Introduction
In 2025, the world witnessed a surge in cyberattacks, both in volume and sophistication. These attacks targeted various sectors worldwide, including Mexico, China, the United States, Brazil, Europe, and Australia. The year highlighted two concurrent trends: the increasing frequency of cyberattacks and their growing industrial nature, leveraging vulnerable supply chains, compromised credentials, and automation.
Mexico’s Cybersecurity Landscape
Mexico experienced over 40,000 million cyberattack attempts in the first half of 2025, ranking it as the second most vulnerable country in Latin America, according to Fortinet data. This context prompted a shift from addressing isolated incidents to focusing on national resilience, with an emphasis on prevention, coordination, and reporting obligations.
Mexico unveiled its first National Cybersecurity Plan, incorporating real-time operational components such as a national operations center (CNSOC), a national CSIRT, critical infrastructure inventory, alert mechanisms, mandatory guidelines, and public sector training.
Key Cyberattacks in Mexico
Ransomware Attack on PCM (Mexico)
One of the most notable incidents in Mexico was the ransomware attack on PCM, a supplier of large corporations. The RansomHub group claimed responsibility, extracting 3 GB of sensitive information, including contracts and communications, before leaking it on the dark web following warnings.
This case is significant not only for the direct hit but also for its message. The ultimate target isn’t always the “largest victim,” but rather an intermediary with privileged access. The “attack on the supply chain” logic emerges here as a means to amplify impact and exert reputational pressure.
Massive Data Leak in a State Fiscal (Guanajuato)
In November, the Guanajuato Fiscalía acknowledged a cyberattack that exposed over 250 GB of confidential data, internal emails, and sensitive files. The Tekir APT group claimed responsibility for the ransomware attack, which also affected internal platforms and services.
Beyond the volume, this episode underscores the institutional cost of a data breach, damaging investigations, endangering victims and witnesses, and eroding public trust. Such incidents push governments to establish minimum common rules and response protocols.
Global Cyberattacks
Massive Data Exposure in China (4 Billion Records)
One of the scale extremes was a database exposure in China, with over 630 GB of unprotected data exposing more than 4 billion records containing personal and financial information, as well as data linked to WeChat and Alipay.
This incident illustrates an enduring, yet persistent problem: basic database security (credentials, access controls, encryption, monitoring) continues to fail on a large scale. When the volume measures in billions of records, the potential damage (fraud, impersonation, consumer profiling) becomes systemic.
McDonald’s Chatbot Vulnerability (64 Million Applicants)
The year also highlighted an uncomfortable signal about accelerated digitalization. Efficient systems can become part of the attack surface. For instance, a leak associated with McDonald’s chatbot (Olivia, implemented by Paradox.ai) used in recruitment processes was discovered due to a critical flaw in an administration page accepting weak credentials, potentially granting access to data of 64 million applicants.
The point isn’t just the incident but the pattern. Automating sensitive processes (recruitment, payments, customer service) accumulates personal data repositories that, without robust governance controls, turn into a goldmine for attackers.
Qantas: 5 Million People Exposed Through Outsourced Call Center
In June, Australian airline Qantas suffered an attack exposing information of 5 million people. The intrusion reportedly occurred through its customer service center in the Philippines, attributed to the Scattered Lapsus$ Hunters group. The attackers reportedly obtained emails, birthdates, and phone numbers but not passports or financial data.
United Natural Foods, USA: Supply Chain Disruption
In June, United Natural Foods, a major U.S. food distributor, faced an incident that halted parts of its operation and affected order processing and distribution. The result was disruptions leading to losses and temporary shortages in supermarket stock.
Brazil: Historic Attack on Financial System (PIX) and $150 Million Loss
July saw a milestone in Brazil when an attack hit the infrastructure connected to PIX and the central bank via C&M Software, a provider enabling technical connection for financial institutions. The incident reportedly resulted in nearly $150 million loss due to fraudulent transfers using compromised credentials, impacting at least six institutions.
Petrobras and Focus on Critical Infrastructure
In November, the Everest group claimed a ransomware attack on Petrobras, reportedly exfiltrating over 90 GB of sensitive industry information (including coordinates and technical reports). Petrobras denied it was a security incident in its systems.
184 Million Credentials: Fuel for Modern Fraud
Another case summarizing the economics of cybercrime was the discovery of a public database containing over 184 million credentials linked to global services (Google, Apple, Facebook, among others) and access to banks and government portals. The strongest hypothesis cited in the report suggests these credentials originated from infostealers, malware that steals credentials directly from browsers.
European Airports: Ransomware Against a Supplier and Operational Chaos
In September, European airports like Brussels, Heathrow, and Berlin experienced massive disruptions in check-in, boarding, and baggage handling. The cause was confirmed as ransomware targeting ARINC cMUSE, critical Collins Aerospace (RTX) software. The impact included cancellations (over half of scheduled flights were canceled in Brussels) and manual process migration for several days.
Ransomware, AI, and Regulatory Pressure
The 2025 balance revealed a data point synthesizing a moment where ransomware attacks increased by 37% globally, representing 44% of cybersecurity breaches.
Simultaneously, AI became the accelerator for both sides. A Kaspersky document on 2026 risks warns that deepfakes and synthetic audio elevate fraud and impersonation, even suggesting that 72% of Mexicans are unaware of deepfakes, increasing vulnerability to more convincing deceptions.
The document also posits that AI will reduce response times and elevate the “professionalization” of each attack phase, making operations faster and harder to trace.
Conclusion
The major cyberattacks of 2025 weren’t just about their size but also their mechanics. Stolen credentials, suppliers as entry points, misconfigured systems, and the convergence of operational disruption and information leaks characterized these incidents. Mexico experienced cases reflecting this reality (ransomware on suppliers to public institution leaks), while the world demonstrated how a single incident could empty financial reserves, halt airports, or disrupt supply chains.
