How many cybersecurity events occurred in the week of September 15-22, 2025?

During the week of September 15-22, 2025, there were a total of 33 cybersecurity events: 14 advisory/vulnerability events and 19 incident/data breach events.

How did cybersecurity incidents change compared to the previous week?

Comparing week 38 to week 37 of 2025: Advisories increased from 13 to 14 (up by 1), while incidents decreased from 26 to 19 (down by 7). However, the number of impacted individuals increased significantly from 520,000 to 9.145 million.

What was the largest data breach of the week and how many people were affected?

The largest breach was the Shiny Hunters ransomware gang's claimed breach of Kering's Luxury Brands, which exposed data of 7,400,000 individuals. Overall, 9,145,640 individuals were impacted across 7 incidents during the week.

What were the most common causes of cybersecurity incidents this week?

The top causes of incidents were: Malware, Ransomware and Related Attacks (5 incidents), Unauthorized access (3 incidents), followed by Third Party Compromise, Social Engineering and Phishing, and Human bad security behavior (2 incidents each).

Which industry was most affected by cybersecurity incidents?

Healthcare was the most affected industry with 7 incidents, followed by IT/Software/Technology and Finance with 2 incidents each. Other affected industries included Food and Beverage, Government, Insurance, Automotive, Retail, Aviation, and Consulting/Professional Services with 1 incident each.

What types of critical vulnerabilities were reported this week?

Critical vulnerabilities were reported in various systems including Apple iOS/macOS updates, WordPress plugins, Apache HTTP Server, Nokia management platforms, FlowiseAI, Kubernetes tools, Google Chrome (with one actively exploited), and multiple enterprise systems like WatchGuard Firebox and Fortra's GoAnywhere MFT.

What major ransomware attacks occurred during this week?

Major ransomware attacks included: Shiny Hunters gang's breach of Kering's Luxury Brands (7.4M affected), Goshen Medical Center attack (456,385 patients affected), Medical Associates of Brevard hit by BianLian ransomware (246,711 patients), Everest gang's claimed breach of BMW, and attacks on Family & Community Services and SonicWall MySonicWall platform.

Were there any notable breaches in the financial or technology sectors?

Yes, notable breaches included: Former FinWise Bank employee breaching data of 689,000 customers, Google confirming a breach of their Law Enforcement Request System with a fraudulent account created, and an arrested hacker claiming Scattered Spider gang breached Crypto.com (though this incident was not officially reported).

What was the most critical vulnerability discovered recently in Microsoft's cloud services?

Microsoft reclassified a critical vulnerability in Entra ID (CVE-2025-55241) with a maximum CVSS score of 10.0 that could have compromised virtually every tenant globally. Discovered by Dutch researcher Dirk-jan Mollema in July 2025, the flaw involved undocumented 'Actor tokens' and a validation issue in the Azure AD Graph API. Attackers could bypass MFA, Conditional Access, and logging while achieving full tenant compromise. Microsoft fixed the issue within 3 days of reporting (July 14-17, 2025) with no evidence of exploitation in the wild.

What recent ransomware attack affected a government entity and what sensitive data was compromised?

The Lorain County Board of Commissioners in Ohio reported a ransomware attack discovered on May 23, 2025, claimed by the Global ransomware gang. The attack compromised sensitive financial information including Social Security numbers, bank account numbers, and routing numbers of county employees and vendors. The breach primarily impacted files in the County Auditor's Office, though other departments also reported issues. The ransomware group threatened to release stolen data unless ransom demands were met, claiming possession of 'lots of private information, bank accounts and more.'

What critical vulnerability was discovered in SolarWinds Web Help Desk and why is it particularly concerning?

SolarWinds patched CVE-2025-26399 (CVSS score 9.8), a critical unauthenticated remote code execution vulnerability in Web Help Desk that allows attackers to execute arbitrary commands with SYSTEM privileges without authentication. This flaw is particularly concerning because it represents the third iteration of attempts to fix the same underlying security issue - it's a patch bypass of CVE-2024-28988, which was itself a bypass of CVE-2024-28986 originally addressed in August 2024. All versions up to 12.8.7 are affected, requiring upgrade to version 12.8.7 Hotfix 1 (HF1). While not currently exploited in the wild, security experts warn of high likelihood of future exploitation attempts.

What security incident affected the 'Cancel the Hate' app and what user data was exposed?

The 'Cancel the Hate' app, launched by conservative activist Jason Sheppard on September 10, 2025, for anonymously reporting critics of Charlie Kirk, suffered a data breach discovered by security researcher 'BobDaHacker.' The vulnerability exposed user data despite privacy settings, affecting email addresses, phone numbers, profile information, and account credentials of at least 142 users. The flaw also allowed unauthorized account deletions. Developed by DreamTeam Development LLC, the app was taken offline within hours of the security disclosure by Straight Arrow News. Neither the developers nor the organization responded to inquiries about the vulnerabilities.

Incident

Researcher reports vulnerability exposing user data in the "Cancel the Hate" App

published: Sept. 23, 2025

Learn More

The "Cancel the Hate" app, designed for anonymously reporting individuals critical of conservative activist Charlie Kirk, is reported to have a vulnerability that exposed sensitive personal information of its users. The flaw was reported by Straight Arrow News after being discovered by a security researcher identifying himself as "BobDaHacker".

Cancel the Hate was launched by conservative activist Jason Sheppard on September 10, 2025. The platform aimed to "hold individuals accountable for their public words" by allowing users to submit reports on alleged offenders who had criticized Kirk, including their names, locations, and employers.

"BobDaHacker," found that the app was exposing user data even when privacy settings were configured to keep information hidden. The vulnerability affected the social media-style app component that was launched alongside the main reporting website, allowing for the extraction of personal details that users believed were protected.

Exposed data types include:

Email addresses
Phone numbers
Profile information
Account credentials

The security researcher provided Straight Arrow News with a sample dataset containing information from 142 affected users. BobDaHacker also showed that the security flaw allowed unauthorized deletion of user accounts, successfully removing Straight Arrow News' test account during their investigation.

The app was developed by DreamTeam Development, LLC, which did not respond to inquiries from Straight Arrow News regarding the security vulnerabilities. Similarly, Jason Sheppard and the Cancel the Hate organization did not respond to multiple contact attempts through their website's contact form, phone calls, and email messages.

Following the discovery and reporting of the data breach, the webpage hosting the app was taken offline within hours of Straight Arrow News' initial inquiry. The news organization was able to obtain a copy of the app and establish a test account before it was removed, allowing them to verify the researcher's claims and document the security flaws.

The incident raised concerns among affected users, with one individual contacted by Straight Arrow News expressing fears that Cancel the Hate might be a "scam" after receiving an influx of donation requests to their compromised email address.

Researcher reports vulnerability exposing user data in the "Cancel the Hate" App

Read More
Balancer DeFi protocol hit by $128 Million exploit
Lynx ransomware group claims breach of Regis Resources …
RansomHub ransomware group targets Minnesota's Lower Sioux Indian …
Harvard University investigates data breach linked to critical …
Dating platform Coffee Meets Bagel impacted by cyberattack …