Cybersecurity Insights from Q3 2025

Hey there,

Hope you are doing well.

Here are some key IT, OT, AI - Cybersecurity insights from Q3 2025 related to:

• ✍️ Cybersecurity M&As, fundings, and Start-ups.

• ‼️ Cyber Incidents, Ransomware Attacks & Data breaches.

• 📘 Notable Updates - Guidance, Standards & Regulations!.

• 📘 Artificial Intelligence (AI), Guidance & Regulations.

• ↪️ How CISO’s role is evolving in Q3 2025.

• ↪️ References used.

Hop on to the section that interest you more.

Why read this? Lots have happened in Q3 2025. Consider this as condensed summary of events across the security industry.

If you're seeking insights on any of the above topics, I hope you'll find some valuable information that can shorten your search quest.

In case you missed previous quarterly updates you’ll find it here → Q2 2025 and Q1 2025.

But before we begin, do me a favour and make sure you “Subscribe” to let me know that you care and keep me motivated to publish more. Thanks!

Ready? let’s dig in.

Yours truly.

— Yousuf.

♻️if you know someone in your professional circle who will benefit from these resources and interested in learning. Thanks 🌟

Together with (Sponsor):

Free, private email that puts your privacy first

Proton Mail’s free plan keeps your inbox private and secure—no ads, no data mining. Built by privacy experts, it gives you real protection with no strings attached.

Get free private email

Cybersecurity Fundings, Start-ups and M&As

According to pinpoint search group Q3 2025 Cybersecurity Vendor Transaction Report; a total of 121 cybersecurity transactions were recorded, including 95 funding rounds, 25 mergers & acquisitions (M&A) events and 1 IPO.

A total of $2.9 billion was raised across the 73 funding rounds tracked.

Cybersecurity investments surged by 37% in Q3 2025 compared to Q3 2024 — a strong sign of market confidence and acceleration in innovation.

Funding Overview

In Q3 2025, cybersecurity investment saw its second consecutive quarter of year-over-year growth, indicating a focus on early-stage innovation and platform consolidation.

Early-stage start-ups (Seed and Series-A) led the funding landscape (remaining strong in areas like AI/LLM security and fraud prevention), accounting for 69% of all funding rounds in Q3 2025. Six raises exceeded $100M, including ID.me ($340M) and Ontic ($230M), accounting for 38% of all capital deployed in Q3.

Although late-stage deals are scarce, investors are making fewer, larger bets on vendors with traction and technical differentiation.

Cybersecurity funding in 2025 has reached $9.4 billion year-to-date, a 20% increase over the same period in 2024, highlighting market resilience amid macro pressures and shifting buyer priorities.

M&A Activity & Strategic Movement

The quarter’s 25 M&A events included some of the year’s most notable transactions:

• Identity: Palo Alto Networks acquired CyberArk for $25B

• OT Security: Mitsubishi Electric acquired Nozomi for $1B (here’s my analysis - Biggest OT Security Acquisition Ever & Market Shakeup Explained)

• AI/LLM: F5 picked up CalypsoAI for $180M

• Data & AI/LLM: SentinelOne acquired - Prompt Security & Observo AI

• AI/LLM & Threat Intel: CrowdStrike added Pangea & Onum to its platform

• Security Services: Accenture bought CyberCX for $649M

• MSSP: LevelBlue (AT&T Cybersecurity) acquires Trustwave for unknown amount.

Also, in another major move Netskope (SASE) file for IPO for undisclosed amount. Here’s A deep dive into Netskope's past, present, and future as a public company - a great piece written by Cole Grolmus, Francis Odum & CJ Gustafson.

Most of these M&A are focused around GRC, AI/LLM, Data, Email, Vulnerability, Appsec, Fraud, detection/response and other categories.

These deals highlight a drive towards consolidation in platforms, focusing on AI-driven risk scoring, observability, and vertical specialization. AI remains central in M&A and GTM discussions.

Market Insights

Despite rising total investment, security budgets remained under pressure.

An IANS Research survey shows cybersecurity budget growth rates at a five-year low, with median increases dropping to 4.5% in 2025. (eSecurity Planet).

The gap between slowing budget growth and rising total spend indicates a focus on fewer vendors, with CISOs prioritizing platform consolidation and ROI.

Global cybersecurity spending is projected to reach $213 billion in 2025, driven by compliance, insurance, and operational needs. (Security Boulevard).

