Landmark network, server and infrastructure attacks from across the years — and what they teach us. Curated by the Nova Security Operations SOC.
Security teams report a sharp rise in convincing AI-generated phishing, voice-cloning and deepfake fraud, pushing organisations toward phishing-resistant MFA and stronger identity verification.
Source: Nova SOC threat outlookInternet-facing VPNs, firewalls and file-transfer appliances remain the most exploited initial-access point, underscoring the need for rapid patching and exposure monitoring.
Source: Nova SOC threat outlookMore ransomware crews skip encryption and rely purely on data theft and extortion, raising the importance of egress monitoring, backups and least-privilege access.
Source: Nova SOC threat outlookA steady stream of critical flaws in remote-access and edge devices kept defenders patching through 2025 as attackers raced to weaponise each new disclosure.
Source: Vendor advisoriesRansomware groups stepped up attacks on hospitals, manufacturers and logistics firms, with data-extortion tactics causing widespread operational disruption.
Source: Incident respondersAttackers exploited a flaw in SonicWall secure-access appliances to breach networks, prompting urgent patching guidance.
Source: Vendor advisoryA misconfigured, internet-exposed database at an AI service left chat histories and internal secrets publicly accessible until it was secured.
Source: Security researchersA critical authentication-bypass flaw in FortiOS and FortiProxy was exploited to take over internet-facing firewalls and create rogue administrator accounts.
Source: Vendor advisoryThe Cl0p extortion group exploited zero-days in Cleo file-transfer software to steal data from many organisations, echoing earlier mass file-transfer campaigns.
Source: Threat intel vendorsA fresh zero-day in Ivanti Connect Secure VPN appliances was exploited in the wild, continuing a run of edge-device attacks.
Source: Government advisoriesA widely used education software platform disclosed a breach exposing the personal data of students and teachers across many school districts.
Source: Operator disclosureNetwork and cloud providers reported mitigating some of the largest volumetric distributed-denial-of-service attacks ever measured, driven by large botnets and protocol abuse.
Source: Cloud providersState-linked actors were discovered embedded in several major telecom networks, reportedly reaching call-records and lawful-intercept systems.
Source: Government advisoriesA zero-day in Fortinet FortiManager was abused to reach managed firewalls and steal device configurations and credentials.
Source: Vendor advisoryA major digital library disclosed a breach exposing tens of millions of user records, alongside disruptive denial-of-service attacks.
Source: Operator disclosureA chain of flaws in the CUPS printing system could allow remote code execution on many Linux machines and be abused to amplify DDoS attacks.
Source: Security researchersA critical flaw in Veeam Backup and Replication was used by ransomware groups to gain remote code execution on backup servers.
Source: Vendor advisoryA background-check data broker leaked an enormous trove of personal records, including a large number of Social Security numbers.
Source: Public disclosureA defective security-sensor update crashed millions of Windows machines worldwide, grounding flights and disrupting hospitals, banks and broadcasters in one of the largest IT outages ever.
Source: Vendor disclosureA major telecom disclosed that months of call and text metadata for nearly all of its customers had been stolen from a third-party cloud data platform.
Source: Company disclosureA newly discovered remote-code-execution flaw in OpenSSH put a large number of internet-facing Linux servers at risk.
Source: Security researchersA remote-access software vendor disclosed a state-linked intrusion into its internal corporate IT environment.
Source: Company disclosureA widely embedded JavaScript service was repurposed after a change of ownership to deliver malicious code to hundreds of thousands of websites.
Source: Security researchersAttackers used stolen credentials on accounts lacking multi-factor authentication to exfiltrate large datasets from many organisations cloud data warehouses.
Source: Incident respondersA major hardware vendor disclosed that an online portal had been scraped for tens of millions of customer records.
Source: Company disclosureA large-scale credential brute-forcing campaign hammered VPN and SSH services on Cisco, Fortinet and other edge devices worldwide.
Source: Vendor advisoriesA command-injection zero-day in Palo Alto firewalls was exploited in the wild before a patch was available.
Source: Vendor advisoryA maintainer-planted backdoor in the widely used XZ Utils compression library was spotted just days before reaching mainstream Linux distributions, narrowly averting a massive supply-chain compromise.
Source: Open-source communityA ransomware attack on a major US healthcare payments processor disrupted insurance claims and prescriptions across the country for weeks.
Source: Operator disclosureA trivially exploitable authentication-bypass flaw in ConnectWise ScreenConnect remote-access software was rapidly abused to deploy ransomware.
Source: Vendor advisoryAuthorities warned that a state-sponsored group had quietly embedded itself in critical-infrastructure networks, apparently preparing for potential future disruption.
Source: Government advisoriesChained zero-days in Ivanti Connect Secure VPN appliances were mass-exploited to breach corporate networks, prompting emergency directives.
Source: Government advisoriesState-linked attackers used password-spraying against a forgotten legacy account to read the email of senior staff at a major software vendor.
Source: Company disclosure