The year 2025 marked a turning point in the cybersecurity landscape, characterized by increasingly sophisticated attacks, a pronounced shift toward operational technology (OT) targeting, and a notable escalation in nation-state-aligned hacktivist activity. This comprehensive review examines the defining cyber incidents of 2025, revealing critical vulnerabilities in both corporate enterprises and essential infrastructure whilst establishing new patterns that will likely dominate threat landscapes for years to come.

The Cloud Compromise Era: Oracle’s Legacy Systems Breach

The year began with a stark reminder that even technology giants remain vulnerable to sophisticated exploitation. In late February 2025, Oracle disclosed a major data breach affecting its Generation 1 servers, a sobering admission that the breach had actually commenced in January and persisted undetected for approximately two months. The scale of the incident was staggering: approximately 6 million records from over 140,000 Oracle Cloud tenants were exfiltrated from the Identity Manager (IDM) database.[1][2]

Oracle breach timeline

The technical sophistication of the attack underscored how legacy vulnerabilities continue to plague modern cloud infrastructure. The attackers leveraged a 2020 Java exploit to deploy malicious web shells and deploy malware directly targeting Oracle’s IDM systems. By March 20, 2025, a threat actor known as rose87168 publicly listed the stolen data on BreachForums, providing samples that included usernames, hashed passwords, encrypted SSO and LDAP credentials, and Java Key Store files. The exposed data spanned 16 months of historical records, amplifying the potential impact on downstream organizations.[2:1][1:1]

Significantly, Oracle initially denied the incident before being forced to acknowledge it following legal pressure and private admissions to clients. The company did reassure stakeholders that Generation 2 servers and its primary cloud infrastructure remained unaffected; however, the breach raised fundamental questions about the security posture of legacy systems within cloud environments and the adequacy of intrusion detection capabilities.[1:2]

The Ransomware Cascade Across Enterprise and Sport

The summer of 2025 witnessed a cascade of ransomware attacks that exposed the vulnerability of major corporations to extortion-driven threat actors. In April 2025, NASCAR fell victim to the Medusa ransomware gang, which identified the sports organization’s systems between March 31 and April 3. The attackers exfiltrated sensitive data including Social Security numbers, raceway floor plans, staff email addresses and credentials before demanding a $4 million ransom with an April 19 deadline. The breach notification process revealed the presence of detailed maps, personnel information, and credential-related data, indicating a genuine compromise of both operational and logistical infrastructure.[3][4][5]

Shortly thereafter, the cryptocurrency exchange Coinbase experienced a breach originating from an unexpected vector: its overseas customer support contractors. On May 11, 2025, an unidentified threat actor sent an extortion email demanding $20 million for 69,461 customer records. The breach, which investigators later determined involved external contractors at support centers with unauthorized data access, exposed names, addresses, phone numbers, government-issued identity documents, masked Social Security numbers, and comprehensive account and transaction histories. Coinbase’s response, refusing the ransom and instead offering a $20 million bounty for information leading to the attackers’ arrest, represented a notable departure from traditional ransom payment practices and signaled growing corporate resistance to extortion tactics.[6][7]

The SharePoint Catastrophe: Zero-Day Exploitation at Scale

The July 2025 Microsoft SharePoint vulnerability represented a watershed moment in enterprise security, demonstrating how zero-day exploitations can achieve unprecedented scale when leveraging widely-deployed infrastructure. On July 7, 2025, threat actors began exploiting CVE-2025-53770, a critical remote code execution vulnerability in on-premises SharePoint Server, before Microsoft had even released patches.[8][9]

The vulnerability exploited a fundamental design flaw in how SharePoint Server handled the deserialization of untrusted data, allowing unauthenticated attackers to achieve arbitrary code execution. Rather than deploying traditional ransomware, the attackers utilized a sophisticated campaign dubbed “ToolShell” that deployed malicious ASP.NET web shells capable of programmatically extracting cryptographic keys from affected systems. These keys were then leveraged to craft and sign malicious __VIEWSTATE payloads, establishing persistent access and enabling arbitrary command execution.[10][11][8:1]

