How many cybersecurity events were reported between April 14-21, 2025?

Between April 14, 2025, and April 21, 2025, there were a total of 28 cybersecurity events: 10 advisory/vulnerability events and 18 incident/data breach events.

How does week 16 compare to week 15 in terms of cybersecurity events?

Both advisories and incidents decreased from the previous week. Advisories dropped from 21 in week 15 to 10 in week 16. Incidents decreased from 26 in week 15 to 18 in week 16.

How many individuals were impacted by data breaches in week 16 of 2025?

There were a total of 8,586,216 impacted individuals across 7 reported incidents, which is down from 10.4 million in week 15. The actual number is likely higher as not all incidents report the number of affected individuals.

What was the largest data breach reported in week 16 of 2025?

The largest breach was from UK Software company Logezy, which exposed 7,975,438 healthcare worker records in an unsecured database incident.

What were the main causes of cybersecurity incidents in week 16 of 2025?

The main causes were: Malware, Ransomware and Related Attacks (6 incidents), Software Vulnerability and SDLC Exploits (2 incidents), System Misconfiguration Exploits (1 incident), and Third Party Compromise (1 incident).

Which industries were most affected by cybersecurity incidents in week 16 of 2025?

Healthcare was the most affected with 5 incidents, followed by IT/Software/Technology with 3 incidents, and Manufacturing with 2 incidents. Other affected industries included Government, Hospitality/Events, Insurance, Aviation, Retail, Consulting/Professional Services, and Entertainment/Leisure with 1 incident each.

What critical vulnerabilities were reported in week 16 of 2025?

Critical vulnerabilities were reported in multiple systems, including: Mitsubishi Electric smartRTU, ASUS Routers with AiCloud, Yokogawa Recorder Products, Google Chrome, Apache Roller, Erlang/OTP SSH, Yii 2 PHP framework, and multiple Oracle products as part of their April 2025 Patch update.

Were there any active exploits reported in week 16 of 2025?

Yes, there were reports of active exploitation of SonicWall SMA 100 Series vulnerability, active exploitation of Microsoft NTLM hash disclosure vulnerability, and active phishing attacks impersonating Coinbase.

What ransomware attacks were reported in week 16 of 2025?

Ransomware attacks were reported affecting: Feel Four S.L. Retailer (claimed by Qilin and Devman groups), Whiteboard Technologies in Bengaluru, Wolters Kluwer, Galvatech in Sydney (claimed by Qilin), Study Hotels (claimed by Play ransomware gang), and CMC subsidiary in Vietnam.

Were any healthcare organizations affected by data breaches in week 16 of 2025?

Yes, several healthcare organizations were affected, including: OCH Regional Medical Center, MedEx Ambulance (affecting over 118,000 individuals), Mt. Baker Imaging and Northwest Radiologists, Loretto Hospital (exposing personal information of over 500 individuals), and DaVita kidney dialysis provider.

Knowledge

State of (in)security - Week 16, 2025

published: April 21, 2025

Take action: When you are in the business of trolling and insulting a bunch of people, make sure to patch your infrastructure. Because everyone has a beef against you. And your old PHP version from 2016 will be hacked, like it did for 4chan. And MAKE SURE TO UPDATE ALL WINDOWS. They are actively hacked.

Learn More

In the week between April 14, 2025, midnight and April 21, 2025, midnight we witnessed a total of:

10 advisory/vulnerability events
18 incident/data breach events

Week over Week comparison of week 16 2025 vs week 15 2025:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 8,586,216 impacted individuals across 7 incidents, with the largest breach being the UK Software company logezy exposes 8 Million healthcare worker records in unsecured database incident exposing 7,975,438 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
Software Vulnerability and SDLC Exploits	2
System Misconfiguration Exploits	1
Third Party Compromise	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	5
IT/Software/Technology	3
Manufacturing	2
Government	1
Hospitality/Events	1
Insurance	1
Other	1
Aviation	1
Retail	1
Consulting/Professional Services	1
Entertainment/Leisure	1

Read the Event Details of the Week

Knowledge

active exploit | CISA reports active exploitation of SonicWall SMA 100 Series vulnerability
active attack | Microsoft NTLM hash disclosure vulnerability now actively exploited
active phishing | Phishing attack impersonating Coinbase

Vulnerabilities

ransomware | Apple releases emergency update for actively exploited Apple ecosystem vulnerabilities
ransomware | Cisco Webex reports Client-Side remote code execution vulnerability
critical vulnerability | Critical authentication bypass and OS command injection flaws in Mitsubishi Electric smartRTU
critical vulnerability | Critical authentication bypass flaw reported in ASUS Routers with AiCloud
critical vulnerability | Critical authentication vulnerability reported in Yokogawa Recorder Products
critical vulnerability | Critical security vulnerabilities patched in Google Chrome
critical vulnerability | Critical session management vulnerability reported in Apache Roller
critical vulnerability | Critical unauthenticated remote code execution flaw reported in Erlang/OTP SSH
critical vulnerability | Critical vulnerability reported in Yii 2 PHP framework
critical vulnerability | Oracle releases April 2025 Patch update addressing 378 vulnerabilities

Incidents

data breach | AIR CAMPANIA SPA reports data breach of UNICO CAMPANIA App
data breach | UK Software company logezy exposes 8 Million healthcare worker records in unsecured database
data breach | OCH Regional Medical Center reports data breach exposing patient information
data breach | Long Beach Begins Notifying Residents of 2023 Data Breach
data breach | MedEx Ambulance reports data breach affecting over 118,000 individuals
data breach | Insurance Firm Lemonade reports data leak exposing driver's license numbers over 17-month period
data breach | Mt. Baker Imaging and Northwest Radiologists report data breach affecting patient data
data breach | Entertainment services company Legends International reports data breach
data breach | 4chan forum hacked, taken offline
data breach | Kidney dialysis provider DaVita hit by ransomware attack disrupting operations
data breach | Data breach at Loretto Hospital exposes personal information of over 500 individuals
data breach | Hertz corporation confirms data breach affecting customers of multiple car rental brands
ransomware | Qilin and Devman hacking groups claim ransomware Attack on Feel Four S.L. Retailer
ransomware | Bengaluru based Whiteboard Technologies reports ransomware attack
ransomware | Hackers claim breach at Wolters Kluwer exposing sensitive customer info
ransomware | Qilin ransomware gang claims breach and data theft from Sydney-based Galvatech
ransomware | Play ransomware gang claims breach of Study Hotels
ransomware | Vietnamese tech giant CMC confirms ransomware attack on subsidiary

Read More
Maximising profit - Ransomware gang pressuring victims on …
State of (in)security - Week 3, 2024
State of (in)security - Week 32, 2024
State of (in)security - Week 49, 2023
State of (in)security - Week 5, 2026