State of (in)security - Week 1, 2025
Take action: More active infostealer campaigns trying to steal data from your browsers and crypto wallets. Be cautious of phishing attacks, and downloads of "free" versions of VPN tools. Also be careful about "alternative app stores" and direct .apk files that promise some advanced functionality, a premium app or a "free" version of a commercial app. Remember - there is no such thing as free lunch.
Learn More
In the week between Dec. 30, 2024, midnight and Jan. 6, 2025, midnight we witnessed a total of:
- 2 advisory/vulnerability events
- 13 incident/data breach events
Week over Week comparison of week 1 2025 vs week 52 2024:
- Both advisories and incidents are down from the previous week. Advisories are down from 6 in week 52 2024, to 2 in week 1 2025. Incidents are down from 18 in week 52 2024 to 13 in week 1 2025.
- The number of known impacted individuals is almost the same - from 1.822 million in week 52 2024 to 1.997 million in week 1 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 1,997,652 impacted individuals across 4 incidents, with the largest breach being the Online jewelry retailer Glamira breached, account data leaked incident exposing 875,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 4 |
| Denial-of-Service Attacks | 1 |
| System Misconfiguration Exploits | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 2 |
| Finance | 2 |
| Hospitality/Events | 1 |
| IT/Software/Technology | 1 |
| Manufacturing | 1 |
| Non-profit/Charity | 1 |
| Other | 1 |
| Retail | 1 |
| Entertainment/Leisure | 1 |
| Telecommunications | 1 |
| Government | 1 |
Read the Event Details of the Week
Knowledge
- awareness | Attack process - how PLAYFULGHOST Malware is distributed and what it attacks
- active attack | Cloud Atlas hackers use old Office flaws in cyber espionage campaign
- active attack | FireScam malware phishing campaign impersonates RuStore app marketplace
- active exploit | Researchers report active exploitation of flaw in Four-Faith industrial routers
- awareness | SafeBreach publishes PoC exploit for critical Microsoft flaws called LDAPNightmare
Vulnerabilities
- critical vulnerability | Google releases update for Chrome
- ransomware | Tenable plugin update takes down Nessus agents worldwide, similar to CrowdStrike
Incidents
- data breach | VisionPoint Eye Center reports data breach
- data breach | Wonder CPA Firm reports data breach
- data breach | Rivers Casino Philadelphia reports data breach exposing SSNs and Bank Info
- data breach | Youth and Shelter Services, reports malware attack, data breach
- data breach | Event photography business DEPhoto hit by two consecutive data breaches
- data breach | Crown Mortgage Company reports data breach
- data breach | U.S. Treasury Department reports breach, stolen documents by hackers
- data breach | Hackers claim breach of Harley-Davidson, exposing 66K people
- data breach | Ransomware group claims breach Atos database
- data breach | Online jewelry retailer Glamira breached, account data leaked
- data breach | River Region Cardiology Associates reports data breach impacting 500K patients
- ransomware | NTT Docomo hit by DDoS, experiences service disruption
- ransomware | The Fraunhofer Institute for Industrial Engineering reports ransomware attack