The exploitation campaign achieved remarkable scope, with researchers identifying over 200,000 potential targets on FOFA at the time of discovery and confirming breaches affecting at least 75 organizations across governments, technology firms, and data-sensitive sectors. The attackers chained CVE-2025-53770 with an older spoofing vulnerability (CVE-2025-49706) to achieve both initial access and privilege escalation, highlighting how threat actors increasingly employ multi-stage exploitation chains rather than single vulnerabilities. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog on July 21, 2025, urging immediate patching across the enterprise landscape.[9:1][11:1][10:1]

Airlines Under Siege: The Third-Party Vector

The airline sector experienced significant breaches throughout 2025, largely through third-party service platform compromises that underscored the expanding attack surface created by digital ecosystem interdependencies. Qantas Airways initially announced a breach in July 2025, though the company did not publicly acknowledge the full extent of data exfiltration until October 12, when cybercriminals leaked the compromised records.[12][13]

The breach affected approximately 5.7 million customer records stored on a third-party customer service platform deployed by the airline’s call centers. Hackers accessed names, email addresses, phone numbers, birth dates, and frequent flyer program membership numbers, critical personal identifiers that expose victims to targeted phishing and social engineering campaigns. Significantly, Qantas assured customers that passport information, credit card details, frequently flyer account credentials, and personal financial information remained secure within encrypted systems. The attack was widely attributed to Scattered Spider, a cybercriminal collective known for deploying social engineering tactics to compromise employee credentials and gain network access.[14][12:1]

In October 2025, Vietnam Airlines disclosed an even larger compromise when cybercriminals uploaded 23 million customer records belonging to multiple companies, including Vietnam Airlines, to data trading forums. The breach stemmed from a third-party Salesforce-based customer relationship management (CRM) platform used globally by the airline and other companies. The leaked dataset encompassed personal information spanning from November 2020 through June 2025, representing years of accumulated customer data. Vietnam Airlines was notably slow to acknowledge the incident, remaining silent for more than two days after the data surfaced on hacker forums before finally confirming the breach via customer email on October 14.[15][16][17][18]

Retail and Critical Infrastructure Under Coordinated Attack

April 2025 marked a pivotal moment when the United Kingdom’s retail sector experienced what would become the nation’s costliest cyberattack. Marks & Spencer (M&S), the UK’s largest clothing retailer, fell victim to a sophisticated social engineering attack targeting a third-party contractor, identified as Tata Consulting Services (TCS), the company’s IT helpdesk provider.[19]

The attackers deployed “highly advanced methods” to compromise contractor credentials and gain network access to M&S systems over the Easter weekend. The resulting operational disruption proved catastrophic: online ordering systems were suspended, gift card services halted, and food and fashion delivery chains fractured. The company estimated the attack would cost £300 million in lost profits throughout the year, with certain IT systems remaining non-functional until October or November 2025. The chairman of M&S informed Parliament that the incident felt like a deliberate sabotage campaign, emphasizing how the attackers had exploited previously documented vulnerabilities in M&S’s own tabletop exercises and incident response planning.[19:1]

Nation-State Aligned Attacks on Critical Infrastructure

Perhaps the most concerning trend of 2025 was the escalating sophistication and political motivation of attacks targeting critical infrastructure by pro-Russian hacktivist groups. These incidents represented not merely criminal extortion but deliberate psychological operations designed to sow fear and destabilize Western nations.

