What did the past year look like in the world of cybersecurity? The hacking of the automaker affected the economy of the whole country. The i.e. browsers were the holes of the sieve. The self-promoting worms compromised tens of thousands of developers. In 2025, was rich in interesting events, and we, as always, have taken the most important, strange and epic of what has been happening for the last twelve months. Only the brightest events, and not a single boring story. Chained!
Attack of the Year: Hacking Jaguar Land Rover
Recently, we call a trend, not a specific incident. For example, in past years, we talked a lot about the insecurity of supply chains, attacks on which often provoke a real domino effect, as well as about mass hacks, behind which were specific hacks.
Unfortunately, it cannot be said that the outgoing year was an exception and we got rid of such problems. Suffice it to recall the large-scale attacks of the ShinyHunters group, which was behind the compromise of the platform for automating sales Salesloft and the AI-chat-bot Drift.
Or massive data breaches and blackmail affecting Salesforce customers, including FedEx, Disney and Hulu, Home Depot, Marriott, Google, Cisco, Toyota, Gap, McDonald’s, Walgreens, Instacart, Adidas, Saks Fifth Avenue, Air France and KLM, Transunion, HBO Max, UPS, Chanel and IKEA.
However, in 2025, we decided to call an attack of the year not at all, and the hacking of only one company - Jaguar Land Rover (JLR). Why? Because this hack has become one of the largest cyber incidents in the history of the country and affects the growth rates of the UK economy as a whole.
At the end of August 2025, the Scattered Lapsus$ Hunters group (the combination of members of the Scattered Spider, LAPSUS$ and ShinyHunters) conducted a devastating attack on JLR. As a result, the automaker was forced to urgently disconnect almost all its systems, which for many weeks paralyzed production at plants in the UK, India, China and Slovakia.
The scale of the incident without a shadow of exaggeration is striking:
production was stopped for more than a month (renewal began only in October);
JLR daily losses were estimated at between £5 and £10 million.
the total damage is estimated at 1.8 billion pounds sterling (193 billion rubles);
The attack affected more than 5000 organizations associated with the JLR supply chain;
due to the stoppage of factories, more than 100 thousand jobs around the world were under threat, and many suppliers were on the verge of ruin.
In addition, the UK government has allocated the JLR loan guarantee for 1.5 billion pounds sterling – the first case of such state support after a cyber attack. However, economists warned that the incident in any case can seriously affect the overall economic growth of the country, because JLR is one of the largest producers, which in 2024 accounted for about 4% of all exports of goods.
Other high-profile attacks of 2025
Hackers said they hacked into Aeroflot's systems. On July 28, 2025, representatives of Aeroflot reported that there was a failure in the operation of the airline's information systems. This attack led to the cancellation of more than 100 flights, and the responsibility for the incident was claimed by the hacktips of the Cybertricinaz BY and Silent Crow.
Adminshade LockBit hacked. In the open access published the Damp OBD MySQL. The famous extortionist group LockBit suffered from data leakage. Someone hacked the administrator panels designed for group partners, stole the data, defyed the admin and left the message: “Do not commit crimes, CRIMES – IT’S BAD, xo-xo from Prague.”
Internet provider Lovit has undergone a powerful DDoS attack. Residents of the houses of the largest Russian developer “PIK” in Moscow and St. Petersburg were left without the Internet for several days. The reason was a large-scale DDoS-attack aimed at the provider Lovit, which serves these houses. As a result, the FAS opened a case against PIK for the monopolization of Internet access to its residential complexes, and Roskomnadzor recognized the provider as not ready for attack and initiated tightening legislation in the field of cyber defense of telecom operators.
CoinMarketCap has been hacked. Hackers asked users to connect their wallets to the site. The popular site for tracking cryptocurrency rates CoinMarketCap suffered from a hacker attack. The attackers tried to steal cryptocurrency from visitors to the resource.
The operators of Darcula stole data of more than 884 thousand bank cards. Security specialists came to the conclusion that the phishing platform Darcula is responsible for the theft of 884 thousand bank cards. The victims of hackers around the world 13 million times have passed through malicious links received through text messages.
