State of (in)security - Week 13, 2025
Take action: Cyberbullying children becomes a weapon for cybercriminals. If they can bully or even hack a child they can make them run programs on home and school computers because the children are terrified. This is really happening, and is a terrifying example of how criminals abuse very vulnerable people for profit. Make sure to educate the children very early.
Learn More
In the week between March 24, 2025, midnight and March 31, 2025, midnight we witnessed a total of:
- 13 advisory/vulnerability events
- 26 incident/data breach events
Week over Week comparison of week 13 2025 vs week 12 2025:
- Advisories and incidents are up from the previous week. Advisories are up from 10 in week 12 2025 to 13 in week 13 2025. Incidents are up from 21 in week 12 2025 to 26 in week 13 2025.
- The number of known impacted individuals is down - from 8.6 million in week 12 2025 to 3.5 million in week 13 2025.
We also shared 6 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 3,580,511 impacted individuals across 11 incidents, with the largest breach being the FacePass data leak exposes 1.6 Million files containing sensitive Brazilian user info incident exposing 1,600,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Software Vulnerability and SDLC Exploits | 4 |
| Malware, Ransomware and Related Attacks | 3 |
| Unauthorized access | 3 |
| System Misconfiguration Exploits | 3 |
| Human bad security behaviour | 2 |
| Third Party Compromise | 2 |
| Social Engineering and Phishing | 2 |
| Denial-of-Service Attacks | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 6 |
| Government | 5 |
| Education | 3 |
| Healthcare | 2 |
| Consulting/Professional Services | 2 |
| Aviation | 2 |
| Transport/Logistics | 1 |
| Finance | 1 |
| Manufacturing | 1 |
| Media | 1 |
| Retail | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Active exploitation of critical SAP flaw CVE-2017-12637 reported by Onapsis
- active exploit | CISA reports actively exploited Sitecore CMS Vulnerabilities
- active exploit | DrayTek routers in Vietnam actively attacked causing Internet disruptions
- active exploit | EncryptHub gang actively exploiting Microsoft Management Console vulnerability
- active exploit | Google urgently patches actively exploited Chrome flaw - patch now!
- active exploit | GreyNouse reports DrayTek routers actively attacked using old vulnerabilities
Vulnerabilities
- critical vulnerability | Broadcom patches high-severity Authentication Bypass flaw in VMware Tools for Windows
- critical vulnerability | Critical security vulnerability reported in Next.js framework
- critical vulnerability | Critical vulnerability in NetApp SnapCenter Server enables privilege escalation
- critical vulnerability | CrushFTP issues advisory for Unauthenticated Access Vulnerability, patch now!
- critical vulnerability | IngressNightmare: critical Kubernetes vulnerabilities in ingress NGINX controller
- critical vulnerability | Mozilla patches critical Firefox sandbox escape flaw on Windows
- critical vulnerability | Multiple critical authentication bypass vulnerabilities in Kentico Xperience CMS lead to remote code execution
- critical vulnerability | Multiple flaws reported in Growatt Cloud Platform
- critical vulnerability | Multiple vulnerabilities reported in H3C Magic Router models
- critical vulnerability | Multiple vulnerabilities reported in Inaba Denki Sangyo CHOCO TEI WATCHER Mini, two critical
- critical vulnerability | Rhino Security Labs report multiple flaws in default install of Appsmith Enterprise Platform
- critical vulnerability | Rockwell Automation fixes critical flaw in Verve Asset Manager
- critical vulnerability | SQL Injection vulnerability discovered in GLPI IT Service Management tool
Incidents
- data breach | Three Rivers Hospital reports third party data breach
- data breach | Cyberattack and data breach forces Cobb County to shut down online systems
- data breach | Jaguar Land Rover hit by HELLCAT ransomware group
- data breach | Numotion Data Breach: email compromise affects nearly 500,000 individuals
- data breach | Oracle Health breach compromises patient data at US Healthcare organizations
- data breach | Northern Ireland ICRIR reports limited data breach due to administrative error
- data breach | FacePass data leak exposes 1.6 Million files containing sensitive Brazilian user info
- data breach | St. Joseph's College reports data breach impacting over 126K individuals
- data breach | Wineberg Solheim Howell & Shain report data breach
- data breach | StreamElements reports third-party data breach
- data breach | Parcel Plus tax preparation service reports data breach affecting customer tax returns
- data breach | Nine Media Company leaks personal information of 16,000 subscribers
- data breach | Major data breach exposes Keenetic router users' sensitive information
- data breach | Vroom by YouX leaks sensitive financial documents in unsecured database
- data breach | Hacker claims huge breach of Oracle Cloud, the company denies
- data breach | NSW court website data breach affects 9,000 sensitive documents
- data breach | Data breach exposes sensitive military information in India
- data breach | Hartsfield-Jackson Atlanta International Airport hit by cyberattack
- data breach | Lafayette Federal Credit Union reports data breach
- data breach | Senior U.S. security officials' private data and passwords found online
- data breach | Concord Orthopaedics reports data breach affecting patient data
- ransomware | Sam's Club supermarket chain investigating potential ransomware attack
- ransomware | Hellenic Open University hit by cyberattack, data breach
- ransomware | Cyberattack disrupts Ukraine's National Railway online ticket services
- ransomware | Kuala Lumpur International Airport hit by cyberattack, ransom demand
- ransomware | Teays Valley Christian School hit by ransomware attack
