Welcome to chakshu scribbles | Food for thought, Beyond the NOISE.

We are only as strong as the weakest link in the chain.

This age old proverb never seems to fade out and specially now days when applied to ‘Cybersecurity in the Age of AI’. When the threat surface area and the ways of digital exploitation are on the rise.

It just takes a small weak link to bring the whole house down.

The pace of change of technological advancements in last few year have been never like before specially after launch of chat GPT in 2022. The pace of change is too fast to be adapted by any one specially Big Elephants – government, organization’s and large corporations.

In this blog I will delve into top 5 Cybersecurity incidents of 2025 and will categorize them on below areas.

• What happened?
• Why it happened?
• Business impact and cost implications?

& lastly could they have been avoided? share some best practices.

---

Some Stat’s and Trends for context setting:

• Estimated cost of Cyber crime in 2025 was 10 Trillion USD.¹ This is 6 times larger than the annual GDP of Australia in 2025 ca. 1.75 trillion USD.
  
• Globally, over 300 billion passwords are currently in use and open for sale on dark web. More than 30% of the world’s population is still offline and will immediately become vulnerable when they connect to the internet.
  
• A survey done by world economic forum reported advancement of adversarial capabilities due to AGI, concerns the fortune 500 organizations the most.²
  

---

1. Jaguar Land Rover (JLR) targeted by cattered Spider cybercrime group – Sept’25.³

What happened: The British automotive giant was targeted by the Scattered Spider cybercrime group. Instead of a standard background data leak, this attack hit JLR’s operational technology (OT) and production systems.

How it could have been avoided:

• Rigorous patch management specially for zero day vulnerabilities on business critical infrastructure.
• Network segmentation by isolating corporate IT network into DMZ and placing critical production systems into different isolated network.

---

2. Bybit – Dubai based cryptocurrency exchange suffered 1.5 bn USD theft of ETH currency – Feb’25

What happened: North korean state sponsored threat actor Lazarus group siphoned away 1.5 bn usd worth ETH coins from their exchange.

How it could have been avoided:

• Zero trust vendor governance of 3rd party open source and careful usage of free software utilities.
  
• Using trusted Human in the loop approvals for high value asset transfer jobs to confirm the recipients address is not tampered with.

---

3. Salesforce – OAuth and drift integration compromised causing data leakage of 700 Global organizations – Mid 2025.

What happened: Attackers targeted security vulnerabilities to Drift OAuth integrations tied to Sales force. They managed to hijack active oauth and refresh tokens.

How it could have been avoided:

• Tightening OAuth governance process and enforcing short lived session lifetimes for API integrations.
  
• Periodic SAAS posture management i.e actively monitoring the access permission of all 3rd party integrations.

---

4. South korean Telecom suffered massive infrastructure data breach – dec’25

What happened: Hackers managed to breach the critical infra. of a major south korean telco and stole Home subscriber server (HSS) and USIM data or ca. 23 mn customers exposing cellular routing and data protocols.

How it could have been avoided:

• Continuos Behavioral analytics i.e deploying user and entity behaviour analytics systems to immediately flag massive unauth access.
  
• Robust incident management process can help in timely notificaiton to legal and strict compliance with regulations.

5. Marks & Spencer suffer massive consumer and market value disruption – April’25

What happened: Scattered spider and dragon force orchestrated a massive Ransomware campaign on M&S. It knocked their online ordering systems, mobile applications, and many other sales services.

How it could have been avoided:

• Strict Helpdesk Authentication: Implementing un-phishable verification methods (like physical security keys or biometric push apps) for internal employees requesting password or MFA resets.
  
• MFA for Active Directory Access: Restricting identity management systems behind tight conditional-access policies.

---

What next?

If any thing we can learn from the last 4 years since chatGPT was first launched, is this will only accelerate – For good or bad :)

A simulation (see below) on possible scenarios AI can branch out by end of this decade is nicely shown below. ⁴

Will US centralize compute and it Slows down or Race further?
Will ASI help solve the cybersecurity issues or will end the humanity?

Only time will tell, till then be merry and enjoy life :)

Love & Peace,

/Chakshu Arora

---

References:

1. https://www.jerichosecurity.com/blog/cost-of-cybercrime-to-reach-10.5-trillion-by-2025 ↩︎
2. https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf ↩︎
3. https://www.cm-alliance.com/cybersecurity-blog/biggest-cyber-attacks-of-2025-their-impact-on-global-cybersecurity#:~:text=What%20began%20as%20a%20security,JLR’s%20production%20lines%20remained%20suspended. ↩︎
4. https://ai-2027.com/summary ↩︎

---

1 Quote and 1 Book recommendation.

Looking for more reading suggestions?
Dive into my full 👉 [2026 Reading List & Curation Guide].

---

---