The 2025 Convergence: AI, Critical Infrastructure, and the Supply Chain Siege
The 2025 cyber landscape was redefined by the convergence of AI-driven tactics, nation-state pre-positioning in critical infrastructure (such as water, energy, and transport), and mass exploitation of supply chain weaknesses via social engineering and perimeter device zero-day vulnerabilities.
🎧 Listen to this Episode
Show Notes
We analyze the defining cyber conflicts of 2025, dominated by state-sponsored actors like Volt Typhoon pre-positioning in critical infrastructure and groups like Salt Typhoon compromising global telecommunications networks for espionage. The season also saw ransomware evolve with extreme speed, exemplified by the Akira group's ultra-short dwell times (as low as 55 minutes) and the emergence of AI-powered malware like "PromptLock" that generates encryption scripts in real-time. Critical vulnerabilities stemmed from sophisticated supply chain breaches, where groups like ShinyHunters exploited third-party SaaS platforms via vishing and utilized zero-days like ToolShell to compromise dozens of major organizations.
https://breached.company/summer-2025-cyber-attack-retrospective
https://breached.company/threat-intelligence-report-summer-2025-cyber-threat-landscape
Sponsor:
Enjoying CISO Insights?
Subscribe to get new episodes delivered directly to your podcast app.