On April 7, 2025, pro-Russian hackers breached the Bremanger dam in southwestern Norway, seizing control of the facility’s computerized systems and opening floodgates to full capacity for four hours. The attack released approximately 500 liters of water per second, roughly 132 gallons, before Norwegian staff detected the breach and manually intervened. Norwegian Police Security Service Director Beate Gangås subsequently confirmed Russian attribution, noting that the operation’s objective was not financial gain but rather to “manipulate and instill fear and confusion among the public,” representing a strategic shift in pro-Russian cyber operations against NATO allies.[20][21][22][23]

The attack on Norwegian infrastructure proved to be merely the prologue to a sustained campaign against Polish critical infrastructure. In May 2025, the same hydroelectric plant near Tczew, Poland, was targeted in an initial unsuccessful attack while the facility remained offline. The attackers returned in August 2025, this time achieving operational success by breaching a facility in active operation. Pro-Russian hacktivists manipulated operational parameters to extreme levels, forcing the plant’s generator and rotor to cease functioning and driving power output to zero. Unlike the Norwegian incident, the Polish attackers published video evidence of their actions on Telegram, demonstrating their capability to disrupt active electrical generation, a far more dangerous operational scenario with direct implications for regional energy stability.[24][25]

The coordinated pattern extended beyond hydroelectric facilities. Between April and August 2025, Polish authorities documented a sustained campaign targeting water treatment plants in Szczytno, Maldyty, Tolkmiczko, Sieraków, and Witków; wastewater treatment facilities; and even public pools and fountains throughout the country. In one incident, authorities detected and blocked a large-scale cyberattack attempt against the water supply system of a major Polish city before attackers could deploy ransomware. This campaign pattern revealed not random opportunism but methodical reconnaissance and exploitation of the Polish critical infrastructure ecosystem by Russian-affiliated threat actors.[24:1]

Automotive Sector: The Jaguar Land Rover Operational Shutdown

The automotive sector experienced a watershed moment in September 2025 when Jaguar Land Rover’s internal IT systems suffered a catastrophic attack that halted production at all major UK manufacturing facilities. The incident began with breaches in March 2025 when the HELLCAT ransomware group exploited stolen Jira credentials harvested through infostealer malware, exfiltrating approximately 700 internal development documents and compromising employee datasets.[26]

The initial March breach established persistence within JLR’s environment. On August 31, 2025, threat actors initiated a devastating operational shutdown that forced the company to cease all production by September 2 at its Solihull, Halewood, and Wolverhampton plants. A collective claiming to represent Scattered Spider, Lapsus$, and ShinyHunters published screenshots of JLR’s internal IT systems, demonstrating access to critical operational infrastructure. The attack’s timing proved particularly damaging: it coincided with the UK’s “New Plate Day,” the key period when dealerships register and deliver new vehicles, amplifying financial losses as dealers could not fulfill customer orders.[27][26:1]

JLR’s operational recovery proved protracted. Production remained suspended through September, with the company announcing on September 16 that forensic investigations were ongoing and production would remain halted until October 1, representing a three-week operational shutdown. Wikipedia subsequently assessed the incident as potentially the most damaging cyberattack in British history, with estimated eventual total economic damage to the UK economy reaching £1.9 billion.[28][27:1]

Defence and Critical National Infrastructure

October 2025 brought revelations of significant breaches affecting defence establishment infrastructure when Russian hackers exploited a maintenance and construction contractor serving the UK Ministry of Defence. The Russian Lynx cybercrime group breached Dodd Group and exfiltrated approximately 4 terabytes of sensitive data including detailed information about eight Royal Air Force and Royal Navy bases.[29][30][31]

The compromised information encompassed sensitive operational details regarding RAF Lakenheath (hosting U.S. Air Force F-35 fighter jets), RAF Mildenhall (operating tanker fleets and special forces operations), and six additional military installations. The leaked documents revealed construction details from Kier Group, staff names and email addresses, contractor details, and security-related information subsequently uploaded to the dark web. The incident exemplified the critical vulnerability created when critical military infrastructure security depends upon third-party contractors that may lack equivalent cybersecurity posture.[30:1][31:1][29:1]