According to blockchain experts from Chainalysis, over the past year, attackers stole 3.41 billion dollars in cryptocurrency. More than 2.02 billion have been stolen by North Korean hackers.
Vulnerability of the Year: React2Shell
Although information about the React2Shell problem (CVE-2025-55182) has become publicly available in the early December 2025, this vulnerability is already compared to the acclaimed Log4Shell found in 2021, as it creates systemic risks for the entire industry.
The critical bug in the popular React library of Meta (the company’s activities is recognized as extremist and banned in Russia) received 10 points out of 10 possible on the CVSS scale and is associated with unsafe data rendering in React Server Components. The vulnerability allows you to remotely execute the code on the server using a regular HTTP request (without authentication and any privileges).
Worse, the same issues may be present in other React Server-implemented libraries, including Vite RSC plugin, Parcel RSC plugin, React Router RSC preview, RedwoodSDK, and Wak.
CVE-2025-55182 is already being subjected to mass attacks: it is used by ransomers, professional APT groups and opportunists who are pursuing financial benefits.
We dedicated a detailed article to React2Shell, in which we disassembled not only the problem itself, but also one of the unsuccessful exploits that are now actively replenished with the Internet. For example, back in mid-December, VulnCheck experts counted more than 140 public PoC exploits for React2Shell, about half of which really work, and the rest are either broken or deliberately misleading researchers.
But I would like to recall that the weakest link and “vulnerability” in the chain of safety is still a person. Even the best of us can fall for the bait of phishers and scammers.
This year there were two examples that vividly illustrate this idea. First, the victim of the hackers was a well-known I.S.O. expert and founder of the leakage unit Have I Been Pwned Troy Hunt, who suffered from a phishing attack. As a result, the attackers gained access to the mailing list in Mailchimp and the data of 16 thousand people. Secondly, a very similar incident occurred with one of the authors of Flipper Zero Pavel Zhovner, who spoke about how he became the victim of a phishing attack. As a result, the criminals seized control of his account in X and published a cryptocurrency scam there.
Other threats 2025
Uncorrected vulnerability in OnePlus devices allows any applications to read SMS. Specialists of Rapid7 found a vulnerability in several versions of OxygenOS (an Android-based OS used in OnePlus devices). The Bug allows any installed application to access data and metadata SMS messages without any permissions and user interactions.
Critical vulnerability in sudo allows you to get root rights in Linux. In the utility sudo found two vulnerabilities that allowed local attackers to increase their privileges to the level of root on vulnerable cars. A few months later, it was discovered that the problem was actively used by hackers.
Chrome fixed the 0-day vulnerability, which was used in attacks on Russian organizations. The developers of Google fixed the zero-day vulnerability (CVE-2025-2783) in Chrome, which allowed to escape from the sandbox of the browser. The problem was revealed by Kaspersky Lab specialists, who reported that the vulnerability was associated with Operation Fronty Troll, an APT-attack on Russian companies that used a chain of zero-day exploits.
Keenetic has forcibly updated user routers due to the vulnerability. Users of Keenetic routers found that their devices independently received a new version of the firmware, even if the automatic update was disabled in the settings. Representatives of the manufacturer confirmed the fact of forced renewal and said that it is associated with the found vulnerability.
The manufacturer for a year corrected the vulnerability that allowed to replenish the NFC card indefinitely. Researchers at the security company SEC Consult, part of Eviden, said that the payment solutions company KioSoft for more than a year eliminated a serious vulnerability affecting some of its NFC cards.
In February 2025, the attackers stole from one of the cold wallets of the Bybit exchange a cryptocurrency worth about $ 1.5 billion. It is the largest cryptocurrency hack in history, more than twice the previous record. We have devoted a separate article to this incident.
The Year’s Push: “The Great Firewall of China”
Agree, another story about the mass leakage of data or the source code of a company is boring as Monday. Unfortunately, such incidents occur almost every day, and they could be dedicated a separate digest, sadly illustrating the gaping holes of modern cybersecurity.
