2025 marked yet another busy year in security, between big attacks, government shakeups, and dangerous flaws that echo of the past. The moments that defined this year were impactful but felt evenly spread across the year. Early in 2025, we observed the China-nexus advanced persistent threat (APT) Salt Typhoon continuing its assault against telecom companies as part of its espionage operations. In the summer and into the fall, we saw the Cybersecurity and Infrastructure Security Agency (CISA)
supplychain (4)
Hundreds of Porsche cars in Russia became undrivable after their factory-installed satellite security system malfunctioned, owners and dealers report. Drivers in several Russian cities reported sudden engine shutdowns and fuel-delivery interruptions after Porsche cars lost satellite-alarm-module connectivity, leaving all models at risk of self-locking, according to the dealership group Rolf. The problem appears to be caused by the Vehicle Tracking System (VTS), which is an onboard module.[1]
A
Merchant vessels and ports are extraordinarily vulnerable to increasingly sophisticated cyberattacks against OT systems. It is estimated that 90% to 95% of all shipped goods at some stage travel by sea. This makes the global maritime industry the largest and most important supply chain. Successful cyberattacks against the maritime supply chain would have the potential to damage individual companies, national finances, and even the global economy.
The maritime sector includes the ports and the
A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance: https://www.brightcove.com According to Palo Alto Networks’ Unit 42 division, researchers noticed that most of the activity affected real-estate-related sites. At least 100 of them were successfully infected.
A full list of affected websites can be found here:
https://github.com/pan-unit42/iocs/blob/master/Skimmer
