State of (in)security - Week 15, 2025
Take action: Always validate and match file types, magic number and file extension. Only of all match, then declare what the file type is. Otherwise, you are exposing your users to a lot of possible exploits and vulnerabilities.
Learn More
In the week between April 7, 2025, midnight and April 14, 2025, midnight we witnessed a total of:
- 21 advisory/vulnerability events
- 26 incident/data breach events
Week over Week comparison of week 15 2025 vs week 14 2025:
- Advisories are significantly up and incidents remain the same from the previous week. Advisories are up from 12 in week 14 2025 to 21 in week 15 2025. Incidents remain the same, 26 in both week 14 2025 and week 15 2025.
- The number of known impacted individuals is massively down - from 201 million in week 14 2025 to 10.4 million in week 15 2025.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 10,421,300 impacted individuals across 7 incidents, with the largest breach being the Data breach claimed by hacker "Satanic" targeting WooCommerce users, sells data of 4.4M users incident exposing 4,400,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Software Vulnerability and SDLC Exploits | 3 |
| Unauthorized access | 3 |
| Human bad security behaviour | 1 |
| System Misconfiguration Exploits | 1 |
| Third Party Compromise | 1 |
| Social Engineering and Phishing | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 6 |
| Healthcare | 4 |
| IT/Software/Technology | 3 |
| Entertainment/Leisure | 2 |
| Manufacturing | 2 |
| Retail | 2 |
| Insurance | 1 |
| Gas/Oil | 1 |
| Construction | 1 |
| Consulting/Professional Services | 1 |
| Education | 1 |
| Finance | 1 |
| Aviation | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Authentication bypass flaw in OttoKit/SureTriggers WordPress plugin actively exploited
- active exploit | CISA issues alert on active exploits of just patched Windows CLFS flaw
- active exploit | Hacking campaign targets Amazon EC2 instance metadata via SSRF
Vulnerabilities
- critical vulnerability | Adobe releases April 2025 patches for multiple products
- critical vulnerability | Bitdefender reports critical flaw in GravityZone
- critical vulnerability | Critical authentication flaw reported in Siemens Industrial Edge Devices
- critical vulnerability | Critical Remote Code execution vulnerability reported in BentoML
- critical vulnerability | Critical security vulnerabilities reported in Spotfire AI analysis platform
- critical vulnerability | Critical vulnerability in FortiSwitch GUI allows unauthorized admin password change
- critical vulnerability | Critical vulnerability in Gladinet CentreStack and Triofox (CVE-2025-30406) actively exploited
- critical vulnerability | Critical vulnerability reported in Langflow AI Builder enabling unauthenticated remote code execution
- critical vulnerability | Dell fixes multiple flaws in PowerScale OneFS, at least one critical
- data breach | Fortinet reports hacker technique for Persistent Access to FortiGate Devices after patching
- critical vulnerability | Google releases April 2025 Android security update fixing 62 flaws Including two actively exploited
- critical vulnerability | Jenkins reports SSH Host Key Reuse in its Docker Images
- critical vulnerability | Juniper patches critical flaws in Junos Space and multiple flaws in Junos OS versions
- critical vulnerability | MediaTek fixes critical and high-severity vulnerabilities in multiple chipsets
- ransomware | Microsoft confirms Windows April 2025 security update creates 'inetpub' folder
- ransomware | Microsoft releases April 2025 patch, fixes 134 flaws, 11 critical, one actively exploited
- critical vulnerability | Researchers demonstrate Nissan Leaf electric vehicle vulnerable to remote hacking, takeover
- critical vulnerability | Researchers report path traversal vulnerability in AWS SSM Agent's Plugin ID Validation
- critical vulnerability | SAP April 2025 Patch day releases patches for multiple flaws, three critical
- critical vulnerability | Siemens reports multiple critical vulnerabilities in SENTRON 7KT Data Manager, won't be patched
- critical vulnerability | WhatsApp flaw can let attackers send a file that looks like JPEG but is malicious program, update now
Incidents
- data breach | Bangchak oil and gas company reports data breach, Thailand's privacy regulator launches Investigation
- data breach | Laboratory Services Cooperative is reporting a data breach exposing 1.6 Million people
- data breach | San Francisco Campus for Jewish Living (Hebrew Home for Age Disabled) reports data breach
- data breach | Data breach claimed by hacker "Satanic" targeting WooCommerce users, sells data of 4.4M users
- data breach | Western Sydney University reports two more security breaches and data leak
- data breach | Blue Shield of California notifies members of potential data breach through Google Analytics
- data breach | Harcourts Prime Properties hit by ransomware, data breach, leaked agent information
- data breach | Data breach at Easol affects Brighton Pride 2024 ticket holders
- data breach | Eisner Advisory Group reports data breach
- data breach | Multiple Dutch ministries hit by data breach
- data breach | Ohio healthcare provider Maryhaven reports data breach affecting patient information
- data breach | Yale New Haven Health reports cyberattack, data breach
- data breach | Bank of America reports data breach after losing customer documents lost in transit
- data breach | Algerian hacker group JabaRoot DZ launches cyberattack against Moroccan institutions
- data breach | Te Whatu Ora (Health New Zealand) reports IT breach after five-month delay
- data breach | Brack.ch investigating hacker claims of breach allegedly affecting 2.4M people
- data breach | U.S. Treasury's Comptroller reports email breach exposed sensitive financial institution data
- data breach | NetJets private jet company investigating security incident, data breach
- data breach | City of Forest Park reports potential data breach impacting residents
- ransomware | Printing vendor for DBS andBank of China Singapore hit by ransomware attack, over 11,000 customers exposed
- ransomware | Medusa ransomware group claims NASCAR hack, demands $4 Million
- ransomware | IKEA franchise operator Fourlis Group reports €20 Million loss from 2024 ransomware attack
- ransomware | Everest ransomware gang's leak site hacked and defaced
- ransomware | Sensata Technologies hit by ransomware attack, production disrupted
- ransomware | Medical device manufacturer Compumedics Limited reports ransomware attack
- ransomware | Oregon Department of Environmental Quality shuts down system after cyberattack