It is quite another thing – the leak of 600 GB of data related to the work of the “Golden Shield”, which is also called the “Great Chinese Firewall”. The network got internal documents, source codes, working logs and internal correspondence of developers, as well as package repositories and operational guidelines used to create and maintain a Chinese national traffic filtering system.
It is assumed that these files are associated with the MESA laboratory at the Institute of Information Engineering (the research division of the Chinese Academy of Sciences), as well as the company Geedge Networks, which, in turn, has long been associated with Fang Binxing (Fang Binxing) - one of the main developers of the "Golden Shield".
According to researchers from the Great Firewall Report team, the leak contains full-fledged assembly systems for DPI platforms, as well as code modules responsible for recognizing and slowing down certain locking tools. Much of this stack is aimed at detecting VPN methods DPI, SSL-Fingerprinting and full logging sessions.
Analysts believe that all these data will help identify vulnerabilities in specific protocols or operational flaws that will later be able to use by the creators of tools to bypass locks around the world.
No less interesting was another leak. At the end of September 2025, South Korea faced one of the largest technological disruptions in the country’s history. Two fires in data centers in a week paralyzed the work of hundreds of state-owned online services, including public services, postal and tax systems. The Prime Minister called the situation “digital paralysis”.
In the network there was a theory that the incident may be associated with an article published in the publication Phrack (legal ezine, which has been published since 1985), which tells in detail about the hacking of the systems of the North Korean hacker.
В июне 2025 года на страницах Phrackh появилось масштабное расследование под названием «APT Down: The North Korea Files»: хакеры под псевдонимами Saber и cyb00g написали статью, в которой рассказали о взломе аккаунта члена северокорейской шпионской хакерской группы Kimsuky (также известной как APT43 и Thallium).
Авторы публикации заявили, что им удалось взломать рабочую станцию с виртуальной машиной и VPS, принадлежащую северокорейскому хакеру, которого они назвали «Ким». Это позволило им скомпрометировать почти 20 тысяч записей и историю браузеров Chrome и Brave, принадлежащих злоумышленнику, чтобы украсть руководства по вредоносному ПО, пароли и адреса электронной почты, а также учетные данные для различных инструментов. Мы подробно проанализировали это исследование в отдельной статье.
В сети считают, что пожары в центрах обработки данных могли быть частью операции по уничтожению улик, обнаруженных в системах того же хакера из КНДР.
Другие крупные проекты 2025 года
Компания Keenetic сообщила об утечке пользовательских данных. Производитель сетевого оборудования Keenetic предупредил пользователей, зарегистрировавшихся до 16 марта 2023 года, о несанкционированном доступе к базе данных своего мобильного приложения. В результате инцидента некоторые данные настроек оборудования могут быть скомпрометированы. По сообщениям СМИ, утечка затронула около миллиона записей.
В даркнете на продажу были выставлены 89 миллионов записей Steam с 2F-кодами. Хакер под ником Machine1337 выставил на продажу массив данных, предположительно содержащий 89 миллионов записей пользователей Steam. В дампе были обнаружены SMS-сообщения с одноразовыми кодами для Steam, а также номера телефонов их получателей. Позже Valve сообщила, что утечка не связана со взломом Steam или систем компании.
Активисты скачали 86 миллионов аудиофайлов со Spotify и планируют выложить их в открытый доступ. Активисты из Anna's Archive заявили, что им удалось собрать почти всю музыкальную библиотеку крупнейшего стримингового сервиса Spotify. Они утверждают, что собрали метаданные для 256 миллионов треков, а также сами скачали аудиофайлы — 86 миллионов песен общим объемом около 300 ТБ.
Хакерская группа опубликовала в открытом доступе учетные данные 15 тысяч устройств FortiGate. Группа «Бельзен» выложила в даркнет конфигурационные файлы, IP-адреса и учетные данные VPN для 15 тысяч устройств FortiGate, предоставив другим преступникам свободный доступ к этой конфиденциальной информации.
