The cyber threats to watch in 2025, and other cybersecurity news to know this month

The cyber threat landscape in 2025 will be shaped by increasingly sophisticated attacks, with ransomware, social engineering and AI-powered cybercrime remaining top concerns, according to the World Economic Forum's latest Global Cybersecurity Outlook.

Data breaches continued at historic levels in 2024, with 3,158 data compromises tracked by the Identity Theft Resource Center - on par with the previous record-breaking year. However, victim notices surged 211% to 1.3 billion, but this was largely due to five mega-breaches, each triggering over 100 million notices.

While 66% of organizations see AI as the biggest cybersecurity game-changer this year, only 37% have safeguards to assess AI tools before use, the report finds. This highlights the gap between awareness of AI risks and its unchecked adoption, adding to the growing complexity of cyberspace, where emerging technologies, geopolitical tensions and supply chain vulnerabilities are creating new challenges for cybersecurity.

Here are six key cybersecurity vulnerabilities anticipated by leaders in 2025:

The Chinese AI app DeepSeek sent shockwaves through the tech world in January, with claims its new model was trained at a fraction of the cost of rivals like ChatGPT, causing billions to be wiped off global stock markets.

However, as millions flocked to the platform, including government workers, many unknowingly shared sensitive personal data, reports Security Week. This highlights a growing concern: users often overlook privacy risks when signing up for new services, especially on social media and tech platforms, making them prime targets for cybercriminals.

In February, South Korea accused DeepSeek of leaking data, as reported by the BBC, prompting the country to remove it from app stores over data protection concerns.

Meanwhile, Australia and Taiwan have prohibited the chatbot on government devices, and the US Congress is contemplating a bill to enforce a similar ban, according to Al Jazeera.

The US Cybersecurity and Infrastructure Security Agency has paused all election security work to review its efforts over the past eight years, reportedly in response to concerns about election integrity, according to WIRED.

Microsoft plans to invest an additional $700 million in Poland to boost cybersecurity, in partnership with the country's armed forces, Reuters reports. The investment is part of a second phase of a $1 billion data centre project started in 2020.

The Philippines has detected foreign attempts to access intelligence data, but no breaches have occurred, according to the country's cyber minister, Ivan Uy. He noted that Advanced Persistent Threats, which are often but not always state-backed, have repeatedly attempted to infiltrate government systems.

Italy's cybersecurity agency reported that around 20 websites, including those of banks and airports, were targeted by the pro-Russian hacker group Noname057(16) on 17 February. The attack, which included sites of Intesa Sanpaolo, Banca Monte dei Paschi, and Milan's Linate and Malpensa airports, caused no major disruption, according to the agency.

Sony offered PlayStation Plus members an extra five days of service after an 18-hour PlayStation Network outage that affected over 15,000 users, including 7,939 in the US and 7,336 in the UK. The disruption temporarily prevented sign-ins, online gaming and access to the store.

French prosecutors have launched an investigation into Elon Musk's X social media platform over claims of algorithmic bias. The probe follows a 12 January complaint from a lawmaker, alleging that X's algorithms may have distorted an automated data processing system.

Fraudsters used an AI deepfake to steal $25 million from UK global engineering and design firm Arup. Here the company's CIO, Rob Greig, shares key lessons learned on boosting cyber resilience amid rising threats.

The World Economic Forum's Global Cybersecurity Outlook 2025 reveals a rising threat from complex supply chains, making cybersecurity more unpredictable than ever. With last year’s historic IT outage highlighting the stakes, experts point to five key risk factors from supply chain interdependencies that are driving this growing challenge.

Cybercrime, including ransomware and AI-driven attacks, disrupts businesses globally, fuelled by personal data, writes Robert Boyce, Accenture’s Cyber Resilience Services Lead. Here, he stresses the importance of defining a minimum viable company (MVC) and modernizing infrastructure to ensure rapid recovery after attacks.