Who's Been Getting Hacked? A Look at Major Cyberattacks in Late 2025

As October 2025 draws to a close, the cybersecurity landscape continues to be battered by an unrelenting wave of sophisticated attacks. From nation-state espionage campaigns to massive ransomware operations, organizations worldwide are facing unprecedented threats. Here's a comprehensive look at who's been targeted and what's at stake.

The F5 Breach: A Nation-State Wake-Up Call

Perhaps the most alarming incident of recent months involved Seattle-based cybersecurity giant F5. In mid-October, the company disclosed that a sophisticated nation-state threat actor had maintained long-term access to its systems, stealing portions of BIG-IP source code and information about undisclosed vulnerabilities.

When Trust Breaks: How the F5 Breach and Other Vendor Compromises Reshape Market Value

A $2 Billion Warning Shot Last week, cybersecurity firm F5 lost nearly $2 billion in market capitalization after disclosing that nation-state hackers had maintained long-term access to its systems. The company’s stock plummeted 10-12% following the revelation, marking one of the most severe immediate market reactions to a vendor breach

Breached CompanyBreached Company

The breach, which F5 discovered in August but delayed disclosing at the request of the U.S. Department of Justice, represents a significant escalation in supply chain attacks. The attackers, reportedly linked to China-backed group UNC5221 using the BRICKSTORM malware, maintained access for at least 12 months. The stolen source code gives adversaries a technical advantage to develop zero-day exploits targeting F5's widely-used enterprise products.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) immediately issued Emergency Directive ED 26-01, ordering federal agencies to inventory all F5 products, remove management interfaces from public internet access, and apply security updates by October 22. F5's stock plummeted 10% following the disclosure, marking its worst day since 2022.

Ransomware Rampage: Scattered Spider and Beyond

The notorious hacking collective Scattered Spider (also operating as Scattered Lapsus$ Hunters, combining members from Scattered Spider, ShinyHunters, and Lapsus$ groups) has been on a tear throughout 2025, with victims spanning multiple continents and industries.

Qantas Airways

In October, Scattered Spider leaked personal information of 5.7 million Qantas customers after a ransom deadline expired. The data breach, stemming from a compromise of a Salesforce-hosted customer service platform, exposed names, emails, phone numbers, addresses, dates of birth, and frequent flyer details. The hackers claimed to have stolen data from 39 companies using Salesforce systems, affecting over one billion records globally.

Qantas Data Breach: 5 Million Customer Records Leaked as Scattered Lapsus$ Hunters Escalate Global Extortion Campaign

Major Airline Falls Victim to Sophisticated Cybercrime Coalition in Year-Long Supply Chain Attack Australia’s flagship carrier Qantas Airways has become the latest high-profile victim of an aggressive extortion campaign orchestrated by Scattered Lapsus$ Hunters, a notorious cybercriminal coalition that has targeted dozens of Fortune 500 companies in what security experts

Breached CompanyBreached Company

Major Retailers Hit Hard

During Easter weekend in April, British retailer Marks & Spencer (M&S) suffered a devastating cyberattack attributed to Scattered Spider. Attackers used social engineering to bypass contractor defenses, disabling online shopping including click-and-collect and fashion sales for six weeks. The incident cost M&S an estimated £300 million in losses. The same group also targeted Co-op and other UK retailers in coordinated campaigns.

The Rise and Fall of Pompompurin: How a 19-Year-Old Built the World’s Largest Cybercrime Marketplace

From FBI hacker to forum founder: The extraordinary story of Conor Fitzpatrick and the controversial case that’s reshaping cybercrime sentencing In the pantheon of cybercriminal legends, few figures have captured the imagination quite like “Pompompurin”—a 19-year-old from Peekskill, New York, who built what became the largest English-language cybercrime marketplace

Breached CompanyBreached Company

European Aviation Under Siege

On September 19, a ransomware attack on Collins Aerospace's passenger processing system MUSE disrupted operations at several major European airports, including Heathrow, Brussels, and Berlin. The supply chain attack spread rapidly across borders, causing flight delays and long queues as airlines struggled with compromised check-in and baggage systems.

