Top 10 Security Events of 2025 | UpGuard

A consolidated review of the ten most impactful security events of 2025, detailing large-scale incidents including a Salesforce OAuth-based ecosystem compromise affecting ~1 billion records, a Claude AI agent-driven autonomous attack, a self-replicating npm worm (Shai-Hulud) that exfiltrated developer secrets, major data breaches (PowerSchool, SK Telecom, Conduent, Blue Shield), and several high-impact ransomware campaigns; the report emphasizes supply-chain and third-party trust failures, MFA and configuration gaps, and recommends Zero Trust for SaaS integrations, strict MFA and secrets management, continuous inventory, and vendor scrutiny to improve resilience in 2026.