Year in Review 2025: The major headlines and moments from Sophos this year

As we kick off 2026, Sophos wanted to look back on 2025 and celebrate a year marked by bold innovation, rapid around-the-clock threat response, and relentlessly protecting our 600,000+ customers.

It was a time of positive change, growth, and innovation as we navigated the rapidly evolving cybersecurity landscape. Sophos stood at the front lines — our threat researchers monitored shifting geopolitical dynamics, exposed state-sponsored attacks, and helped businesses of all sizes stay protected.To mark the year, we’ve curated some of our most impactful stories, headlines, and research highlights. Prefer to watch instead? Check out the video version here.

Of course, this is just a glimpse of everything we accomplished together. For the latest updates on Sophos security research, product news, and more, visit the Sophos Newsroom or follow us on LinkedIn.

• January: The Sophos MDR team uncovers two ransomware campaigns exploiting Microsoft 365 tools through email bombing and Teams-based vishing. The campaigns highlight a growing trend of social engineering attacks targeting collaboration platforms.
• February: Sophos officially completes its acquisition of Secureworks, accelerating the company’s mission to deliver cybersecurity products and services that solve the most critical problems for organizations of all sizes amid persistent and constantly changing cyberattacks.
• Also in February: The new Sophos AI Assistant is launched, guiding security professionals of all skill levels through each stage of a case investigation, maximizing efficiency to identify and neutralize threats fast.
• March: Sophos is rated the No. 1 overall Firewall, MDR, and EDR solution in the G2 Spring 2025 reports.
• April: The Sophos Active Adversary and Annual Threat reports reveal ransomware as the top threat to SMBs, driven by credential theft, MFA phishing, and social engineering. Attackers increasingly exploit remote services and living-off-the-land techniques, with median dwell time now just two days. Both reports stress the need for proactive monitoring, MFA, and rapid patching to counter evolving threats.
• May: New analyst response actions for Microsoft 365 are added to Sophos MDR and Sophos XDR, enabling rapid containment of threats through capabilities like blocking user sign-ins, terminating active sessions, and disabling malicious inbox rules to better protect against account takeover and email compromise attacks.
• June: The 2025 Sophos State of Ransomware report shows ransomware remains a major threat, with exploited vulnerabilities as the leading attack vector. Nearly half of the victims still paid ransoms, though median payments fell to around $1 million. Recovery costs and times improved, yet attacks continue to cause significant stress and staffing challenges for IT teams.
• July: Industry leaders highlight Sophos, with the company earning top industry recognition across our broad range of solutions. Highlights include leadership positions in major analyst reports, the No. 1 firewall ranking on G2, AAA ratings for endpoint protection, and multiple awards for innovation and excellence. This was the 16^th time in a row that Sophos was named a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP).
• August: Two new email security offerings — Sophos Email Monitoring System (EMS) and Sophos DMARC Manager — are released alongside enhancements Sophos' MDR-optimized email security solution, aimed at improving threat detection, compliance, and integration with broader security operations.
• Also in August: Sophos unveils its new logo and branding, offering a clean, modern, and energetic representation of the company, and the superior outcomes we create for our customers and partners.
• September: Sophos Endpoint becomes natively integrated and automatically included in all Taegis Extended Detection and Response (XDR) and Taegis Managed Detection and Response (MDR) subscriptions. This gives customers immediate access to combined prevention, detection, and response capabilities in a single platform, while lowering costs and simplifying operations.
• October: Sophos introduces Sophos Identity Threat Detection and Response (ITDR) — a powerful new solution that prevents identity-based attacks by continuously monitoring your environment for identity risks and misconfigurations and providing dark web intelligence on compromised credentials.
• Also in October: Sophos launches its new Advisory Services portfolio, providing proactive security testing services that deliver expert, independent assessment of your cyber defenses and recommendations for improvement.
• November: New integrations embed Sophos Intelix cyber threat intelligence directly into Microsoft Security Copilot and Microsoft 365 Copilot — as well as the broader Microsoft Copilot ecosystem. This gives organizations real-time access to enriched threat context, automated triage, and reputation lookups within AI-powered security and productivity tools, helping security personnel at companies large and small respond more quickly and effectively.
• December: This year saw two major Firewall releases with one in June introducing NDR Essentials on Sophos Firewall — a first in the industry — enabling greater detections of active adversaries on the network. Then in December, Sophos Firewall v22 introduces “Secure by Design” upgrades like a hardened Linux kernel and containerized services for stronger security. The release also adds a new Health Check tool to help admins validate configurations against best practices and CIS benchmarks.
• Also in December: Sophos achieves its strongest-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation, with 100% detection coverage.

As we look ahead to 2026, our mission remains clear: to deliver smarter, stronger, and more adaptive cybersecurity for every organization. Thank you for trusting Sophos to protect what matters most — we’re excited to continue innovating together in the year ahead.