A Tenable + ESG study shows security leaders are re-evaluating risk priorities and vendor strategies, emphasizing measurable controls and reducing tool overlap. (Security Boulevard).

Meanwhile, cybersecurity risk has surged to the top of the boardroom agenda with a global survey of business leaders ranking cyber risk as the #1 threat to their organization in 2025 (CySecurity News).

Here’s another interesting summary on Cybersecurity Market Review Q3 2025 by Altitude Cyber.

What’s coming?

In 2025 & beyond, cybersecurity companies are expected to receive more funding than in recent years, especially those that are just starting out and have strong teams, as well as those that help save costs or use AI effectively.

As we move into the last quarter of 2025, investors will be more careful in choosing where to put their money, focusing on how well companies can sell their products and ensuring spending aligns with company goals.

Cyber Incidents, Ransomware Attacks & Data breaches 

The trend of significant cyber incidents, ransomware attacks and data breaches in Q3 2025 continued to rise throughout the quarter, with some major attacks and incidents causing business and supply chain disruptions of massive proportion, emphasizing the ongoing cybersecurity challenges faced by organizations.

These incidents/attacks/breaches are spread across multiple industry sectors. Some e.g. below.

Security/Tech:

Some major tech/security vendors came under spotlight on incidents and data breaches:

• F5 says hackers stole undisclosed BIG-IP flaws, source code, attributed to threat actor cluster UNC5221 (also tied to the BRICKSTORM backdoor).

• Starting mid-July 2025, Akira ransomware targeted organizations (Various companies like Hitachi Vantara, Nissan Australia, Stanford Uni., etc.) using SonicWall Gen 7 firewalls with SSL VPN enabled. Initially suspected as a zero-day exploit, the attacks were traced to the known CVE-2024-40766 vulnerability related to password handling during migration from Gen 6 to Gen 7. Despite MFA, firms faced rapid compromise, prompting urgent mitigations, though no specific threat actor group beyond Akira affiliates has been named. In another instance, SonicWall has confirmed a breach of its MySonicWall portal, exposing firewall configuration backup files for certain customers.

• Zscaler data breach exposes customer info after Salesloft Drift compromise by attributed to threat actor UNC6395,

• Palo Alto Networks suffered a data breach when attackers used compromised OAuth tokens from the Salesloft Drift incident to access its Salesforce instance, exposing sensitive customer data and support cases. This was part of a larger supply-chain attack affecting multiple organizations.

• Cloudflare hit by data breach in Salesloft Drift supply chain attack, attributed to ShinyHunters according to bleepingcomputer. SaaS giant Workiva, was impacted by the same group for same supply chain attack.

• ShinyHunters claims to have stolen over 1.5 billion Salesforce records from 760 companies by exploiting compromised Salesloft Drift OAuth tokens, which were obtained after breaching Salesloft's GitHub repository using the TruffleHog tool to scan for secrets.

• The "S1ngularity" supply chain attack compromised 2,180 GitHub accounts and 7,200 repositories by exploiting a vulnerable GitHub Actions workflow in the Nx build system; attackers deployed AI-powered malware ('telemetry.js') via malicious npm packages, harvesting credentials such as GitHub tokens, npm keys, SSH keys, and cryptocurrency wallets, and exfiltrating them to public GitHub repositories named "s1ngularity-repository".

• In September 2025, attackers hijacked npm maintainer Josh Junon's account via a phishing campaign impersonating npm support, injecting malware into widely used packages like chalk-template and has-ansi, which collectively had over 2.6 billion weekly downloads; this supply chain attack disrupted approximately 10% of all cloud environments, but the threat actor has not been publicly identified.

• The exploitation of zero-day "ToolShell" flaws in Microsoft SharePoint led to compromises of organisations across four continents — including U.S. agencies NNSA, HHS, and DHS. Attributed to groups Linen Typhoon, Violet Typhoon, and Storm-2603.

• A cyber attack compromised Discord's third-party customer service provider, exposing sensitive information of an undisclosed number of users who had interacted with Discord's Customer Support or Trust & Safety teams. The breach exposed approx. 70,000 users’.

• In January 2025, New York-based venture capital firm Insight Partners suffered a ransomware attack through a sophisticated social engineering campaign, leading to the theft of sensitive data, including banking, tax, and personal information of employees, limited partners, and portfolio companies.