Приложение Neon, которое платило за запись звонков, допускало утечку пользовательских разговоров и было закрыто. В конце сентября 2025 года приложение Neon, занимавшее второе место по популярности в Apple App Store, платило пользователям за запись телефонных разговоров и продавало данные компаниям, занимающимся искусственным интеллектом. Однако вскоре Neon обнаружило уязвимость, которая позволяла любому получить доступ к телефонным номерам, записям телефонных разговоров и расшифровке пользовательских разговоров.
Согласно статистике Cloudflare, глобальный интернет-трафик в 2025 году вырос на 19%. При этом 52% трафика TLS 1.3 уже использует постквантовое шифрование, а 52,1% всех запросов генерируются ботами.
Исследование года: Небезопасность спутниковой связи
Одно из самых интересных исследований года показало, что перехват спутникового трафика доступен любому, у кого есть 800 долларов и базовые знания в области радиосвязи.
Ученые из Калифорнийского университета в Сан-Диего и Мэрилендского университета обнаружили, что примерно половина сообщений с геостационарных спутников передается открыто, без какого-либо шифрования.
В течение трех лет наблюдений за дорожным движением группа перехватывала конфиденциальные данные корпораций, правительств и миллионов обычных пользователей: SMS-сообщения и звонки более чем 2700 абонентов T-Mobile, данные с американских военных кораблей, разведывательную информацию мексиканских военных о местонахождении вертолетов и борьбе с наркотрафиком, а также внутреннюю переписку мексиканской электроэнергетической компании с 50 миллионами клиентов, включая адреса и данные о неисправностях оборудования.
Эксперты озаглавили свое исследование «Не смотрите вверх», намекая на то, что владельцы спутниковых систем полагались на принцип «безопасности через сокрытие», исходя из того, что никто не будет сканировать спутники и следить за ними.
Другие интересные исследования 2025 года
Ошибка в железнодорожном протоколе позволяет остановить поезд с помощью SDR-устройств. Еще в 2012 году независимый эксперт по безопасности Нил Смит сообщил правительству США о серьезной уязвимости в стандарте железнодорожного сообщения. Однако даже в 2025 году эта проблема не была решена, и власти много лет отказывались признать правоту специалиста.
Исследователь мог бы это выяснить.
Attack of the Year: Hacking Jaguar Land Rover
Recently, we call a trend, not a specific incident. For example, in past years, we talked a lot about the insecurity of supply chains, attacks on which often provoke a real domino effect, as well as about mass hacks, behind which were specific hacks.
Unfortunately, it cannot be said that the outgoing year was an exception and we got rid of such problems. Suffice it to recall the large-scale attacks of the ShinyHunters group, which was behind the compromise of the platform for automating sales Salesloft and the AI-chat-bot Drift.
Or massive data breaches and blackmail affecting Salesforce customers, including FedEx, Disney and Hulu, Home Depot, Marriott, Google, Cisco, Toyota, Gap, McDonald’s, Walgreens, Instacart, Adidas, Saks Fifth Avenue, Air France and KLM, Transunion, HBO Max, UPS, Chanel and IKEA.
However, in 2025, we decided to call an attack of the year not at all, and the hacking of only one company - Jaguar Land Rover (JLR). Why? Because this hack has become one of the largest cyber incidents in the history of the country and affects the growth rates of the UK economy as a whole.
At the end of August 2025, the Scattered Lapsus$ Hunters group (the combination of members of the Scattered Spider, LAPSUS$ and ShinyHunters) conducted a devastating attack on JLR. As a result, the automaker was forced to urgently disconnect almost all its systems, which for many weeks paralyzed production at plants in the UK, India, China and Slovakia.
The scale of the incident without a shadow of exaggeration is striking:
production was stopped for more than a month (renewal began only in October);
JLR daily losses were estimated at between £5 and £10 million.
the total damage is estimated at 1.8 billion pounds sterling (193 billion rubles);
The attack affected more than 5000 organizations associated with the JLR supply chain;
due to the stoppage of factories, more than 100 thousand jobs around the world were under threat, and many suppliers were on the verge of ruin.
