Everything You Need to Know About Cyber Risks in 2025’s Second Half

Introduction

As we pass the midpoint of 2025, the cyber threat landscape continues to evolve at a breakneck pace. From critical infrastructure disruptions to large-scale data theft and weaponized zero-day exploits, the first half of the year has delivered a sobering reminder: attackers are relentless, innovative, and increasingly sophisticated. In this blog, we review the top cyber incidents so far, distill key lessons, explore what to expect for the remainder of 2025, and outline strategies for building robust cyber resilience.

Top Cyber Incidents in the First Half of 2025

The first half of 2025 has been marked by a surge in high-profile cyber incidents that have tested the resilience of even the most cyber risk-conscious organizations. The following incidents illustrate the broad spectrum of cybersecurity challenges confronting organizations in 2025.

• Dark Web Exposure
  In June 2025, one of the most significant data breaches of the year thrust AT&T into the cybersecurity spotlight when a threat actor posted a dataset on a dark web forum, claiming it contained personal records of 31 million AT&T customers. The leaked data included full names, dates of birth, tax identification numbers, device and cookie identifiers, IP addresses, residential addresses, emails, phone numbers and in some cases even unencrypted Social Security Numbers. While AT&T maintains the breach involved data previously exposed in incidents such as the 2021 ShinyHunters and 2024 Snowflake breaches, cybersecurity experts have verified samples, warning that the data has now been repackaged, consolidated, and linked in ways that significantly increase the risk for affected individuals.
• UNFI Supply Chain Disruption
  In mid-June, United Natural Foods Inc. (UNFI) suffered a critical cyberattack that brought its electronic ordering systems to a standstill. Automated ordering and delivery services were offline for days, triggering grocery shortages across North America. Restoring networked operations required close coordination with partners and highlighted the fragility of just-in-time supply chain models when digital dependencies are compromised.
• Bank Sepah Data Heist
  March 2025 saw the hacker collective “Codebreakers” breach Iran’s Bank Sepah, exfiltrating some 42 million customer records (about 12 TB). The stolen data included personal information of senior bank officials. When Sepah refused a $42 million Bitcoin ransom demand, portions of the dataset were publicly released, underscoring both the scale of financial institution targeting and the challenges of negotiating with sophisticated extortionists.
• TeleMessage Compromise of U.S. Officials
  In May 2025, attackers infiltrated TeleMessage, a compliance messaging app used by U.S. government agencies (including FEMA and Customs and Border Protection). Metadata from over 60 high-level accounts, including names, phone numbers, and email addresses, was exposed, though message contents remained secure. The breach prompted CISA alerts and a temporary suspension of the app by several agencies.
• Zero-Day Vulnerabilities in SAP and Microsoft
  • SAP NetWeaver (CVE 2025 31324): A critical zero-day vulnerability in Visual Composer allowed unauthenticated remote code execution. Researchers found at least 581 NetWeaver instances already exploited, including targets linked to nation-state actors.
  • Microsoft CLFS Flaw (CVE202529824): Storm2460 leveraged this zero day vulnerability in the Windows Common Log File System to escalate privileges, deploying the PipeMagic malware for widespread ransomware rollout. Both incidents illustrate that even well-patched environments remain at risk when threat actors uncover and weaponize unknown vulnerabilities.
• Marks & Spencer (M&S) Social Engineering Attack
  Over Easter weekend, UK retailer M&S was hit by the Scattered Spider gang using sophisticated social engineering to bypass contractor defenses. The cyberattack disabled online shopping and “click & collect” services for six weeks, costing the company an estimated £300 million in lost revenue. Similar tactics were later linked to disruptions at other retailers, spotlighting the human element as a critical weak point.
• WestJet Third Party Incident
  In June 2025, Canadian airline WestJet disclosed a breach impacting its website and mobile app access. While flight operations remained unaffected, internal systems were compromised, prompting an FBI warning that Scattered Spider may be responsible. The group’s modus operandi, which was found to be impersonating employees to trick IT help desks and bypass MFA, demonstrates the persistent risk posed by third-party and insider threats.

Critical Cyber Risk Lessons and What to Expect

While the incidents above underscore the growing complexity and severity of today’s cyber threat landscape, they represent only a fraction of all cyber threats in 2025. Each event, though, holds valuable lessons for cyber risk professionals. Urgent takeaways to monitor include:

• Critical Infrastructure Remains a High-Value Target: With digital and physical systems of critical infrastructure deeply interwoven and adversaries seeking maximum disruption via single-point failures, this trend calls for urgent attention.
• Financial Institutions Under Constant Threat: Incidents like the Bank Sepah attack reaffirm that banks and financial services remain prime targets for data theft and extortion. Pressure is expected to grow in this sector as attackers refine their tactics and tools.
• AI will Supercharge Threat Capabilities: Adversaries are increasingly using Artificial Intelligence (AI) for automated phishing, adaptive malware, and vulnerability discovery. This trend will accelerate, driving the need for AI-powered defense strategies.
• Human-Centric Attacks are Here to Stay: Social engineering remains a dominant tactic. Simulated phishing, employee training, and third-party verification protocols must be ongoing priorities.
• Metadata can be a Liability: The TeleMessage case highlighted that even encrypted communications can be compromised through metadata leaks. As surveillance tools evolve, so will the risks of passive exposure.
• Third-Party Threats are Rising: The WestJet breach demonstrated how attackers are mimicking legitimate users, including IT vendors. Zero trust architecture and strict access controls will be essential to limiting lateral movement.
• Regulatory Demands are Tightening: With frameworks like NIS2 and DORA raising the bar on cyber resilience, organizations should expect stricter enforcement and heightened expectations around cyber governance and resilience.
• Data Compromise is Inevitable without Strong Governance: Sensitive data continues to be a top target. Robust data classification, encryption, and monitoring are foundational to minimizing breach impact.
• Zero-Day Exploits are Accelerating: Unpatched enterprise software continues to be weaponized. In the second half of the year, the zero-day arms race will escalate, with attackers and defenders racing to discover and exploit vulnerabilities. Bug bounty programs and rapid patching cycles will be critical.

From Reactive to Resilient: Building Continuous, Intelligent, and Autonomous Cyber Defense with MetricStream AI-first Cyber GRC

Cyber resilience isn’t a one-time project. It’s an ongoing journey of vigilance, adaptation, and investment in people, processes, and technology. Prepare now, and you’ll be ready to face whatever the threat landscape brings next.

MetricStream’s AI-first Cyber GRC, built as an interconnected, intuitive, and intelligent connected GRC product set, identifies and assesses IT and cyber risks proactively, with automated insights that summarize risk exposure across your digital landscape. Your cyber program is strengthened with continuous control testing, real-time validation, policy enforcement, and robust cloud governance, powered by agentic AI that helps you stay ahead of evolving threats. CISOs can connect cyber risk data from across the enterprise, including third and fourth-party vendors, and then use the actionable business intelligence to make data-driven decisions to build cyber resilience.

With Cyber GRC, you can:

• Identify and remediate IT compliance issues faster with AI-powered intelligent issue management and automated workflows
• Quantify cyber risks in financial terms to improve accuracy, strengthen communication, and guide smarter cyber investments
• Gain real-time visibility into your IT compliance posture with intuitive dashboards and reports
• Streamline and harmonize controls across multiple IT regulations and frameworks to reduce complexity, effort, and cost

Want to learn more? Request a personalized demo to see Cyber GRC in action. And keep attackers and risks in check – automatically, intelligently, and continuously.

Download our latest eBook: Cyber GRC in 2025-10 Evolving Priorities You Can't Ignore