Emerging Patterns: Industrial Control Systems and Ransomware Evolution

Data analysis across 2025 cyberattacks reveals disturbing trends for industrial and critical infrastructure operators. Between January and September 2025, global ransomware attacks reached 4,701 incidents, a 46 percent increase compared to 3,219 incidents during the same period in 2024. Most significantly, approximately 50 percent of these attacks targeted critical infrastructure sectors including manufacturing, healthcare, energy, and transportation, representing a 34 percent year-over-year increase in attacks on essential industries.[32]

Manufacturing organizations particularly experienced targeting of operational technology systems. Ransomware attacks in manufacturing and production showed exploited vulnerabilities as the leading root cause, responsible for 32 percent of incidents, whilst malicious emails declined from 29 percent in 2024 to 23 percent in 2025. Notably, organizations cited lack of expertise (42.5 percent of victims) and unknown security gaps (41.6 percent) as organizational factors contributing to successful compromise.[33]

The data encryption landscape shifted dramatically. Data encryption in manufacturing declined to 40 percent of attacks, the lowest level in five years, indicating that manufacturing organizations are increasingly detecting and stopping attacks before encryption deployment. However, threat actors adapted their tactics: extortion-only attacks (where data was stolen but not encrypted) surged to 10 percent of manufacturing incidents in 2025 from merely 3 percent in 2024, driven by the extraordinary value of intellectual property and supply chain information in manufacturing environments.[33:1]

The energy sector experienced particular vulnerability. Trustwave documented an 80 percent year-over-year increase in ransomware attacks targeting the energy and utilities sector in 2025. Among notable industrial victims, Schneider Electric’s Sustainability Business division fell victim to the Cactus ransomware group, which exploited VPN vulnerabilities to gain access and ultimately exfiltrate 1.5 terabytes of data. The attackers deployed double-extortion tactics, threatening both encryption and public data disclosure to pressure ransom payment.[34][35][36][37]

Internet-Accessible Infrastructure: The Hidden Attack Surface

A coordinated discovery effort in 2025 revealed the alarming exposure of critical infrastructure internet-accessible interfaces. Censys identified approximately 400 web-based Human Machine Interfaces (HMIs) connected to U.S. water treatment facilities exposed to the public internet as of late 2024. The research team developed techniques to identify and confirm water treatment plant systems through TLS certificate analysis and automated screenshot capture, discovering HMI systems controlling operational parameters for treatment plants throughout the United States.[38]

Upon notification, the U.S. Environmental Protection Agency prioritized remediation of over 300 fully exposed or unauthenticated systems. Within nine days of notification, 24 percent of systems had been secured; this percentage rose to 58 percent in subsequent weeks, and by June 2025, fewer than 6 percent remained exposed. The incident highlighted both the vulnerability of critical infrastructure to casual discovery and the potential for positive coordinated response when government and industry entities collaborate toward remediation.[38:1]

The discovery prompted the Canadian Centre for Cyber Security to issue an alert in October 2025 warning that hacktivist groups had increasingly exploited internet-accessible ICS components, including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), HMIs, SCADA systems, Safety Instrumented Systems (SIS), Building Management Systems (BMS), and Industrial Internet of Things (IIoT) devices, to gain “media attention, discredit organizations, and undermine Canada’s reputation.”[39]

Insider Threats and Contractor Compromises

A recurring theme across 2025 incidents involved insider threats and contractor compromises enabling initial access and data exfiltration. Reports indicated that insider-caused security failures in ICS environments jumped 35 percent, with 55 percent of insider-related incidents in ICS environments caused by negligence, whilst 26 percent resulted from malicious insiders abusing authorized access. The convergence of Information Technology and Operational Technology systems in modern industrial environments, combined with expanded remote work arrangements, has significantly increased exposure points vulnerable to insider exploitation.[40]

The Coinbase breach exemplified this pattern, with external contractors at overseas support centers providing unauthorized data access. The M&S attack demonstrated how social engineering targeting contractor personnel could cascade into catastrophic compromise of retail operations. The Dodd Group breach illustrated how maintenance contractors with physical access to defence infrastructure could be exploited for intelligence gathering. These incidents collectively establish contractor and supply chain compromise as the dominant initial access vector for 2025 breaches.[29:2]

