South Korean e-commerce giant Coupang has confirmed a massive data breach exposing the personal information of 33.7 million customers. The incident, which began in June 2025, is one of the largest in the nation's history and is linked to a former employee's active credentials.
Abu Dhabi-based Kingpin has secured US$3.5 million in seed funding to scale its AI-native SaaS platform for global B2B retail distribution. The investment will fuel expansion into Europe and North America, targeting entrenched inefficiencies in wholesale trade with intelligent automation.
A series of cyber attacks on Australian defence supply chain contractors has exposed sensitive material relating to major weapons programs, including the Redback infantry fighting vehicle.
Cybercrime now targets people, not just systems. Chapter 1 exposes how hackers exploited human error at Marks and Spencer, triggering a £300 million breach. As AI adoption rises, trust and identity become the new battlegrounds—and our greatest vulnerability.
This article marks the start of a 10-chapter investigative series on the rise of AI-powered cybercrime and its global economic impact.
In 2025, the world faces more than just a surge in cybercrime — it is enduring a digital siege. From ransomware hitting critical infrastructure to AI-generated phishing campaigns hijacking industries, cyber threats have become a coordinated war on economic stability. At the center is artificial intelligence, now a weapon reshaping global conflict.
The Digital Siege investigates how AI, human error, and geopolitical agendas are converging to redefine cybercrime as a tool of economic disruption and statecraft. Drawing on expert insights from IBM, Gartner, Verizon, Barclays and others, this series explores the architecture of a crisis spanning boardrooms, supply chains, and entire nations.
We begin with the most vulnerable target — not systems, but people.
The story of modern cybercrime begins not with sophisticated technology, but with a fundamental vulnerability that no firewall can protect: human trust. The recent attack on Marks and Spencer revealed how cyber criminals are now breaching people rather than systems, turning human instinct into their most effective weapon.
"We took our online system down ourselves to protect the website and customers,"
Stuart Machin, M&S Chief Executive, told reporters in May 2025, describing the aftermath of what would become Britain's most expensive cyber attack. The £300 million impact—equivalent to one-third of the retailer's annual profit—stemmed not from a technological breakthrough by hackers, but from what Machin described as "human error" at a third-party supplier.
The attack, attributed to the notorious English-speaking hacker group Scattered Spider, employed social engineering techniques that exploited human psychology rather than technological vulnerabilities.
This represents a fundamental shift in cybercriminal methodology, one that IBM's Global Managing Partner for Cybersecurity Services, Mark Hughes, captures succinctly:
"Cybercriminals are most often breaking in without breaking anything – capitalizing on identity and access management gaps proliferating from complex hybrid cloud environments. Compromised credentials offer attackers multiple potential entry points with effectively no risk".
The M&S incident is far from isolated. According to the Verizon Data Breach Investigations Report 2025, human elements remain involved in approximately 60% of all breaches, while third-party involvement has doubled from 15% to 30% in just one year. This dramatic increase in supply chain vulnerabilities reflects a systematic exploitation of trust relationships that bind the global economy together.
The financial implications extend far beyond immediate remediation costs. Research from Barclays suggests that 82% of businesses facing ransomware attacks ultimately pay the ransom, despite public statements to the contrary.
Lisa Forte from cybersecurity firm Red Goat observes,
"If the data never gets dumped, there's a high chance a ransom was paid".
This creates a perverse economic incentive structure where criminal enterprises can rely on predictable revenue streams from their attacks.
The human error factor is compounded by the rapid adoption of generative AI tools in corporate environments. The Verizon report reveals that 15% of employees routinely access GenAI systems on their corporate devices, with 72% using non-corporate emails as account identifiers and 17% using corporate emails without integrated authentication systems. This represents what cybersecurity experts term the "AI Security Paradox"—the same properties that make generative AI valuable also create unique security vulnerabilities that traditional frameworks cannot address.
According to Gartner’s Q3 2024 Emerging Risks Report,
“AI-enhanced malicious attacks are the top emerging risk for enterprises in the third quarter of 2024.”
This aligns with growing concern in high-risk industries like manufacturing, where the integration of AI into both IT and OT systems has expanded the potential for exploitation. As adversaries increasingly automate and personalize attacks, businesses face longer containment times, greater regulatory scrutiny, and rising pressure to reassess their risk exposure.
The median time to remediate leaked secrets discovered in GitHub repositories has reached 94 days, according to Verizon's analysis.
This extended exposure window provides ample opportunity for sophisticated threat actors to establish persistent access and conduct reconnaissance before launching their primary attacks. As we examine these human vulnerabilities, it becomes clear that the traditional approach of treating cybersecurity as a purely technological challenge is fundamentally flawed.
The next chapter will explore how artificial intelligence has not only amplified these human vulnerabilities but has also created entirely new categories of threats that exploit the intersection of human psychology and machine learning capabilities.
A wave of cyber attacks disrupted Australia’s defence and industry sectors, as confidential military data and industrial networks were exposed by state backed and criminal groups. ASIO’s director warns these persistent threats now demand urgent, coordinated cyber security action.
Deeto has raised $12.5M to scale its AI-powered platform that turns customer stories into targeted proof across sales and marketing channels. As traditional tactics lose impact, Deeto helps teams earn trust earlier, influence decisions, and speed up the sales cycle.
Kmart’s facial recognition breach exposes more than a privacy violation. This extended analysis unpacks Wesfarmers’ compliance failures, the identity risks of biometric data, and how retail surveillance linking with social media could erode consumer trust.
Microsoft 365 remains healthcare’s weakest security link, with breaches rising from 43% in 2024 to 52% in mid-2025. Patient data exposure, soaring costs, and AI-driven cyberattacks in Australia highlight urgent gaps. Policymakers face mounting pressure to safeguard data sovereignty.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