In addition, the UK government has allocated the JLR loan guarantee for 1.5 billion pounds sterling – the first case of such state support after a cyber attack. However, economists warned that the incident in any case can seriously affect the overall economic growth of the country, because JLR is one of the largest producers, which in 2024 accounted for about 4% of all exports of goods.
Other high-profile attacks of 2025
Hackers said they hacked into Aeroflot's systems. On July 28, 2025, representatives of Aeroflot reported that there was a failure in the operation of the airline's information systems. This attack led to the cancellation of more than 100 flights, and the responsibility for the incident was claimed by the hacktips of the Cybertricinaz BY and Silent Crow.
Adminshade LockBit hacked. In the open access published the Damp OBD MySQL. The famous extortionist group LockBit suffered from data leakage. Someone hacked the administrator panels designed for group partners, stole the data, defyed the admin and left the message: “Do not commit crimes, CRIMES – IT’S BAD, xo-xo from Prague.”
Internet provider Lovit has undergone a powerful DDoS attack. Residents of the houses of the largest Russian developer “PIK” in Moscow and St. Petersburg were left without the Internet for several days. The reason was a large-scale DDoS-attack aimed at the provider Lovit, which serves these houses. As a result, the FAS opened a case against PIK for the monopolization of Internet access to its residential complexes, and Roskomnadzor recognized the provider as not ready for attack and initiated tightening legislation in the field of cyber defense of telecom operators.
CoinMarketCap has been hacked. Hackers asked users to connect their wallets to the site. The popular site for tracking cryptocurrency rates CoinMarketCap suffered from a hacker attack. The attackers tried to steal cryptocurrency from visitors to the resource.
The operators of Darcula stole data of more than 884 thousand bank cards. Security specialists came to the conclusion that the phishing platform Darcula is responsible for the theft of 884 thousand bank cards. The victims of hackers around the world 13 million times have passed through malicious links received through text messages.
According to blockchain experts from Chainalysis, over the past year, attackers stole 3.41 billion dollars in cryptocurrency. More than 2.02 billion have been stolen by North Korean hackers.
Vulnerability of the Year: React2Shell
Although information about the React2Shell problem (CVE-2025-55182) has become publicly available in the early December 2025, this vulnerability is already compared to the acclaimed Log4Shell found in 2021, as it creates systemic risks for the entire industry.
The critical bug in the popular React library of Meta (the company’s activities is recognized as extremist and banned in Russia) received 10 points out of 10 possible on the CVSS scale and is associated with unsafe data rendering in React Server Components. The vulnerability allows you to remotely execute the code on the server using a regular HTTP request (without authentication and any privileges).
Worse, the same issues may be present in other React Server-implemented libraries, including Vite RSC plugin, Parcel RSC plugin, React Router RSC preview, RedwoodSDK, and Wak.
CVE-2025-55182 is already being subjected to mass attacks: it is used by ransomers, professional APT groups and opportunists who are pursuing financial benefits.
We dedicated a detailed article to React2Shell, in which we disassembled not only the problem itself, but also one of the unsuccessful exploits that are now actively replenished with the Internet. For example, back in mid-December, VulnCheck experts counted more than 140 public PoC exploits for React2Shell, about half of which really work, and the rest are either broken or deliberately misleading researchers.
But I would like to recall that the weakest link and “vulnerability” in the chain of safety is still a person. Even the best of us can fall for the bait of phishers and scammers.
This year there were two examples that vividly illustrate this idea. First, the victim of the hackers was a well-known I.S.O. expert and founder of the leakage unit Have I Been Pwned Troy Hunt, who suffered from a phishing attack. As a result, the attackers gained access to the mailing list in Mailchimp and the data of 16 thousand people. Secondly, a very similar incident occurred with one of the authors of Flipper Zero Pavel Zhovner, who spoke about how he became the victim of a phishing attack. As a result, the criminals seized control of his account in X and published a cryptocurrency scam there.
