**Top 10 Cyber Crime Stories of 2025**

The world of cybersecurity was once again a hotbed of activity in 2025, with threat actors pushing the boundaries of what is possible and leaving organizations scrambling to keep up. From high-profile attacks on household names like Marks & Spencer and Jaguar Land Rover, to the exploitation of artificial intelligence models and the rise of new hacking collectives, this year was one that will be remembered for a long time.

**1. Government Hackers Exploit Google Gemini AI**

At the start of 2025, Google's Threat Intelligence Group (GTIG) revealed that nation-state-backed threat actors were attempting to abuse its Gemini AI tool. The hackers, from countries including China, Iran, North Korea, and Russia, used Gemini to support various phases of their attack chains, including procurement, reconnaissance, vulnerability research, payload development, and post-compromise evasion techniques.

**

This marked a significant turning point in the cat-and-mouse game between threat actors and cybersecurity professionals, as it highlighted the increasing reliance on AI models to facilitate attacks.

**

**2. Advanced Software Fined £3m Over LockBit Attack**

In March 2025, the UK's Information Commissioner's Office (ICO) issued a £3.07m fine to Advanced Computer Software Group (now known as OneAdvanced) over a 2022 LockBit ransomware attack that crippled NHS services. The regulator found that the company's health subsidiary lacked adequate technical and organizational measures to ensure the security of its systems, highlighting gaps in multifactor authentication, vulnerability scanning, and patch management.

**

This case serves as a warning to organizations about the importance of prioritizing cybersecurity and implementing robust controls to prevent attacks.

**

**3. Cyber Attack Downs Systems at Marks and Spencer**

In April 2025, one of the biggest cyber attacks of the year unfolded against high street stalwart Marks & Spencer (M&S). The initial incident saw the retailer forced to pull multiple public-facing services offline, including online shopping, click-and-collect, and contactless payments. Days later, a second cyber attack affecting the Co-op Group drew more attention, and it soon emerged that the attacks were not the work of career Russian hackers, but an English-speaking hacking collective known as Scattered Spider.

**

This incident highlighted the increasing threat posed by domestic hacking collectives and the need for organizations to be vigilant in defending against these types of threats.

**

**4. Scattered Spider Cyber Gang Turns Fire on Aviation Sector**

By midsummer 2025, Scattered Spider attacks were spreading fast, with the hacking gang's members turning their attention to other industries – first the insurance sector and then aviation. Almost as soon as Mandiant threat researchers issued an alert, multiple airlines reported cyber incidents, and more were to follow.

**

This incident highlighted the potential for widespread disruption caused by a single hacking collective and the need for organizations in various sectors to be prepared to defend against these types of threats.

**

**5. Four Arrested in M&S Attack Investigation**

On 10 July 2025, the UK's National Crime Agency (NCA) announced the arrests of four people in its investigation into the M&S and Co-op attacks. The arrests of two men aged 19, a third aged 17, and a 20-year-old woman were made at their home addresses in London, Staffordshire, and the West Midlands.

**

This development marked a significant breakthrough in the investigation and highlighted the importance of international cooperation in combating cybercrime.

**

**6. Researchers Firm Up ShinyHunters, Scattered Spider Link**

In August 2025, researchers working on the ShinyHunters hacking collective discovered evidence suggesting a deliberate partnership between ShinyHunters and Scattered Spider, both of which had previously been linked to the wider cybercrime network known as The Com.

**

This finding highlighted the complex web of relationships between different hacking collectives and the need for organizations to stay vigilant in defending against these types of threats.

**

**7. Cyber Attackers Damage Jaguar Land Rover Production**

At the start of September 2025, UK carmaker Jaguar Land Rover (JLR) became the latest organization to fall victim to a major cyber attack, with hackers linked to Scattered Spider allegedly responsible for the incident.

**

This incident highlighted the potential for widespread disruption caused by a single hacking collective and the need for organizations in various sectors to be prepared to defend against these types of threats.

**

**8. Oracle Patches E-Business Suite Targeted by Cl0p Ransomware**

From summer 2025 onwards, multiple organizations, including prominent universities and media organizations in the US, were targeted by the Cl0p cyber extortion gang after its members successfully weaponized a vulnerability in Oracle E-Business Suite (EBS).

**

This incident highlighted the importance of staying up-to-date with security patches and the need for organizations to prioritize cybersecurity when working with third-party vendors.

**

**9. Jaguar Land Rover Attack to Cost UK £1.9bn, Say Cyber Monitors**

As disruption from the JLR incident rolled on through the autumn, cyber monitors declared the incident a Category 3 Systemic Event on its 'hurricane' scale. Accounting for various factors, they said the financial cost of the incident would likely hit about £1.9bn and could potentially run higher.

**

This finding highlighted the significant economic impact of cyber attacks and the need for organizations to prioritize cybersecurity as a business imperative.

**

**10. UK Government Pledges to Rewrite Computer Misuse Act**

In December 2025, the long-running battle to reform the outdated Computer Misuse Act (CMA) of 1990 took a step forward when it was announced that the government planned to make changes that would protect ethical hackers from prosecution by giving them a statutory defence in law.

**

This development marked a significant breakthrough in the ongoing debate about cybersecurity and the need for organizations to prioritize security research and testing.

**

These 10 stories demonstrate the ever-changing landscape of cyber threats and the importance of prioritizing cybersecurity as a business imperative. As we look to the future, it is clear that the cat-and-mouse game between threat actors and cybersecurity professionals will continue to play out, with new challenges emerging every day.