Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

December 31, 2025

TL;DR

Supply-chain attacks were prevalent, enabling attackers to infect millions of users by compromising widely used software or services.
A cryptocurrency scam in December 2024 netted hackers $155,000 by introducing a backdoor into a Solana blockchain code library.
Other notable supply-chain attacks included backdoored packages in Go, mass flooding of NPM with malicious packages, and compromises affecting hundreds of e-commerce companies.
AI chatbots were vulnerable to memory poisoning, where fictional events inserted into their memory influenced future malicious actions.
Prompt injection attacks targeted AI chatbots like ElizaOS and Google Gemini, causing them to alter critical functions or lower security defenses.
AI assistants were used to help cover up illegal activities and to deliver malicious software, as seen in cases involving government data theft and a Disney employee hack.
CoPilot exposed private GitHub repositories, and Meta and Yandex were found to be de-anonymizing Android users' browsing histories.
Major cloud providers experienced significant outages: Amazon Web Services suffered a 15-hour outage due to a software bug, Cloudflare had widespread slowdowns, and Azure also experienced an outage.
Honorable mentions include the Deepseek iOS app sending unencrypted data and flaws in Apple chips that could leak secrets.
Signal's significant overhaul to withstand quantum computer attacks was highlighted as a major engineering achievement and a success story for 2025.

Continue reading
the original article