Manufacturing / Industrial Sector:

major impact on Jaguar Land Rover, Volkswagen, Asahi’s, Bridgestone production facilities. Lesson: manufacturing & supply-chain operations remain high-impact targets.

• Pakistan Petroleum Limited had a ransomware attempt by the Blue Locker group, suspending select non-critical services to contain the threat, and safeguarding critical systems and sensitive data.

• Nissan confirmed that hackers from the Qilin ransomware group had breached its subsidiary Creative Box Inc. in mid-August 2025—exfiltrating four terabytes of proprietary assets such as 3D vehicle design models, internal reports, financial documents, VR workflows, and photos.

• Qilin-linked attack on Asahi Group (late Sep). A ransomware/extortion claim tied to Qilin impacted Asahi’s production briefly and reportedly involved data theft (files claimed ~27GB). This was widely reported in late September.

• Jaguar Land Rover (JLR) - A cyberattack by "Scattered Lapsus$ Hunters" disrupted production and retail operations for more than four weeks. Initially, customer data was thought safe, but later investigations confirmed data theft. Probably the most significant of all and talked about.

• Bridgestone confirmed a cyber attack disrupted operations at its North American manufacturing facilities in South Carolina and Quebec in early September 2025.

• Volkswagen Group France experienced a ransomware attack attributed to the cybercriminal group Qilin, who claimed to have stolen approximately 150 GB of sensitive data, including personal information of vehicle owners, detailed vehicle data, and internal documents.

• Aussie Fluid Power confirms security incident following ransomware claims by Anubis Ransomware Group. An unauthorised access by a third party to a limited number of its IT systems resulted in the compromise of “certain employee, customer and supplier information”.

• Dairy Farmers of America confirmed a ransomware attack in June 2025, claiming there was no evidence of misuse of the exposed employee data. Play ransomware gang claimed responsibility of stealing sensitive company and employee information before leaking it online.

Aviation:

• Around 19-21 September 2025, a cyber-related disruption affected major European airports, including London Heathrow and Berlin Brandenburg, by crippling passenger check-in, baggage handling, and boarding systems. The issue originated from a compromise of Collins Aerospace’s MUSE software, essential for airport operations. The root cause, confirmed by ENISA, was a ransomware attack (by HardBit Ransomware Group) on a third-party vendor, showing how one software failure can lead to widespread operational chaos.

• The cyber attack on Envoy Air, American Airlines' largest regional carrier, occurred in recent days prior to October 17, 2025, as part of a widespread extortion campaign exploiting vulnerabilities in Oracle's E-Business Suite applications. The attack was attributed to the cybercriminal group CL0P.

Retail:

• Auchan retailer data breach impacts hundreds of thousands of customers.

• The cyber attack on Mango, the global fashion retailer, caused compromise of one of its external marketing service providers, exposing customer contact information

Healthcare:

• Heywood Hospital and Athol Hospital had cyber breach incident.

• Kido nursery chain (childcare provider operating 18 nurseries in Greater London) was breached — including sensitive child photos & records stolen (reported late Sep) by a ransomware group known as Radiant. Attackers claimed photos/data of ~8,000 children; regulators & police investigations followed. A reminder that even small/medium consumer-facing orgs hold sensitive PII that makes them targets.

• Levi & Korsinsky, LLP Investigates Radiologic Medical Services Data Breach. A compromised of personal and health information of 56,902 individuals.

Ransomware & extortion volume stayed high. Q3 trackers recorded thousands of ransomware/digital-extortion incidents globally (ZeroFox observed ~1,429 incidents in Q3 — a slight increase from Q2). The pattern: continuing double/extortion and targeted disruption of operations.

Sectoral lessons: Manufacturing, education, health & smaller supply-chain vendors repeatedly showed as high-impact victims — underlines importance of segmentation, backups, vendor risk management, and OT/ICS protective controls. (Aggregated by incident reports).

Sources includes: Bleepingcomputer, SecurityAffairs, infosecuritymagzine, theguradian and many other internet sources.

Together with (Sponsor):

Turn AI Into Your Income Stream

The AI economy is booming, and smart entrepreneurs are already profiting. Subscribe to Mindstream and get instant access to 200+ proven strategies to monetize AI tools like ChatGPT, Midjourney, and more. From content creation to automation services, discover actionable ways to build your AI-powered income. No coding required, just practical strategies that work.

Subscribe to Get Your Free Guide

Updates - Guidance, Standards & Regulations!

