State of (in)security - Week 10, 2025
Take action: If your software vendor sends out an advisory directly to the customers without a CVE, it's very bad. You should start patching immediately. Because the vendor didn't even wait for a CVE to be assigned to the problem, it needs to be fixed now.
Learn More
In the week between March 3, 2025, midnight and March 10, 2025, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 21 incident/data breach events
Week over Week comparison of week 10 2025 vs week 9 2025:
- Advisories and incidents are slightly from the previous week. Advisories are down from 11 in week 9 2025 to 10 in week 10 2025. Incidents are down from 23 in week 10 2025 to 21 in week 10 2025.
- The number of known impacted individuals is back down - from 288 million in week 9 2025 to 16 million in week 10 2025.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 16,045,504 impacted individuals across 4 incidents, with the largest breach being the Mackay Memorial Hospital in Taiwan reports data breach affecting 16.6 Million records incident exposing 16,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 5 |
| Third Party Compromise | 4 |
| Unauthorized access | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Finance | 6 |
| Education | 3 |
| Government | 3 |
| Healthcare | 3 |
| IT/Software/Technology | 2 |
| Telecommunications | 1 |
| Non-profit/Charity | 1 |
| Retail | 1 |
| Consulting/Professional Services | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Active exploitation reported of Hitachi Vantara Pentaho BA Server flaws
- active exploit | CISA warns of active exploitation of end-of-life Cisco RV Routers
Vulnerabilities
- critical vulnerability | Commvault developers warn of critical flaw, urge immediate patching
- critical vulnerability | Critical authentication bypass flaw reported in Perforce Software
- critical vulnerability | Critical authentication bypass vulnerability reported in Apache Pinot
- critical vulnerability | Critical flaw in BigAntSoft BigAnt Server enables unauthenticated remote code execution
- critical vulnerability | Elastic fixes critical prototype pollution flaw in Kibana
- critical vulnerability | Google releases March 2025 Android security update, fixes two actively exploited flaws
- critical vulnerability | Multiple flaws fixed in Keysight Technologies Ixia Vision
- critical vulnerability | VMware patches multiple actively exploited vulnerabilities, at least one critical
- critical vulnerability | WordPress Chaty Pro plugin vulnerable to critical Arbitrary File Upload
- critical vulnerability | ZITADEL Admin API flaw enables IDOR exploit
Incidents
- critical vulnerability | Polish Space Agency (POLSA) hit by cybersecurity incident
- data breach | Bitcointry Exchange reports security breach
- data breach | Birch Medical reports data breach
- data breach | Cybersecurity company Rubrik reports data breach, rotates authentication keys
- data breach | Data breach at Japanese telecom NTT Communications impacts nearly 18K corporate customers
- data breach | Spanish El Corte Inglés department store chain reports third party data breach
- data breach | Hackers leak details of over 10K Israeli registered gun owners
- data breach | Legacy Professionals reports data breach, exposing customer SSNs
- data breach | Transak USA reports data breach exposing over 23K people
- data breach | Scott County health department reports data breach affecting 4,500 people
- data breach | CrossCheck reports data breach
- data breach | Bank of America reports data breach of third party document destruction vendor
- data breach | Alltrust reports data breach exposing Social Security Numbers
- data breach | Chicago Public Schools report data breach exposing student data
- data breach | Lost and Found Software tracking site leaks over 800K records
- data breach | Loyola University Maryland reports data breach exposing names and SSNs
- ransomware | Penn-Harris-Madison schools hit by ransomware attack
- ransomware | Endless Mountains Health Systems impacted by ongoing cyberattack
- ransomware | Mackay Memorial Hospital in Taiwan reports data breach affecting 16.6 Million records
- ransomware | Singapore's HomeTeamNS non-profit hit by ransomware attack
- theft | 1inch DeFi platform loses $5 million in smart contract exploit