Attribution and Threat Actor Evolution

The cybersecurity landscape of 2025 witnessed notable evolution in threat actor operating models. Ransomware-as-a-service (RaaS) groups continued to proliferate, with Sophos X-Ops identifying 99 distinct threat groups actively targeting manufacturing organizations across leak sites, with the most prominent including GOLD SAHARA (Akira variant), GOLD FEATHER (Qilin), and GOLD ENCORE (PLAY).[33:2]

Russian state-aligned and hacktivist groups demonstrated increasingly bold operational activity against NATO and allied nations. Pro-Russian hacktivist collectives expanded beyond traditional DDoS and defacement toward sophisticated operational technology targeting, as evidenced by coordinated campaigns against Polish and Norwegian critical infrastructure. The attribution of the dam attacks to pro-Russian actors in late summer 2025 represented official acknowledgment of state-aligned cyber operations targeting Western critical infrastructure with objectives extending beyond financial extortion to psychological warfare and operational disruption.[23:1][20:1]

Chinese state-linked threat actors remained active in targeting governments and critical infrastructure. Reports indicated that Chinese hackers exploited critical flaws in Microsoft SharePoint software in July 2025, breaching U.S. government agencies, critical infrastructure operators, and global companies. Singapore similarly reported cyberattacks on critical infrastructure by China-linked espionage groups, with military units mobilized to combat the attacks.[41]

Strategic Implications and Forward-Looking Concerns

The 2025 cybersecurity landscape establishes several critical strategic concerns for institutional defenders. First, the targeting of operational technology infrastructure represents a fundamental escalation from previous years’ focus on information technology systems. Attacks on dams, hydroelectric plants, water treatment systems, and manufacturing control systems indicate that threat actors have moved beyond data exfiltration toward direct operational disruption with potential consequences for public safety and economic stability.

Second, the supply chain and third-party compromise vector has become the dominant pathway for breaching major enterprises and critical infrastructure. Airlines compromised through customer service platforms, retailers compromised through IT contractors, and defence infrastructure compromised through maintenance contractors establish a pattern where organizations’ security posture becomes hostage to the security practices of vendors, contractors, and service providers throughout their ecosystems.

Third, the evolution of extortion tactics beyond encryption toward public shaming, intellectual property theft, and operational disruption creates incentive structures that resist traditional defensive approaches. Organizations cannot mitigate threats that prioritize causing maximum operational chaos and reputational damage over financial extraction.

Finally, the coordination and sophistication of pro-Russian hacktivist attacks against NATO-allied infrastructure raises concerns about the potential for cyber operations to serve as force multipliers in hybrid warfare scenarios. The deliberate objective of psychological operations rather than financial gain creates strategic incentives for escalation.

Conclusion

The year 2025 established new standards for cybersecurity incidents whilst revealing persistent vulnerabilities in how organizations manage third-party dependencies, defend operational technology systems, and respond to threats that extend beyond data exfiltration toward direct operational disruption. From Oracle’s legacy system compromises through Microsoft’s zero-day campaigns to orchestrated attacks on critical infrastructure, the incidents of 2025 collectively demonstrate that cybersecurity has evolved from a technical problem requiring IT solutions toward a strategic challenge requiring organizational transformation, supply chain reform, and enhanced cooperation between government and industry entities. The scale, sophistication, and geopolitical implications of these incidents suggest that 2026 will witness continued escalation absent fundamental shifts in how organizations prioritize and resource cybersecurity across their entire operational technology and information technology ecosystems.