Other threats 2025
Uncorrected vulnerability in OnePlus devices allows any applications to read SMS. Specialists of Rapid7 found a vulnerability in several versions of OxygenOS (an Android-based OS used in OnePlus devices). The Bug allows any installed application to access data and metadata SMS messages without any permissions and user interactions.
Critical vulnerability in sudo allows you to get root rights in Linux. In the utility sudo found two vulnerabilities that allowed local attackers to increase their privileges to the level of root on vulnerable cars. A few months later, it was discovered that the problem was actively used by hackers.
Chrome fixed the 0-day vulnerability, which was used in attacks on Russian organizations. The developers of Google fixed the zero-day vulnerability (CVE-2025-2783) in Chrome, which allowed to escape from the sandbox of the browser. The problem was revealed by Kaspersky Lab specialists, who reported that the vulnerability was associated with Operation Fronty Troll, an APT-attack on Russian companies that used a chain of zero-day exploits.
Keenetic has forcibly updated user routers due to the vulnerability. Users of Keenetic routers found that their devices independently received a new version of the firmware, even if the automatic update was disabled in the settings. Representatives of the manufacturer confirmed the fact of forced renewal and said that it is associated with the found vulnerability.
The manufacturer for a year corrected the vulnerability that allowed to replenish the NFC card indefinitely. Researchers at the security company SEC Consult, part of Eviden, said that the payment solutions company KioSoft for more than a year eliminated a serious vulnerability affecting some of its NFC cards.
In February 2025, the attackers stole from one of the cold wallets of the Bybit exchange a cryptocurrency worth about $ 1.5 billion. It is the largest cryptocurrency hack in history, more than twice the previous record. We have devoted a separate article to this incident.
The Year’s Push: “The Great Firewall of China”
Agree, another story about the mass leakage of data or the source code of a company is boring as Monday. Unfortunately, such incidents occur almost every day, and they could be dedicated a separate digest, sadly illustrating the gaping holes of modern cybersecurity.
It is quite another thing – the leak of 600 GB of data related to the work of the “Golden Shield”, which is also called the “Great Chinese Firewall”. The network got internal documents, source codes, working logs and internal correspondence of developers, as well as package repositories and operational guidelines used to create and maintain a Chinese national traffic filtering system.
It is assumed that these files are associated with the MESA laboratory at the Institute of Information Engineering (the research division of the Chinese Academy of Sciences), as well as the company Geedge Networks, which, in turn, has long been associated with Fang Binxing (Fang Binxing) - one of the main developers of the "Golden Shield".
According to researchers from the Great Firewall Report team, the leak contains full-fledged assembly systems for DPI platforms, as well as code modules responsible for recognizing and slowing down certain locking tools. Much of this stack is aimed at detecting VPN methods DPI, SSL-Fingerprinting and full logging sessions.
Analysts believe that all these data will help identify vulnerabilities in specific protocols or operational flaws that will later be able to use by the creators of tools to bypass locks around the world.
No less interesting was another leak. At the end of September 2025, South Korea faced one of the largest technological disruptions in the country’s history. Two fires in data centers in a week paralyzed the work of hundreds of state-owned online services, including public services, postal and tax systems. The Prime Minister called the situation “digital paralysis”.
In the network there was a theory that the incident may be associated with an article published in the publication Phrack (legal ezine, which has been published since 1985), which tells in detail about the hacking of the systems of the North Korean hacker.
В июне 2025 года на страницах Phrackh появилось масштабное расследование под названием «APT Down: The North Korea Files»: хакеры под псевдонимами Saber и cyb00g написали статью, в которой рассказали о взломе аккаунта члена северокорейской шпионской хакерской группы Kimsuky (также известной как APT43 и Thallium).
Авторы публикации заявили, что им удалось взломать рабочую станцию с виртуальной машиной и VPS, принадлежащую северокорейскому хакеру, которого они назвали «Ким». Это позволило им скомпрометировать почти 20 тысяч записей и историю браузеров Chrome и Brave, принадлежащих злоумышленнику, чтобы украсть руководства по вредоносному ПО, пароли и адреса электронной почты, а также учетные данные для различных инструментов. Мы подробно проанализировали это исследование в отдельной статье.