Breaking Down the Collins Aerospace Cyber-Attack: A Wake-Up Call for Aviation Security

Editor’s Note: This comprehensive analysis builds upon our ongoing coverage of the Collins Aerospace ransomware crisis. For earlier reporting, see our initial attack coverage, after-weekend update, and Day 3 Dublin Airport crisis report. Executive Summary In September 2025, a sophisticated ransomware attack on Collins Aerospace, a critical aviation technology provider,

Breached CompanyBreached Company

Healthcare in the Crosshairs

The healthcare sector continues to be a prime target for cybercriminals, with patient data and operational disruptions offering lucrative ransom opportunities.

PIH Health Hospitals in California suffered a ransomware attack affecting more than 3 million patients, temporarily preventing them from accessing healthcare until systems came back online. Yale New Haven Health System experienced a breach in April affecting 5.5 million patients after threat actors infiltrated their systems.

The Medusa ransomware gang targeted HCRG Care Group, stealing 2.275 TB of patient data, while the Radiant ransomware group shocked the cybersecurity community by infiltrating Kido International nurseries, stealing sensitive data on approximately 8,000 children including photographs, names, addresses, and dates of birth.

The Gmail Security Crisis: 2.5 Billion Users at Risk After ShinyHunters Breach

Bottom Line: Google has confirmed that hackers breached its Salesforce database in June 2025, exposing business contact information for 2.5 billion Gmail users. While passwords weren’t stolen, cybercriminals are now using this data to launch sophisticated voice phishing campaigns targeting user accounts. Gmail users must immediately enable two-factor authentication

Breached CompanyBreached Company

Corporate Giants Under Attack

Technology and Finance

Google confirmed a data breach in August stemming from a compromised Salesforce-hosted corporate database. While consumer accounts weren't directly affected, the exposed business data has been weaponized in subsequent phishing attacks.

Allianz Life Data Breach Exposes Majority of 1.4 Million Customers in Latest Insurance Industry Cyberattack

Bottom Line Up Front: Allianz Life Insurance Company of North America confirmed that hackers accessed personal data from the majority of its 1.4 million customers through a sophisticated social engineering attack on a third-party cloud system. The breach, discovered on July 17, 2025, appears to be linked to the

Breached CompanyBreached Company

Allianz Life saw over a million customers at risk after an unauthorized actor accessed a third-party CRM system used by the insurance giant, compromising data on the "majority" of customers.

TransUnion and Air France-KLM also fell victim to breaches traced to the ShinyHunters hacking group, which exploited third-party platforms like Salesforce and Drift using social engineering techniques.

Manufacturing and Defense

North Korean hackers, as part of Operation Dream Job, have been targeting European defense companies involved in the UAV (drone) sector since late March. The campaign aims to steal proprietary information and manufacturing know-how using malware families like ScoringMathTea and MISTPEN, likely to advance North Korea's drone program.

Jaguar Land Rover Cyberattack: When Digital Disruption Brings Global Production to a Halt

Bottom Line Up Front: A sophisticated cyberattack on Jaguar Land Rover beginning September 1, 2025, forced the company to halt production at all global facilities, ordering thousands of factory workers to stay home while IT systems remained offline. The attack, claimed by the “Scattered Lapsus$ Hunters” group, has caused severe

Breached CompanyBreached Company

Jaguar Land Rover and automotive giant Stellantis both confirmed data breaches affecting customer information. Stellantis's incident on September 24 stemmed from a compromise of their Salesforce instance through a third-party connected app.

Government and Infrastructure Attacks

United States

The U.S. Department of Defense suffered a significant breach when hundreds of compromised credentials belonging to DoD personnel appeared for sale on the dark web. Attackers bypassed multi-factor authentication using stolen session cookies, potentially giving them access to classified military systems.

In April, hackers spied on emails of roughly 103 U.S. bank regulators at the Office of the Comptroller of the Currency for over a year, accessing approximately 150,000 emails containing highly sensitive financial institution data.

TeleMessage, a compliance messaging app used by U.S. government officials including those from FEMA and CBP, was compromised in May, exposing metadata from over 60 accounts.

State-Sponsored Activity

China's Ministry of State Security claimed in October that the NSA used 42 cyber tools in a multi-stage attack on Beijing time systems, employing tactics like forging digital certificates and using high-strength encryption to erase attack traces.

A coordinated spear-phishing campaign dubbed PhantomCaptcha on October 8 targeted Ukraine's war relief efforts, hitting organizations including the International Red Cross, Norwegian Refugee Council, UNICEF Ukraine office, and Ukrainian regional government administrations. The attackers impersonated the Ukrainian President's Office to deliver remote access trojans.

