2025 was a big year for cybersecurity, with major cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day vulnerabilities exploited in incidents.
Some stories, though, were more impactful or popular with our readers than others.
Below are fifteen of what BleepingComputer believes are the most impactful cybersecurity topics of 2025, with a summary of each. These stories are in no particular order.
The ShinyHunters extortion gang is extorting PornHub after stealing the company's Premium member activity data from third-party analytics provider Mixpanel.
The attackers claim to have stolen roughly 94 GB of data containing over 200 million records of subscribers' viewing, search, and download activity. They are threatening to release it unless an extortion demand is paid.
While the breach does not involve financial credentials, the potential public release of detailed adult-content activity could have significant personal and reputational ramifications for affected users.
Similar disclosures in past incidents involving sensitive relationship data, such as the Ashley Madison breach, were linked to real-world harm.
In 2025, ClickFix attacks became widely adopted by numerous threat actors, including state-sponsored hacking groups and ransomware gangs. What started as a Windows malware campaign, quickly expanded to macOS and Linux, with attacks that installed infostealers, RATs, and other malware.
ClickFix social engineering attacks are webpages designed to display an error or issue and then offer "fixes" to resolve it. These errors could be fake error messages, security warnings, CAPTCHA challenges, or update notices that instruct visitors to run PowerShell or shell commands to resolve the issue.
Victims end up infecting their own machines by running malicious PowerShell or shell commands provided in the attacker's instructions.
... continue reading