How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits. Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities.
Once again threat actors kept cyber pros on their toes in 2025 in a never-ending cat-and-mouse game. But amid the noise, there were some notable stories and incidents affecting household names in the UK - the likes of Marks & Spencer, Co-op, and Jaguar Land Rover - meaning that 2025 will undoubtedly live long in the memory. Here are Computer Weekly's top cyber crime stories of 2025
On December 8, 2024, DataBreaches reported that Watsonville Community Hospital in California was continuing to respond to what they referred to as a cyberattack on November 29. No gang had claimed responsibility at that point, patients hadn't been notified yet, and the hospital wasn't stating whether the attack involved encryption of any files. Weeks later, and in a substitute notice posted on December 31, 2024, they noted that patients' name, date of birth, Social Security number, passport number, and diagnosis information may have been present in files that had been accessed in a "recent data security event" that was still under investigation. The hospital did not confirm or deny whether this was a ransomware attack.
The AI company said while its large language models (LLMs) refused the threat actor's direct requests to produce malicious content, they worked around the limitation by creating building-block code, which was then assembled to create the workflows. Some of the produced output involved code for obfuscation, clipboard monitoring, and basic utilities to exfiltrate data using a Telegram bot. It's worth pointing out that none of these outputs are inherently malicious on their own.
The threat actor leveraged combinations of sophisticated and stealthy techniques creating multilayered attack kill chains to facilitate access to restricted and segmented network assets within presumed to be isolated environments.