Rhode Island Cyberattack

A major cyberattack exposed personal and bank information of hundreds of thousands of Rhode Island residents, with an international cybercriminal group thought to be responsible.

Airlines and Travel

Vietnam Airlines contacted customers on October 14 to inform them that hackers had uploaded 23 million records to a forum, including airline customer data spanning from November 2020 to June 2025. The breach originated from a third-party platform.

Supply Chain and Third-Party Risks

A recurring theme throughout 2025 has been the exploitation of third-party vendors and supply chain partners. The Drift supply chain attack impacted several major organizations including Palo Alto Networks, Zscaler, Google, Cloudflare, PagerDuty, Tenable, Qualys, and Dynatrace, exposing business contact details and sales records.

Major Supply Chain Attack: Palo Alto Networks and Zscaler Hit by Salesloft Drift Breach

Two cybersecurity giants fall victim to sophisticated OAuth token theft campaign targeting hundreds of organizations worldwide September 2, 2025 — In a stunning turn of events that has sent shockwaves through the cybersecurity industry, both Palo Alto Networks and Zscaler have confirmed they were victims of a massive supply chain attack

Breached CompanyBreached Company

In March, Bank Sepah in Iran suffered one of the largest financial institution cyberattacks when the hacker collective "Codebreakers" stole 42 million customer records (approximately 12 TB of data), demanding a $42 million Bitcoin ransom.

Cryptocurrency Heists

North Korean hackers, specifically the Lazarus Group, stole approximately $1.5 billion in Ethereum from Dubai-based exchange ByBit in February, exploiting a vulnerability in third-party wallet software. It remains the largest cryptocurrency heist to date, with at least $160 million laundered within the first 48 hours.

Beyond the Headlines: Security Giants Fall in Drift’s Massive Supply Chain Attack

The dust is still settling from what may be the year’s most significant supply chain attack, and the victim count keeps climbing. While our initial coverage highlighted major players like Palo Alto Networks and Zscaler, the full scope of the Salesloft Drift breach reveals a who’s who of cybersecurity and

Breached CompanyBreached Company

The Evolving Threat Landscape

As we approach the end of 2025, several trends are clear:

1. Nation-State Activity Intensifying: Chinese, Russian, North Korean, and Iranian threat actors have dramatically increased operations, with some industries experiencing 200-300% surges in attacks compared to previous years.

2. Supply Chain Vulnerabilities: Third-party platforms like Salesforce, Drift, and other SaaS providers have become prime attack vectors, allowing hackers to cascade through multiple downstream entities.

3. AI Weaponization: Iran-linked actors have begun using generative AI tools to amplify leaked information and enhance social engineering campaigns.

4. Healthcare Targeting: Medical facilities continue to be lucrative targets due to valuable patient data and the critical nature of healthcare services.

5. Ransomware Evolution: Groups like LockBit re-emerged in 2025 with updated toolkits (LockBit 4.0), while survey data shows approximately 63% of organizations now decline to pay ransoms, up from 59% in 2024.

6. Record-Breaking DDoS: Cloudflare reported a DDoS attack peaking at 22.2 terabits per second and 10.6 billion packets per second, lasting 40 seconds—nearly double the previous record set earlier in September 2025.

The Bottom Line

The cyberattack frequency continues to climb dramatically. Weekly attacks per organization have more than doubled from 818 in Q2 2021 to 1,984 in the same period this year—a 58% increase in just two years. Small businesses are particularly vulnerable, with seven times more organizations reporting insufficient cyber resilience than in 2022.

As one cybersecurity expert noted about the F5 breach: "The adversary now possesses a technical advantage, allowing them to analyze source code and weaponize unpatched flaws far faster than any defender can reverse-engineer a patch."

With only 14% of organizations having adequate cybersecurity talent and developing nations hit hardest by skills gaps, the challenge ahead is clear: organizations must prioritize incident response readiness, strengthen supply chain security, and invest in AI-enhanced defensive capabilities to combat increasingly sophisticated threats.

The message for October 2025 is stark—no sector is immune, and the attackers are only getting more creative, persistent, and dangerous.

Note: This article is based on publicly disclosed incidents as of October 24, 2025. Many breaches go unreported or are discovered months after initial compromise.