Worst Cyberattacks of 2025: University Breaches, Extortion and State Hacks

TL;DR

2025 saw a persistent wave of cyber incidents ranging from university breaches and ransomware to supply-chain disruptions and state-linked intrusions. High-profile items included mass extortion of PornHub users’ data and a disclosed Cisco zero-day that lacked a patch at the time of reporting.

What happened

Over the course of 2025, a steady stream of serious cybersecurity incidents reshaped conversations about risk and resilience. Reported events included breaches at academic institutions, ransomware and digital-extortion campaigns targeting consumer platforms, and cyberattacks that affected entire supply chains. The year also featured examples of state-linked activity and geopolitical friction: reporting highlighted groups tied to nation-state campaigns, an international allegation of a US cyberattack by Venezuela, and wider concerns about how government changes influenced the digital landscape. WIRED and other coverage singled out specific episodes such as the theft of millions of PornHub users’ records used for extortion, Cisco’s disclosure of a zero-day vulnerability with no available patch, and investigations linking individuals and firms to the Salt Typhoon hacking group. Coverage also flagged novel threats including ultra-realistic AI face‑swapping used in romance scams and domestic debates over government data consolidation.

Why it matters

• Large-scale data theft and extortion expose personal information and can cause direct financial and reputational harm to individuals and organizations.
• Ransomware and supply-chain attacks can disrupt critical services and commercial networks, amplifying real-world consequences beyond IT systems.
• State-linked cyber operations and international accusations increase geopolitical tensions and complicate attribution and response.
• Emerging AI-enabled tools such as realistic face swaps lower the barrier for scams, changing how fraud and social engineering operate.

Key facts

• The year was marked by a variety of incidents: data breaches, leaks, ransomware, digital extortion, and state-sponsored attacks.
• Universities were among the targets reported in coverage of 2025 breaches.
• Some cyberattacks in 2025 disrupted entire supply chains, affecting broader commercial operations.
• Hackers stole millions of PornHub users’ records and used the data for extortion, according to reporting cited in the source.
• Cisco disclosed a zero-day vulnerability in 2025 for which no patch was available at the time of reporting.
• Venezuela publicly accused the United States of conducting a cyberattack, as noted in the source material.
• Reporting linked two men and partial owners of firms to China’s Salt Typhoon hacker group, noting possible ties to a Cisco training program.
• An AI face‑swapping platform capable of creating highly realistic swaps was implicated in facilitating romance scams.
• A US Inspector General report about 'Signalgate' recommended a single change to reduce the risk of repeating the incident, per the coverage.
• Concerns were raised that rapid data consolidation across US agencies by DHS could put citizens at risk.

What to watch next

• not confirmed in the source: whether a patch will be released to address the disclosed Cisco zero-day and on what timeline.
• not confirmed in the source: the outcome of investigations or legal actions related to groups tied to Salt Typhoon and other state-linked actors.
• not confirmed in the source: regulatory or legislative responses to large-scale government data consolidation and to emerging AI‑enabled fraud techniques.

Quick glossary

• Ransomware: Malware that encrypts or otherwise blocks access to data or systems, with attackers demanding payment to restore access.
• Zero-day vulnerability: A software security flaw that is unknown to the vendor and for which no official patch is yet available.
• Digital extortion: Criminal activity where attackers use stolen data or disruptive capabilities to coerce payment, compliance, or silence from victims.
• State-sponsored attack: A cyber operation that is conducted or supported by a nation-state, often for espionage, disruption, or geopolitical leverage.
• AI face swap: A technique using artificial intelligence to replace one person's face with another in images or videos, which can be used for deception or fraud.

Reader FAQ

What kinds of incidents made 2025 notable for cybersecurity?
The year featured university breaches, ransomware and extortion, supply-chain disruptions, leaks, and state-linked cyber activity.

Was there a major data extortion case involving consumer data?
Yes — reporting cited the theft of millions of PornHub users’ records that were used for extortion.

Did vendors disclose security flaws that lacked patches?
Yes — Cisco disclosed a zero-day vulnerability that had no available patch at the time of reporting.

Did the US government play a direct role in these hacks?
not confirmed in the source

LILY HAY NEWMAN SECURITY DEC 29, 2025 7:00 AM The Worst Hacks of 2025 From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity…

Sources

• The Worst Hacks of 2025
• Data Breaches 2025: Biggest Cybersecurity Incidents So Far
• Hacks, thefts, and disruption: The worst data breaches of …
• Biggest Data Breaches in US History (Updated 2025)

Related posts

• The New Surveillance State Is You: Citizens Now Turn Tech on Police
• EU digital-euro wallet aims to challenge US card-payment dominance
• Who Were the Internet’s Most Dangerous Actors and Forces in 2025?