2025 Cyber Incidents and the Security Lessons for 2026

The cyber incidents of 2025 made one reality clear: modern breaches are driven less by broken controls and more by abused trust. In this session, we will examine the most consequential attacks and the reverberations from threat actor activity over the past year, translating real-world incidents into practical lessons for Managed Service Providers and security teams.

Attendees will gain insight into how attackers leveraged credentials, SaaS platforms, third-party relationships, and rapidly weaponized vulnerabilities to create outsized business impact—often faster than defenders could respond.

Attendees will hear an overview of the attacks and vulnerabilities that shaped 2025, including:

• 16B Credential Megaleak: How mass exposure of stolen credentials fueled widespread identity takeover and accelerated access across cloud and SaaS environments.
• MGM & Clorox: How identity-based attacks led to operational shutdowns, regulatory scrutiny, and lasting legal and financial consequences.
• Covenant Health: How delayed containment in a healthcare environment translated directly into service disruption and patient care impact.
• Salesforce Third Party Ecosystem Breach: How attackers abused trusted SaaS access and OAuth relationships to bypass traditional security controls.
• Allianz: How third-party and identity-driven exposure amplified breach impact across interconnected systems.
• ToolShell Exploitation: How attackers weaponized newly disclosed vulnerabilities at scale, collapsing the window between disclosure and exploitation.

The session concludes with a forward-looking discussion on how organizations can reduce risk moving into 2026 by centralizing visibility, accelerating response, and focusing on identity, SaaS, and trust revocation as core security priorities.