[42][43][44][45][46][47][48][49][50][51][52][53][54][55][56][57][58][59]

  1. https://www.linkedin.com/pulse/oracle-confirms-major-data-breach-the-cyber-security-hub-bnnde ↩︎ ↩︎ ↩︎

  2. https://cloudsecurityalliance.org/blog/2025/04/18/oracle-cloud-infrastructure-breach-mitigating-future-attacks-with-agentic-ai ↩︎ ↩︎

  3. https://therecord.media/nascar-confirms-data-breach ↩︎

  4. https://dailysecurityreview.com/security-spotlight/nascar-confirms-data-breach-tied-to-medusa-ransomware-gang-ssns-exposed/ ↩︎

  5. https://www.on3.com/pro/news/hacked-nascar-confirms-data-breach-names-and-social-security-info-held-for-ransom/ ↩︎

  6. https://academy.suncrypto.in/coinbase-data-breach/ ↩︎

  7. https://www.bitdefender.com/en-us/blog/hotforsecurity/data-breach-at-coinbase-exposes-information-of-nearly-70-000-customers ↩︎

  8. https://thehackernews.com/2025/07/hackers-exploit-sharepoint-zero-day.html ↩︎ ↩︎

  9. https://threatprotect.qualys.com/2025/07/21/microsoft-sharepoint-server-zero-day-vulnerability-exploited-in-the-wild-cve-2025-53770/ ↩︎ ↩︎

  10. https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html ↩︎ ↩︎

  11. https://blog.checkpoint.com/research/sharepoint-zero-day-cve-2025-53770-actively-exploited-what-security-teams-need-to-know/ ↩︎ ↩︎

  12. https://www.reuters.com/world/asia-pacific/australias-qantas-confirms-cyber-incident-one-its-contact-centres-2025-07-01/ ↩︎ ↩︎

  13. https://www.nytimes.com/2025/10/12/world/australia/australia-qantas-airlines-cyber-attack.html ↩︎

  14. https://www.bbc.co.uk/news/articles/cd6gnyl9923o ↩︎

  15. https://searchinform.com/blog/2025/10/16/vietnam-airlines-and-avnet-disclose-major-cybersecurity-breaches/ ↩︎

  16. https://e.vnexpress.net/news/news/23-million-records-leaked-in-vietnam-airlines-linked-data-breach-4951251.html ↩︎

  17. https://www.cybersecurity-review.com/23-million-records-leaked-in-vietnam-airlines-linked-data-breach/ ↩︎

  18. https://asiatimes.com/2025/10/vietnam-airlines-data-leak-exposes-a-crisis-of-transparency/ ↩︎

  19. https://www.theguardian.com/business/2025/may/21/cyber-attack-cost-marks-and-spencer-lost-sales-company-results-reveal ↩︎ ↩︎

  20. https://united24media.com/latest-news/russia-linked-hackers-blamed-for-spring-2025-dam-sabotage-in-norway-10721 ↩︎ ↩︎

  21. https://en.wikipedia.org/wiki/Bremanger_dam_sabotage ↩︎

  22. https://www.webpronews.com/pro-russian-hackers-breach-norway-dam-in-2025-cyberattack/ ↩︎

  23. https://www.theguardian.com/world/2025/aug/14/russian-hackers-control-norwegian-dam-norway ↩︎ ↩︎

  24. https://deftechtimes.com/🔥-russian-hackers-shut-down-polish-hydroelectric-plant-in-dangerous-cyberattack-near-gdansk/ ↩︎ ↩︎

  25. https://cybernews.com/cybercrime/russian-hackers-target-polish-hydropower-plant-again/ ↩︎

  26. https://www.cyfirma.com/research/investigation-report-on-jaguar-land-rover-cyberattack/ ↩︎ ↩︎

  27. https://en.wikipedia.org/wiki/Jaguar_Land_Rover_cyberattack ↩︎ ↩︎

  28. https://cybermonitoringcentre.com/2025/10/22/cyber-monitoring-centre-statement-on-the-jaguar-land-rovercyber-incident-october-2025/ ↩︎

  29. https://www.independent.co.uk/news/uk/home-news/raf-royal-navy-ministry-of-defence-mod-suffolk-b2848058.html ↩︎ ↩︎ ↩︎

  30. https://uk.news.yahoo.com/russians-hack-files-two-suffolk-081900918.html ↩︎ ↩︎

