the need to operate with enhanced cybersecurity against more advanced and increasingly persistent cyber threats.
The Scope and Impact of 2025 Cyberattacks
According to the tracking of cybersecurity researchers, this year of 2025 has witnessed new and old groups of threats targeting the critical infrastructure and business activities on a large scale. Significant attackers also include SafePay, Scattered Spider, and Chinese state-sponsored APT groups. Such software systems as VPNs and routers, enterprise management systems, etc., are exploited and result in security breaches. Other companies, such as Ingram Micro, United Natural Foods, and Conduent, were severely affected, and Microsoft SharePoint servers were severely compromised. Analysts underscore that increasing quantities of attack vectors alongside that of automated exploits demand ongoing monitoring, patching, and cross-sector on-the-ball incident response in both the public and private sectors.
Summary of 10 Major Cyberattacks in 2025
Conduent Attack
In January, five states were disrupted in government support services following a cyberattack at Conduent. Personal data of numerous clients was reportedly stolen. Benefits and payment systems of the U.S. were disrupted as a result of the attack, a bid that has brought to attention the risks involved in the vital service providers. Conduent indicated the situation as having potential material impact, pointing to the augmenting presence of cybercrime in outsourced government services.
Ingram Micro Ransomware Attack
On July 4, IT distributor Ingram Micro suffered a ransomware attack by the SafePay group. Systems were offline for nearly a week, halting online ordering globally. SafePayโs approach avoids ransomware-as-a-service models, making mitigation more difficult. The attack illustrates vulnerabilities in critical supply chain IT infrastructure.
Ivanti VPN Attacks
A zero-day flaw in Ivanti Connect Secure VPNs was exploited starting December 2024 and disclosed in January 2025. Attackers could remotely execute code without authentication. Organizations including the U.K.โs Nominet were affected. Malware evidence links the activity to China-based threat actors, emphasizing the importance of patching third-party remote access tools.
Juniper Router Attacks
Espionage groups associated with China have exploited a newly identified vulnerability in Junos OS to target Juniper routers. Beginning in mid-2024, they implemented tailored backdoors to oversee network traffic. The attacks, disclosed by Mandiant in March 2025, highlight ongoing supply chain risks and the long-term impact of unpatched enterprise network devices.
Microsoft SharePoint Attacks
In July, SharePoint on-premises servers were breached as part of a series of attacks known as the ToolShell attacks that targeted more than 400 devices. Zero-day vulnerabilities were exploited by threat actors such as China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft fixed the vulnerable servers, although some experts think they may continue to use them, as it was exposed that the researchers could easily attack them. This proves the dangers of enterprise software products that are widely used.
PHP Attacks
Installations of PHP based on Windows were seriously exploited en masse by a critical remote code execution vulnerability first revealed in June of 2024. Attacks had proved to be far more extensive than was thought, with organizations being affected all throughout the United States. The act shows the risk of popular programming platforms that are exploited by hackers.
SafePay Ransomware Attacks
In 2025, SafePay improved its strike speed, targeting companies like Ingram Micro. The group does not use ransomware-as-a-service models, as they are more difficult to protect against. They are involved in disruptive operations and extortion activities, highlighting the increase in sophistication and coordination of emerging ransomware actors.
Scattered Spider Attacks
The Scattered Spider hacker group most affected the retail industry, aviation industry, and insurance industry, affecting British retailers such as Marks and Spencer, as well as British insurance companies such as Aflac. There were also breaches in airlines like Hawaiian Airlines and Qantas. The group stole data of customers, the data of millions of people, which illustrates the magnitude of the cybercrime scale related to different industries.
SonicWall SMA Attacks
SonicWall SMA 1000 appliances are subject to zero-day exploitation and critical vulnerabilities and allow remote code execution. As corroborated by CISA, the attack activities have persisted into July of 2025, with threat groups such as UNC6148 taking advantage of previously known vulnerabilities. The infiltrations are an indication of the dangers of unpatched enterprise remote access devices.
Treasury Department Hack
U.S. Treasury Department offices were hacked in January 2025 by a China-linked APT using the remote support tool of BeyondTrust. However, as it is considered a major cybersecurity incident, the attack confirmed that government agencies are still in danger from state-sponsored actors. The violation poses a danger to national security and financially sensitive information.
เคเคฐ เคชเคขเคผเฅเค: 15 Countries with Serious and Strictest Internet Laws as of 2025
