TL;DR: Recent cyber attacks more than doubled in 2025, while U.S. cybercrime losses reached nearly $21 billion and incidents increasingly targeted trusted tools, OT devices, telecoms, and supply chains, according to Secureframe’s review of recent attacks and cited government and industry reporting. The pattern is clear: resilience now depends on controlling trust relationships, not just defending perimeter entry.
NHIMG editorial — based on content published by Secureframe: 30 Recent Cyber Attacks & What They Tell Us About the Future of Cybersecurity
By the numbers:
- Cyber attacks more than doubled in 2025, with Health-ISAC’s 2025 Fourth Quarter Health Sector Heartbeat reporting a 55% year-over-year increase in cyber incidents.
- In the first quarter of 2025, the US experienced a 136% surge in advanced persistent threat attacks.
Questions worth separating out
Q: What breaks when trusted tools or vendors have more access than they need?
A: When trusted tools or vendors have excessive access, a single compromise can become a high-trust internal breach rather than a contained external event.
Q: Why do recent attacks keep targeting suppliers, automation, and operational systems?
A: They target those paths because they already carry legitimacy, privileged access, and business dependence.
Q: How can organisations tell whether their zero trust programme is actually reducing attack impact?
A: A zero trust programme is working when a compromised account, device, or tool cannot easily move beyond its assigned role.
Practitioner guidance
- Audit trusted automation paths Identify every build pipeline, scanner, GitHub Action, orchestration job, and managed integration that can read secrets or call production APIs.
- Map third-party access to business-critical systems Create an inventory of vendors, service providers, and outsourced tools that can reach production, OT, or sensitive communications environments.
- Harden OT and internet-facing operational systems Place explicit authentication, segmentation, and monitoring controls in front of remote OT access and administrative interfaces.
What's in the full article
Secureframe’s full article covers the operational detail this post intentionally leaves for the source:
- Per-incident breakdowns of attack impact across healthcare, telecoms, OT, and supply-chain environments.
- Source-linked examples of how adversaries used trusted tools, vendor access, and automation to spread.
- The article’s own remediation and compliance framing for CMMC, zero trust, and incident response.
- A broader 2023 to 2026 timeline showing how attacker tactics and sector targeting have shifted over time.
👉 Read Secureframe’s analysis of 30 recent cyber attacks and emerging threat patterns →
Recent cyber attacks and the governance gap teams are missing?
Explore further
Trusted authority is now part of the attack surface: Recent attacks show that defenders can no longer treat trusted tooling, managed services, and supplier access as neutral infrastructure. When a tool can run with real permissions, it can also be abused with real consequences. That shifts governance from perimeter defense to delegated authority control, and practitioners should review which systems currently operate with that trust.
A question worth separating out:
Q: Who is accountable when a trusted integration or supplier causes a breach?
A: Accountability sits with the organisation that granted the access and failed to govern its lifecycle, not only with the outside party that misused it. Frameworks such as NIST CSF and NIST SP 800-53 expect organisations to control access, monitor activity, and manage third-party risk. The governance lesson is that delegated trust always needs an owner.
👉 Read our full editorial: Recent cyber attacks show supply chain trust is now the attack surface