Here are some of the updates on regulations and standards in the cybersecurity field from Q3 2025. (Note: No major regulatory updates were reported in Q3 2025 sources - except what is covered in the AI section below). Focus retained to existing frameworks and emergent best practices).

• New OT Security Guidance 

  • Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators - to strengthen cybersecurity defenses across critical infrastructure sectors. A joint guidance released by CISA | EPA | NSA | FBI | ASD’s ACSC | Cyber Centre | BSI | NCSC-NL | NCSC-NZ.

  • Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture - defines how cybersecurity professionals working in OT organizations across greenfield and brownfield deployments can use their asset inventories and other data sources to establish a continually updated “definitive record” of OT assets. A joint guidance released by CISA, FBI, UKCSC, and other international partners.

• Cybersecurity for EU Member States - The deadline for EU Member States to transpose the NIS2 Directive into national law was in October 2025, with many countries, including Germany and France, advancing their national laws in Q3.

• The European Union Agency for Cybersecurity (ENISA) launched the EU Cybersecurity Reserve, a pool of pre-contracted incident response services for large-scale cyber incidents.

• National/state activity — continued patchwork of AI & cyber laws. Throughout Q3, many countries and U.S. states continued passing domain-specific AI or cybersecurity laws (healthcare, consumer protections). This makes cross-jurisdiction compliance planning essential for vendors and enterprises. (Regulatory trackers & legal recaps).

• Financial & sectoral regulators — Q3 supervisory guidance. Banks and regulated entities saw fresh Q3 guidance and proposed rulemakings around operational resilience, third-party risk and digital operational resiliency (DORA/sectoral flavors), especially where AI/automation are integrated into critical functions.

• Practical takeaways for CISOs: audit AI supply chain, classify AI systems under the EU risk framework, update incident response to include AI/ML failure modes, and prepare for faster reporting obligations for serious incidents involving AI.

Artificial Intelligence (AI) Guidance & Regulations

AI is transforming cybersecurity in Q3 2025 by driving new laws, increasing threat sophistication, and pushing organizations to adopt advanced AI defenses and governance.

In Q3 2025, key updates in AI security and regulation included major enforcement dates for the EU AI Act, new AI Action Plans and executive orders in the United States emphasizing deregulation, and the introduction of new AI transparency and safety laws in California and countries across the Asia-Pacific region.

European Union

• EU AI Act Implementation - The phased implementation of the EU AI Act continued. As of August 2, 2025, obligations for providers of General-Purpose AI (GPAI) models came into effect (guidance published in July and effective in Q3), requiring them to create technical documentation, ensure copyright compliance, and publish a summary of training data. The EU AI Office also became officially operational on this date, coordinating enforcement efforts. According to DLA Piper, this is a major compliance milestone firms must incorporate into vendor contracts and product roadmaps.

• The French data protection authority (CNIL) released comprehensive recommendations on complying with GDPR when developing AI systems, focusing on privacy and security measures.

United States

• Federal Policy Shift - The Trump administration introduced an AI Action Plan and three executive orders in July 2025, which rescinded former President Biden's AI executive order. The new approach emphasizes rapid innovation and deregulation, mandating that federal AI systems be "ideologically neutral" and truth-seeking, and streamlining permits for AI infrastructure.

• U.S. federal posture in Q3 — executive orders & procurement guidance. Summer 2025 saw new executive-level actions and procurement frameworks shaping how federal agencies acquire and assess AI systems — firms selling into government must adjust security, provenance, and explainability evidence. (White House / policy roundups in July–September).

• State-Level Legislation - The U.S. Senate blocked a proposed federal moratorium on state AI laws, preserving states' authority to regulate AI, which has resulted in a patchwork of state-level rules.

• In September 2025, California enacted key legislation, including the Transparency in Frontier Artificial Intelligence Act (SB 53), mandating transparency reports from frontier model developers on risk and cybersecurity. Other laws require AI chatbot safeguards for minors and employee notification when AI influences critical employment decisions.

• Illinois enacted the Wellness and Oversight for Psychological Resources Act in August 2025, strictly limiting the use of AI in therapy to licensed professionals and requiring informed consent.

• Legal Precedents - A Georgia court dismissed a defamation lawsuit against OpenAI, highlighting that strong safeguards and clear warnings can protect against such claims. Anthropic settled for $1.5 billion over using pirated content for AI training, clarifying fair use boundaries.

