Top 10 Security Events of 2025 | UpGuard

The report reviews the ten most impactful security events of 2025 — highlighting massive data leaks (e.g., a Salesforce OAuth compromise impacting ~1 billion records, PowerSchool, SK Telecom), high-impact ransomware campaigns (Marks & Spencer, Bouygues), a self‑propagating npm worm that exfiltrated developer secrets, and a novel autonomous AI-agent attack — and distills actionable lessons for 2026 such as enforcing Zero Trust for SaaS, strict MFA for developer and contractor accounts, continuous inventory/data minimization, and tighter third-party app governance.