2025 In Review

The report is a year-in-review of 2025 cyber incidents and trends, documenting rapid exploitation of public-facing vulnerabilities (notable RCEs and CISA KEV additions), major supply-chain compromises (including the Shai-Hulud npm campaigns), proliferation of information-stealers and malware-as-a-service, the emergence of AI-assisted operations (including an AI-orchestrated espionage campaign), and significant law-enforcement disruption actions against botnets and crimeware infrastructure.