• Standards activity and voluntary testing frameworks. NIST CAISI and other standards bodies continued Q3 activity on voluntary evaluation, security testing and benchmarking for AI systems — enterprise risk teams should watch these outputs as likely de-facto market requirements.

• AI & security dynamic: Defenders use agentic/assistive AI for detection and response scaling, while attackers employ AI for deepfakes, phishing automation, and payload generation, highlighting the importance of identity/behavioral controls and model-safety testing.

Asia-Pacific

• China - China's Cyberspace Administration (CAC) issued its updated AI Safety Governance Framework 2.0 in September 2025, laying out principles for human oversight and proactive risk management. New rules also require all AI-generated content to carry both explicit and implicit labels.

• Singapore - The Infocomm Media Development Authority (IMDA) launched initiatives in July 2025, including an expanded Global AI Assurance Sandbox to help firms test AI responsibly for risks like data leakage.

• South Korea - The draft enforcement decree of the AI Framework Act was released, outlining design requirements for notifying users of generative and high-impact AI, as well as mandatory labeling of deepfakes.

For more comprehensive coverage checkout the following Global AI Regulations Roundups from Securiti:

• Top Stories of August 2025

• Top Stories of September 2025

• Top Stories of October 2025.

How CISO’s role is evolving in Q3 2025

By Q3 2025, the Chief Information Security Officer (CISO) role is expanding to emphasize strategic communication, stakeholder management, and integrating security into business strategies, while maintaining traditional cybersecurity duties and fostering cyber resilience.

Evolving Responsibilities of the CISO in Q3 2025

Strategic Communication

CISOs must now engage in strategic communication, managing messages during cyber incidents for stakeholders like employees, customers, investors, and regulators. Clear, confident messaging is crucial to maintain trust and protect the company's reputation.

Focus on Cyber Resilience

Cyber resilience is now the top priority for CISOs, focusing on preventing attacks and ensuring quick recovery and continued operations post-incident. They must foster a resilience culture, integrate security into business strategies, and prepare teams for threats.

Integration of AI and Technology

Integrating AI into cybersecurity is crucial. CISOs must oversee secure AI implementation and ensure their organizations adapt to evolving threats, using AI for risk management and automating security tasks.

Leadership and Talent Development

CISOs are taking on leadership roles that combine technical expertise with business acumen, focusing on building cybersecurity teams to tackle threats like ransomware and supply chain attacks, while developing talent to handle emerging challenges.

Budget and Resource Allocation

Organizations are boosting cybersecurity budgets, showing increased awareness of cyber threats. CISOs must align these investments with business strategies to demonstrate how strong security can improve overall performance.

Securing Things Academy: (coming soon)

IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.

Checkout a brief overview below:

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

• 🗞️🗞️[ST # 79] The Digital Factory - Architecture - Part 3 ✅ Industry Reference Architectures, Patterns, implementation examples, security controls and CISOs changing role. [Securing Things by M. Yousuf Faisal] 🗞️🗞️

• 🔐 Building an IT/OT Cybersecurity Strategy Document – A free video guide on where to start drafting one?.

• 🗞️🗞️[ST # 78] IT/OT Cybersecurity Strategy (+AI) ✅ 10 min Video Guide for Strategy Document Construct. Plus more on Challenges & Solutions and Reference Guidance. ✍️ [Securing Things by M. Yousuf Faisal] 🗞️🗞️

• 🗞️🗞️[ST # 77] Biggest OT Security Acquisition Ever & Market Shakeup Explained ✅ The Mitsubishi-Nozomi $1B Deal & Industry Future & Cyber attacks on the rise ✍️ [Securing Things by M. Yousuf Faisal] 🗞️🗞️

• 🗞️🗞️[ST #76] OT Cybersecurity Procurement Process & Practices (OTCS PPP) an ultimate guide - Part 3 (extended) ✅ Q & A Videos addressing common questions & concerns, plus more resources 🚀[Securing Things by M. Yousuf Faisal] 🗞️

• 🎥 Watch the sessions 👇👇👇

  1️⃣ Typical challenges & hurdles in OT Cybersecurity procurement 🎥

  2️⃣ Foundational changes & prerequisites before adoption🎥

  3️⃣ Impact on IT vs OT risk management alignment🎥

  4️⃣ How to verify vendors meet cybersecurity requirements🎥

  5️⃣ Ensuring consistency in specifications, purchasing decisions & agreements🎥.

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.