Information security

Information security

Once again threat actors kept cyber pros on their toes in 2025 in a never-ending cat-and-mouse game. But amid the noise, there were some notable stories and incidents affecting household names in the UK - the likes of Marks & Spencer, Co-op, and Jaguar Land Rover - meaning that 2025 will undoubtedly live long in the memory. Here are Computer Weekly's top cyber crime stories of 2025

The Cybersecurity and Infrastructure Security Agency (CISA) published a guide detailing venue security and disruption management. In this guide, venue owners and operators can review fundamental strategies to mitigate repercussions of possible disruptions to the critical lifeline sectors of: Communications Energy Transportation Water and Wastewater Systems While this guide serves as a broad catalog for support, it is not comprehensive. Security leaders in the event security space are encouraged to leverage the provided resources and consider them in the context of their venue's unique needs.

Robust IT systems support uninterrupted operations through resilience, security, and proactive monitoring. CIOs report that 87% of digital-first businesses rely on automated failover systems to reduce service disruption. Continuous monitoring helps detect failures before they impact users. Recovery plans activate system redundancies and restore functions with minimal input. Automated backup schedules and patch management prevent gaps in continuity. IT managers emphasise the role of configuration management and centralised monitoring tools.

The biggest event of 2025 in the PC market has been the end of support for Windows 10. It was positioned as the last major release of the Windows operating system, which would be kept updated by over-the-air Windows updates. But when Windows 11 was launched in 2021, Microsoft set the date for the end of support for Windows 10 - October 5, 2025.

Cybercriminals stole $2.7 billion in crypto this year, a new record for crypto-stealing hacks, according to blockchain monitoring firms. Once again, in 2025, there were dozens of crypto heists hitting several cryptocurrency exchanges and other web3 and decentralized finance (DeFi) projects. The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole around $1.4 billion in crypto.

When black markets for drugs, guns, and all manner of contraband first sprang up on the dark web more than a decade ago, it seemed that cryptocurrency and the technical sophistication of the anonymity software Tor were the keys to carrying out billions of dollars worth of untouchable, illicit transactions online. Now, all of that looks a bit passé. In 2025, all it takes to get away with tens of billions of dollars in black-market crypto deals is a messaging platform willing to host scammers and human traffickers, enough persistence to relaunch channels and accounts on that service when they're occasionally banned, and fluency in Chinese.

I watched a man leave his house in the morning in New York," Jordan says in his video.

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most - firewalls, browser add-ons, and even smart TVs - turning small cracks into serious breaches. The real danger now isn't just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it's left unpatched or overlooked.

In addition to working as advertised, the secret-stealing library, which is a fork of the legitimate @whiskeysockets/baileys package, uses WebSocket to communicate with WhatsApp. However, this means that every WhatsApp communication passes through the socket wrapper, allowing it to capture your credentials when you log in and intercept messages as they are sent and received. "All your WhatsApp authentication tokens, every message sent or received, complete contact lists, media files - everything that passes through the API gets duplicated and prepared for exfiltration," Admoni wrote.

"Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deploy droppers disguised as legitimate applications. The dropper looks harmless on the surface but contains a built-in malicious payload, which is deployed locally after installation - even without an active internet connection."

Let's be honest: most agencies don't have a blank check to invest in cybersecurity modernization. But that doesn't mean they're stuck. You don't need a full rip-and-replace to make meaningful progress; you need clarity, urgency and smart prioritization. Whether you're working with a full budget or a shoestring one, there are moves you can make today that will strengthen your defenses tomorrow.

SailPoint has announced new integrations with the CrowdStrike Falcon platform to connect identity governance with endpoint security. The integrations enable shared data and automated workflows between identity and security systems to help organisations respond faster to identity-based threats. The integrations connect SailPoint's Identity Security Cloud with multiple Falcon platform components, including Falcon Next-Gen Identity Security, Falcon Next-Gen SIEM, and Falcon Fusion SOAR, now part of CrowdStrike Charlotte AI.

But what would happen if such a technology were to land in the hands of terrorists and criminals, who aren't beholden to the norms of modern warfare at all? In a new report, pan-European police agency Europol's Innovation Lab has imagined a not-so-distant future in which criminals could hijack autonomous vehicles, drones, and humanoid robots to sow chaos - and how law enforcement will have to step up as a result.

Traditional password-based protection is no longer sufficient, prompting organizations to adopt behavioral access control systems that continuously analyze user actions for anomalies. These platforms monitor keystrokes, mouse activity, application usage, and network patterns to detect suspicious behavior in real time. By combining machine learning, biometric verification, and zero-trust principles, companies enhance workforce protection while minimizing the risk of account compromise.

UEFI and IOMMU are designed to enforce a security foundation and prevent peripherals from performing unauthorized memory accesses, effectively ensuring that DMA-capable devices can manipulate or inspect system memory before the operating system is loaded. The vulnerability, discovered by Nick Peterson and Mohamed Al-Sharifi of Riot Games in certain UEFI implementations, has to do with a discrepancy in the DMA protection status. While the firmware indicates that DMA protection is active, it fails to configure and enable the IOMMU during the critical boot phase.

