State of (in)security - Week 12, 2025
Take action: If you get an email message from GitHub about security issues, don't click on anything from the email. Visit GitHub, and use the web interface to reset passwords and review OAuth apps via GitHub Settings > Applications. NEVER trust a OAuth app that requests huge permissions. It's a scam. And remember - MFA doesn't protect you from OAuth apps you have approved.
Learn More
In the week between March 17, 2025, midnight and March 24, 2025, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 21 incident/data breach events
Week over Week comparison of week 12 2025 vs week 11 2025:
- Advisories are down and incidents are up from the previous week. Advisories are down from 13 in week 11 2025 to 10 in week 12 2025. Incidents are down from 12 in week 11 2025 to 21 in week 12 2025.
- The number of known impacted individuals is up - from 464 thousand in week 11 2025 to 8.6 million in week 12 2025.
We also shared 6 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 8,693,903 impacted individuals across 9 incidents, with the largest breach being the NYU data breach exposes 3 Million applicants' personal info incident exposing 3,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 4 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
| Third Party Compromise | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| Telecommunications | 3 |
| IT/Software/Technology | 3 |
| Retail | 2 |
| Manufacturing | 1 |
| Non-profit/Charity | 1 |
| Other | 1 |
| Education | 1 |
| Transport/Logistics | 1 |
| Entertainment/Leisure | 1 |
| Finance | 1 |
| Government | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA reports active exploitation of NAKIVO Backup Software vulnerability
- active exploit | Critical Cisco Smart Licensing Utility flaws actively exploited in attacks
- active attack | Phishing campaign targeting developers via GitHub uses OAuth app to hijack accounts
- active attack | Supply-Chain attack compromises popular GitHub Action used by Over 23,000 organizations
- active exploit | Vulnerability in Apache Tomcat actively exploited
- awareness | Windows Shortcut exploit abused in active hacker and state-sponsored attack campaigns
Vulnerabilities
- critical vulnerability | Critical authentication bypass vulnerability in AMI MegaRAC BMC software
- critical vulnerability | Critical flaws reported in mySCADA myPRO manager and runtime
- critical vulnerability | Flowise low coding platform vulnerable to pre-authentication arbitrary file upload
- critical vulnerability | Four.meme blockchain platform hit by liquidity vulnerability exploit
- critical vulnerability | Google releases update for Chrome and Chromium browsers, fixes critical flaw
- critical vulnerability | IBM patches two critical flaws in AIX, urges quick patching
- critical vulnerability | OpenAI's ChatGPT infrastructure under active attack: CVE-2024-27564 exploitation
- critical vulnerability | Researchers report hardcoded root credentials in TP-Link TL-WR845N routers
- critical vulnerability | Veeam patches critical vulnerability in Backup & Replication software
- critical vulnerability | WP Ghost WordPress plugin fixes critical vulnerability affecting 200,000+ sites
Incidents
- critical vulnerability | Turknet reports cyberattac, data breach affecting over 1.5 Million customers
- data breach | Stalkerware SpyX data breach exposed 2 million people
- data breach | College Hospital Costa Mesa reports data breach
- data breach | Grede Holdings LLC reports data breach incident
- data breach | HOLT Group reports data breach exposing over 12K people
- data breach | Consultants in Pain Medicine reports data breach affecting 2,062 patients
- data breach | Collectibles.com data leak exposes information of nearly 900,000 users
- data breach | OEC Group reports data breach exposing personal information
- data breach | Watsonville Community Hospital employees report identity theft following cyber attack
- data breach | Pennsylvania education union data breach affects over 500K people
- data breach | Western Alliance Bank data breach exposes 21K customers
- data breach | James Pascoe Group cyberattack disrupts New Zealand retail operations
- data breach | California Cryobank reports data breach
- data breach | Union County hit by ransomware attack compromising personal information
- data breach | NYU data breach exposes 3 Million applicants' personal info
- data breach | Nice Healthcare reports data breach
- data breach | Cascading GitHub action supply chain attacks: reviewdog/action-setup leads to tj-actions/changed-files compromise
- data breach | Merkur Group Casino data breach exposes information of over 800,000 users
- data theft | Steam removes game demo distributing Information-Stealing malware
- ransomware | Babuk ransomware gang clams breach of French telecom provider Orange
- ransomware | HellCat hackers target Ascom in global Jira hacking campaign