В сети считают, что пожары в центрах обработки данных могли быть частью операции по уничтожению улик, обнаруженных в системах того же хакера из КНДР.
Другие крупные проекты 2025 года
Компания Keenetic сообщила об утечке пользовательских данных. Производитель сетевого оборудования Keenetic предупредил пользователей, зарегистрировавшихся до 16 марта 2023 года, о несанкционированном доступе к базе данных своего мобильного приложения. В результате инцидента некоторые данные настроек оборудования могут быть скомпрометированы. По сообщениям СМИ, утечка затронула около миллиона записей.
В даркнете на продажу были выставлены 89 миллионов записей Steam с 2F-кодами. Хакер под ником Machine1337 выставил на продажу массив данных, предположительно содержащий 89 миллионов записей пользователей Steam. В дампе были обнаружены SMS-сообщения с одноразовыми кодами для Steam, а также номера телефонов их получателей. Позже Valve сообщила, что утечка не связана со взломом Steam или систем компании.
Активисты скачали 86 миллионов аудиофайлов со Spotify и планируют выложить их в открытый доступ. Активисты из Anna's Archive заявили, что им удалось собрать почти всю музыкальную библиотеку крупнейшего стримингового сервиса Spotify. Они утверждают, что собрали метаданные для 256 миллионов треков, а также сами скачали аудиофайлы — 86 миллионов песен общим объемом около 300 ТБ.
Хакерская группа опубликовала в открытом доступе учетные данные 15 тысяч устройств FortiGate. Группа «Бельзен» выложила в даркнет конфигурационные файлы, IP-адреса и учетные данные VPN для 15 тысяч устройств FortiGate, предоставив другим преступникам свободный доступ к этой конфиденциальной информации.
Приложение Neon, которое платило за запись звонков, допускало утечку пользовательских разговоров и было закрыто. В конце сентября 2025 года приложение Neon, занимавшее второе место по популярности в Apple App Store, платило пользователям за запись телефонных разговоров и продавало данные компаниям, занимающимся искусственным интеллектом. Однако вскоре Neon обнаружило уязвимость, которая позволяла любому получить доступ к телефонным номерам, записям телефонных разговоров и расшифровке пользовательских разговоров.
Согласно статистике Cloudflare, глобальный интернет-трафик в 2025 году вырос на 19%. При этом 52% трафика TLS 1.3 уже использует постквантовое шифрование, а 52,1% всех запросов генерируются ботами.
Исследование года: Небезопасность спутниковой связи
Одно из самых интересных исследований года показало, что перехват спутникового трафика доступен любому, у кого есть 800 долларов и базовые знания в области радиосвязи.
Ученые из Калифорнийского университета в Сан-Диего и Мэрилендского университета обнаружили, что примерно половина сообщений с геостационарных спутников передается открыто, без какого-либо шифрования.
В течение трех лет наблюдений за дорожным движением группа перехватывала конфиденциальные данные корпораций, правительств и миллионов обычных пользователей: SMS-сообщения и звонки более чем 2700 абонентов T-Mobile, данные с американских военных кораблей, разведывательную информацию мексиканских военных о местонахождении вертолетов и борьбе с наркотрафиком, а также внутреннюю переписку мексиканской электроэнергетической компании с 50 миллионами клиентов, включая адреса и данные о неисправностях оборудования.
Эксперты озаглавили свое исследование «Не смотрите вверх», намекая на то, что владельцы спутниковых систем полагались на принцип «безопасности через сокрытие», исходя из того, что никто не будет сканировать спутники и следить за ними.
Другие интересные исследования 2025 года
Ошибка в железнодорожном протоколе позволяет остановить поезд с помощью SDR-устройств. Еще в 2012 году независимый эксперт по безопасности Нил Смит сообщил правительству США о серьезной уязвимости в стандарте железнодорожного сообщения. Однако даже в 2025 году эта проблема не была решена, и власти много лет отказывались признать правоту специалиста.
Исследователь мог бы это выяснить.