Even incidents like the Colonial Pipeline ransomware attack, which showed us how the cyber world and our physical lives intersect, stopped far short of societal disruption. However, the threat of cyberwar has been building, influenced by advancements in AI and increased presence of actors in U.S. systems and telecommunication networks. A military conflict could escalate these attacks to scale, crippling critical infrastructure and public safety systems like power grids, transportation networks and emergency response, even disrupting military communications and undermining response.

The campaign "uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families," Cyderes Howler Cell Threat Intelligence team said in an analysis. CountLoader was previously documented by both Fortinet and Silent Push, detailing the loader's ability to push payloads like Cobalt Strike, AdaptixC2, PureHVNC RAT, Amatera Stealer, and PureMiner. The loader has been detected in the wild since at least June 2025.

Security vulnerabilities don't fix themselves. Someone needs to track them, prioritize them, and actually ship the fix. If you've ever tried to manage security alerts alongside your regular sprint work, though, you know the friction: you're looking at an alert in one tab, switching to your backlog in another, trying to remember which vulnerability you were supposed to file a bug for.

Ransomware hacks, data theft, crypto scams and sextortion cover a broad range of cybercrimes carried out by an equally varied list of assailants. But there is also an English-speaking criminal ecosystem carrying out these activities that defies conventional categorisation. Nonetheless, it does have a name: the Com. Short for community, the Com is a loose affiliation of cyber-criminals, largely native English language speakers typically aged from 16 to 25.

Technicians working on a firewall upgrade made at least ten mistakes, contributing to two deaths, according to a report on a September incident that saw Australian telco Optus unable to route calls to emergency services. As The Register reported at the time, Australia's equivalent of the USA's 911 and the UK's 999 and 112 emergency contact number is 000 - Triple Zero - and local law requires all telcos to route emergency calls to that number.

In a frenzy of last-minute gift shopping and travel bookings, we can be more anxious, more distracted and more vulnerable. "There's a lot of hustle and bustle during the holiday season, so there's a lot more opportunities for scammers to steal from us," says Amy Nofziger, senior director of Fraud Victim Support at the AARP Fraud Watch Network, a fraud prevention service.

As reported in Chinese state media, tests of the network saw it shift 72 terabytes of data in 1.6 hours, across a distance of around 1,000 km between a radio telescope in Guizhou province and a university in Hubei. We think that's almost 100 Gbit/s, an impressive feat for a sustained long-distance data transfer even if it took place in a controlled environment.

I've been an Amazon customer for 20 years, but after changing my phone number, I'm locked out of my account because two-factor authentication (2FA) still uses my old number. I've called Amazon six times, sent photos of my driver's license three times, and even emailed executives using your contacts but no one has fixed it. Amazon updated the phone number on my account, but 2FA remains broken.

SonicWall's official notice, published this week, says users should update to the latest hotfix versions immediately and restrict access to the Appliance Management Console to trusted networks. The vendor's PSIRT team says the issue affects only SMA 1000 appliances and does not impact other SonicWall firewall products or SSL VPN functions, but the fact that attackers have already begun exploiting the flaw underscores how exposed remote-access infrastructure remains.

The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise that could allow attackers to perform unintended actions. "Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise," according to a description of the flaw published in CVE.org. "The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected."

Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2. The illicit cryptocurrency-mining campaign abuses compromised valid AWS Identity and Access Management (IAM) credentials with "admin-like privileges" - it doesn't exploit a vulnerability -

DXS International, a U.K.-based company that provides healthcare tech for England's National Health Service (NHS), disclosed a cyberattack in a statement on Thursday. In a filing with the London Stock Exchange, the company said it experienced a "a security incident affecting its office servers," discovered on December 14. The company said it "immediately" contained the breach working together with the NHS, and hired a cybersecurity firm to investigate "the nature and extent of the incident."

"had this issue gone unnoticed, it would have completely nullified all existing DMA detection and prevention tech currently on the market - including that of other gaming companies - due to the nature of this class of cheats running in a privileged area that anti-cheats typically do not run."

A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user's conversations in real time by manipulating the app's device pairing or linking routine.

According to Cloudflare, the internet's second-largest content delivery network (CDN), global internet traffic grew nearly 20% in 2025. You and I watching more YouTube videos is not what's driving that growth. Much of this rise comes from bots, AI crawlers, and automated attacks rather than human users. At the same time, satellite connectivity, post-quantum encryption, and mobile-heavy use have reshaped how and where people access the internet.

The result is an explosion of AI capabilities across the SaaS stack, a phenomenon of AI sprawl where AI tools proliferate without centralized oversight. For security teams, this represents a shift. As these AI copilots scale up in use, they are changing how data moves through SaaS. An AI agent can connect multiple apps and automate tasks across them, effectively creating new integration pathways on the fly.