5 Threats That Defined Security in 2025

The Salt Typhoon campaign underscores how nation‑state actors continue to exploit legacy network devices and telecom infrastructure to gain strategic intelligence. By compromising the US National Guard and major carriers, the group demonstrated the persistent gap in patch management for routers, VPNs, and other low‑visibility assets. Experts stress that unified, cross‑domain visibility and proactive threat hunting are essential to counter such persistent threats, especially as attackers leverage increasingly sophisticated supply‑chain techniques.

CISA’s budget reductions and workforce layoffs have ripple effects across the entire US cyber ecosystem. With the agency’s advisory services and vulnerability guidance curtailed, state and local governments—already under‑resourced—face heightened exposure to espionage and ransomware. The shift places a heavier burden on private‑sector threat‑intelligence providers and forces organizations to internalize capabilities that were previously subsidized by federal support, potentially widening the security gap between well‑funded enterprises and smaller municipalities.

Software supply‑chain vulnerabilities dominated the latter half of 2025, highlighted by React2Shell’s critical flaw in React Server Components and the self‑replicating Shai‑Hulud malware that corrupts open‑source packages. Both incidents reveal how a single vulnerable library can cascade across millions of applications, amplifying attack surface dramatically. The Salesforce integration attacks further illustrate that attackers are targeting the connective tissue of SaaS ecosystems, where OAuth tokens and third‑party connectors reside. Mitigation now demands rigorous component provenance checks, automated SBOM generation, and continuous monitoring of third‑party integrations to stay ahead of rapidly evolving threats.