How 2025’s Most Damaging Cyberattacks Exposed Digital Fragility

An analysis of 2025’s major cyber incidents reveals how ransomware attacks on retailers and manufacturers, cloud infrastructure failures, and the first artificial intelligence-orchestrated espionage campaign exposed critical vulnerabilities in interconnected digital systems, according to a new report from Tokio Marine HCC.

The past year delivered a sobering message to risk managers and security leaders: modern business infrastructure is far more fragile than most organizations realized, Tokio Marine HCC said.

The U.K. retail sector felt the impact acutely when Marks & Spencer suffered a ransomware attack in April that forced the company to suspend online ordering and in-store digital systems, ultimately costing an estimated £300 million ($406 million) in operating profit, the report said.

The timing proved no coincidence—as retailers Co-op and Harrods disclosed separate breaches within the same period, pointing to a coordinated campaign against the sector.

Meanwhile, Jaguar Land Rover’s August ransomware incident proved even more economically devastating, with losses reaching £1.9 billion ($2.5 billion), making it “the most economically damaging cyber event to hit the U.K.,” according to the Cyber Monitoring Center, the report noted.

Beyond attacks targeting specific organizations, the infrastructure layer itself proved vulnerable, according to Tokio Marine HCC.

In October alone, AWS, Microsoft Azure and Cloudflare each suffered major outages within weeks of each other. While unrelated, these incidents underscored a critical vulnerability, the report said: a small number of cloud providers now support a disproportionately large share of global internet infrastructure, meaning technical failures can cascade across industries and geographies in minutes.

The Supply Chain Emerges as the Weakest Link

Supply chain vulnerabilities proved to be recurring threads throughout 2025’s incident landscape, the report said.

In September, attackers compromised hundreds of JavaScript packages in the npm ecosystem, an online registry of open source JavaScript code, through a phishing campaign that targeted package maintainers. The malicious code, dubbed Shai Hulud, automatically harvested personal credentials including GitHub tokens and cloud access keys when installed, then republished infected versions to spread laterally across the registry.

A Salesforce customer data breach in August similarly exploited integration points rather than core platform vulnerabilities, the report saidf. Attackers compromised OAuth tokens linked to the Drift application integration with Salesforce, gaining unauthorized access to customer relationship management data across hundreds of Salesforce environments.

These incidents illustrated how the interconnected nature of modern software development and business applications creates multiple pathways for attackers to reach downstream victims, according to Tokio Marine HCC.

Oracle Cloud customers also discovered their infrastructure at risk last march, when threat actors claimed to have accessed over 140,000 tenants through legacy middleware vulnerabilities, accessing encryption keys and authentication systems. Several independent security vendors confirmed that elements of the released data matched production environments, amplifying concerns about patch management practices across enterprise infrastructure, the report said.

The AI Wild Card: A New Frontier for Attackers

Perhaps the most significant development came in September when security researchers identified what experts believe is the first large-scale AI-orchestrated cyberattack, Tokio Marine HCC said.

A Chinese state-sponsored cyber-espionage group leveraged Anthropic’s Claude AI to automate between 80 and 90% of an intrusion lifecycle, targeting approximately 30 organizations globally including technology firms, financial institutions and government agencies. The campaign highlighted how AI is rapidly enabling attackers to scale their operations far beyond traditional capabilities.

Obtain the full report here. &