  31. https://www.bbc.com/news/articles/clykev1p79xo ↩︎ ↩︎

  32. https://industrialcyber.co/reports/half-of-2025-ransomware-attacks-hit-critical-sectors-as-manufacturing-healthcare-and-energy-top-global-targets/ ↩︎

  33. https://news.sophos.com/en-us/2025/12/03/the-state-of-ransomware-in-manufacturing-and-production-2025/ ↩︎ ↩︎ ↩︎

  34. https://asimily.com/blog/top-utilities-cyberattacks-of-2025/ ↩︎

  35. https://www.helpnetsecurity.com/2025/08/26/energy-sector-cyber-risks/ ↩︎

  36. https://www.manufacturing.net/cybersecurity/article/22890116/inside-the-schneider-electric-ransomware-attack ↩︎

  37. https://industrialcyber.co/threat-landscape/schneider-electric-faces-ransomware-attack-in-sustainability-business-cactus-group-involved/ ↩︎

  38. https://industrialcyber.co/industrial-cyber-attacks/about-400-exposed-web-based-us-water-facility-interfaces-as-coordinated-remediation-effort-underway/ ↩︎ ↩︎

  39. https://www.cyber.gc.ca/en/alerts-advisories/al25-016-internet-accessible-industrial-control-systems-ics-abused-hacktivists ↩︎

  40. https://westoahu.hawaii.edu/cyber/ics-cybersecurity/ics-weekly-summaries/the-hidden-danger-insider-threats-in-industrial-control-systems-in-2025/ ↩︎

  41. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents ↩︎

  42. https://secutec.com/sites/default/files/2025-03/Oracle Cloud Breach 21-03-2025 - Report Secutec_0.pdf ↩︎

  43. https://techcrunch.com/2025/05/21/coinbase-says-its-data-breach-affects-at-least-69000-customers/ ↩︎

  44. https://www.acaglobal.com/industry-insights/six-million-records-potentially-compromised-oracle-cloud-breach/ ↩︎

  45. https://www.bbc.co.uk/news/articles/cwykgrv374eo ↩︎

  46. https://www.sangfor.com/blog/cybersecurity/marks-spencer-cyberattack-2025-supply-chain-breach ↩︎

  47. https://www.reddit.com/r/europe/comments/1mubmpr/russian_hackers_attack_hydroelectric_power_plant/ ↩︎

  48. https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/cyber-threats-to-the-manufacturing-industry-risks-impact-and-protection-strategies/ ↩︎

  49. https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/industrial-cyber-security/ ↩︎

  50. https://www.linkedin.com/pulse/critical-infrastructure-under-siege-august-2025-wake-up-singh-z41cc ↩︎

  51. https://industrialcyber.co/news/global-agencies-sound-alarm-as-pro-russia-hacktivist-groups-intensify-ot-intrusions/ ↩︎

  52. https://www.infosecurity-magazine.com/news/russia-hacktivistsattack-water/ ↩︎

  53. https://therecord.media/cisa-confirms-hackers-chemical-facilities ↩︎

  54. https://industrialcyber.co/industrial-cyber-attacks/forescout-exposes-twonet-hacktivists-targeting-water-utility-honeypot-in-latest-ot-cyberattack-findings/ ↩︎

  55. https://www.resecurity.com/blog/article/cyber-threats-against-energy-sector-surge-global-tensions-mount ↩︎

  56. https://hoxhunt.com/blog/cyber-security-threats-in-manufacturing-industry ↩︎

  57. https://www.honeywell.com/us/en/press/2025/06/ransomware-attacks-targeting-industrial-operators-surge-46-percent-in-one-quarter-honeywell-report-finds ↩︎

  58. https://www.somniacsecurity.com/why-the-chemical-and-petrochemical-industry-faces-heightened-cyber-security-risks/ ↩︎

  59. https://www.linkedin.com/pulse/navigating-storm-lessons-from-schneider-electric-ransomware-singh-fpi1f ↩︎