to the list of articles
to the list of articles
back
back
June 23, 2025
Event
Vacancy
Article
The 6 most notorious cyberattacks of 2025
The first half of 2025 brought another wave of large-scale cyber incidents across the globe. These attacks impacted cryptocurrency exchanges, logistics platforms, transport companies, government institutions, and even password managers. In many cases, the breach point wasn’t core infrastructure, but third-party vendors, unmanaged services, or internal human vulnerabilities. Below is a breakdown of the most significant breaches this year.
Coinbase
Hackers gained access to personal data from approximately 70,000 users. The leaked information included full names, home addresses, phone numbers, document photos, partial Social Security numbers, and transaction histories. The attack was carried out by bribing external customer support contractors. Instead of paying the ransom, Coinbase offered a $20 million bounty for information leading to the attackers.
Grubhub
The food delivery platform was compromised through a vulnerability in a third-party service provider. Both customers and couriers were affected, with potential exposure of delivery addresses, contact information, and service-related documents.
Hertz / Cleo
Hackers breached Hertz through Cleo, an external cloud-based file transfer service. The breach exposed data related to car accidents, insurance claims, medical information, and payment records. While Hertz itself wasn’t directly attacked, it was impacted due to reliance on its technology partner.
LastPass
Password managers continue to attract targeted attacks. Since the major 2022 LastPass breach, the number of attacks on such platforms has tripled. According to Picus Security, 25% of newly identified malware in 2025 was designed specifically to compromise password managers. A successful breach of one such platform can grant access to dozens of accounts through a single login.
AT&T
Hackers compiled a data set of 86 million AT&T records using previously leaked data, specifically from the Snowflake incident. AT&T confirmed that a portion of the records is authentic. This case illustrates how old breaches can resurface and pose renewed threats over time.
RockYou2024
One of the largest aggregated data breaches in history, RockYou2024 contains over 10 billion user records. The dataset includes emails, passwords, and login credentials from previous leaks—now combined into a single, more dangerous compilation. It highlights the ongoing risk of password reuse by individuals.
X (Twitter)
A hacker forum listed metadata from hundreds of millions of X (formerly Twitter) accounts for sale. The dataset reportedly contains email addresses, IP locations, account creation dates, and historical usernames. While there has been no official confirmation from the company, independent researchers have verified portions of the data. The incident raises serious concerns about the potential de-anonymization of journalists and activists, particularly in authoritarian regimes.
DOGE / Palantir / Starlink
An investigation by The New York Times revealed that the U.S. Department of Government Efficiency (DOGE) installed Starlink terminals at strategic federal locations without formal interagency coordination. DOGE also actively promoted the use of Palantir software—an analytics system with well-documented ties to military and intelligence agencies. This centralization of access to sensitive government data has sparked concerns around oversight and accountability.
Key Takeaways
1. Many breaches occurred due to human error or vendor vulnerabilities—not direct attacks on core systems.
2. Aggregated data leaks remain a persistent threat, as legacy datasets are recompiled and reused.
3. Password managers, once considered secure, are now a prime target for advanced threat actors.
4. Centralizing sensitive data within a single authority, without strong oversight, introduces systemic national-level risks.
5. The exposure of large-scale metadata significantly increases the threat of de-anonymization and compromises both privacy and physical safety.
Source: Mashable
No items found.
We are waiting for you at the event!
We are waiting for you
Oops! Something went wrong while submitting the form.
