In 2025, we’ll have featured over 2,000 stories on Cyber Security Headlines, covering everything from zero-days to policy changes to breach notifications. When we looked at what we covered in the aggregate, here’s what we found.
The Big Picture
Our coverage broke down into these major categories:
1. AI/ML Security
If 2024 was the year everyone started talking about AI security, 2025 was the year it became impossible to ignore. Nearly a quarter of all stories we covered involved artificial intelligence and machine learning security, from LLM prompt injections to AI-powered attacks to deepfakes targeting executives. Both threat actors and organizations are trying to figure out how to use these new tools in real time.
What’s remarkable isn’t just the volume, but the consistency. We covered at least 32 AI security stories every single month. This wasn’t a flash-in-the-pan trend that peaked and faded; it was a steady drumbeat throughout the entire year.
In 2026, we’ll see if attacks become more sophisticated. What is exceptional this year may become commonplace, just like we saw with ransomware coverage. We’ll keep looking for fresh angles, new threats, and where there’s innovation in cybersecurity
2. Vulnerabilities/Exploits
The classics never go out of style. CVEs, zero-days, and patch cycles remained a constant presence, averaging over 20 stories per month. From Microsoft’s monthly Patch Tuesday to critical vulnerabilities in widely-deployed software, this category is a constant reminder to focus on the fundamentals.
This year highlighted that even when organizations are reasonably responsible for patching their own systems, they are often let down by third parties. Combined with increasingly sophisticated attacks on software supply chains, we’ve seen plenty of new twists. We can’t report on every critical CVE, but our goal is always to provide context on the ones that matter.
3. Malware
While ransomware gets the headlines (and its own category), good old-fashioned malware continues to evolve. Infostealers, trojans, and sophisticated backdoors kept security teams busy in 2025. February saw a particularly intense wave with 26 malware stories in a single month. We’ll keep you in the loop on what’s new and where it’s being used, and we’ll provide links back to the research for a deep dive.
4. Data Breach
From massive database exposures to targeted credential theft, data breaches remain a near-daily occurrence. The scale ranged from the jaw-dropping (16 TB MongoDB databases with 4.3 billion records) to the quietly concerning (yet another vendor, yet another breach notification). The challenge for all of us is not to become numb to these numbers. In an age when LLMs make automating phishing and social engineering attacks trivial, even supposedly “minor” data breaches that “only” expose names, phone numbers, emails, and addresses can be easily weaponized.
5. APT/Nation-State
In breaking “news that might keep you up at night,” our nation-state coverage more than doubled from early 2025 to mid-year. This reflected increasingly aggressive geopolitical tensions playing out in cyberspace. Pick your poison when it comes to the source. We saw significant activity from the expected places: Russia, China, Iran, and North Korea. New to the mix are threat groups in Southeast Asia and Sub-Saharan Africa.
The subtext to all these stories is the continuing reconfiguration of CISA, and indeed the whole US government cybersecurity apparatus. The leadership, mandate, and resources of many federal agencies were in flux all year. Heck, funding for the CVE program almost lapsed! This confusion likely fueled APT activity, or at least did little to curb it.
6. Ransomware
Ransomware has become the “new normal”: still significant and costly, but no longer the explosive growth story it was in previous years. That said, July 2025 saw a notable spike, suggesting that certain groups were still very active. We could cover a ransomware story every day if we wanted, but this shows we’ve set a higher bar for notability to feature it on the show. Getting listed on a breach site is distressingly common. We highlight the ransomware attacks that show new tactics, new groups, and new economics.
The Trends That Defined 2025
AI Security is now the main character
In January, we were covering AI security as an emerging concern. By December, it was infrastructure. The evolution was remarkable:
- Early 2025: Stories focused on theoretical risks and proof-of-concept attacks
- Mid-2025: Real-world incidents involving AI systems being compromised or used in attacks
- Late 2025: Entire large-scale autonomous threat campaign done with Claude
The shift wasn’t just in quantity but in maturity. We went from “Can you jailbreak ChatGPT?” to “How do we secure AI in production environments?”
Feeling the pain
One thing that stood out this year was real-world pain. We saw several municipal governments limit operations following cyberattacks. Attacks disrupted manufacturing, impacting everything from beer to cars, and took production offline for weeks. British retailers had a horrible summer and fall.
Security professionals know the pain these attacks can cause organizations: millions in resources, weeks of overtime, and enough finger-pointing to get RSI (repetitive strain injury). But this year, end consumers saw very real consequences from cyberattacks; it’s becoming more the rule than the exception. The silver lining is that this increased everyday awareness might compel organizations to make cybersecurity a stronger mandate.
The Geopolitical Escalation
The APT/nation-state story of 2025 wasn’t any single campaign—it was the sheer volume. We saw:
- More aggressive targeting of critical infrastructure
- Expanded targeting beyond traditional espionage goals
- Attribution is becoming both faster and more politically charged
- A lower barrier to entry for less sophisticated states
Looking ahead
We’ve been publishing Cyber Security Headlines for 5 years. If that time has taught us anything, it’s that predicting what’s coming in cybersecurity news is a fool’s errand. The safest prediction might be that 2026 will be a lot like 2025, only moreso. In fact, we’ve made that prediction every year, and we’ve always been right.
Speaking for myself, Steve Prentice, Lauren Verno, and Sarah Lane, thank you for listening to the Cyber Security Headlines podcast, reading our newsletter, and participating in our Department of Know live stream. We strive to present these stories clearly and concisely, giving you the information you need to apply them to your work. We’ll see you in 2026.