State of (in)security - Week 17, 2025
Take action: Be very conscious about third party vulnerabilities. There are a lot of vulnerable libraries that we are using, and even some that hackers have actively breached and injected malicious code. Keep third party code in your risk plan, and try to monitor it regularly. It's hard, but checking will let you sleep better.
Learn More
In the week between April 21, 2025, midnight and April 28, 2025, midnight we witnessed a total of:
- 19 advisory/vulnerability events
- 16 incident/data breach events
Week over Week comparison of week 17 2025 vs week 16 2025:
- Advisories are up and incidents are down from the previous week. Advisories are up from 10 in week 16 2025 to 19 in week 17 2025. Incidents are down from 18 in week 16 2025 to 17 in week 16 2025.
- The number of known impacted individuals is down - from 8.5 million in week 16 2025 to 396 thousand in week 17 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 396,281 impacted individuals across 8 incidents, with the largest breach being the Onsite Mammography data breach exposes data of 357K individuals incident exposing 357,265 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Human bad security behaviour | 2 |
| System Misconfiguration Exploits | 2 |
| Third Party Compromise | 2 |
| Unauthorized access | 2 |
| Malware, Ransomware and Related Attacks | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 4 |
| Healthcare | 3 |
| Telecommunications | 2 |
| IT/Software/Technology | 1 |
| Retail | 1 |
| Transport/Logistics | 1 |
| Consulting/Professional Services | 1 |
| Utilities | 1 |
| Education | 1 |
| Finance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Active! Mail remote code execution flaw actively exploited
- active exploit | Craft CMS zero-Day vulnerabilities actively exploited
- active exploit | Critical SAP NetWeaver vulnerability under active exploitation
- facebook scam | "HP Laptop for 123 MKD" scam campaign stealing Personal and Card data
- active scam | Phone Scam spoofing Vatican phone number
Vulnerabilities
- critical vulnerability | AMD releases patches for critical Zen 5 microcode flaw
- critical vulnerability | Authentication bypass vulnerability reported in HPE Performance Cluster Manager (HPCM)
- critical vulnerability | ConfusedComposer vulnerability in reported in Google Cloud Composer tool
- critical vulnerability | Critical authentication flaw reported in Lantronix Xport
- critical vulnerability | Critical flaw reported in InstaWP Connect WordPress plugin
- critical vulnerability | Critical path traversal vulnerability reported in Infodraw's surveillance software
- critical vulnerability | Critical remote code execution flaw reported in PyTorch Framework
- critical vulnerability | Critical vulnerability reported in Commvault Command Center
- critical vulnerability | GitLab releases security patches for multiple Vulnerabilities
- critical vulnerability | Johnson Controls reports critical vulnerability in ICU tool
- data breach | Malicious code injected Ripple's xrpl.js npm package, compromises cryptocurrency private keys
- critical vulnerability | Massive number of SQL Injection Vulnerabilities reported Siemens TeleControl Server Basic
- critical vulnerability | Multiple critical security vulnerabilities in Schneider Electric Modicon Controllers
- critical vulnerability | Multiple vulnerabilities reported in IBM Hardware Management Console
- data breach | Multiple vulnerabilities reported in Rack Ruby Framework
- critical vulnerability | Nice reports critical flaw in Linear eMerge E3
- critical vulnerability | Planet Technology reports security flaws in their network products
- critical vulnerability | Schneider Electric reports critical flaw in Wiser Home Controller WHC-5918A
- ransomware | Windows "security related inetpub" creates a vulnerability blocking future security updates
Incidents
- data breach | Grant County Public Utility District reports data breach affecting 850 people
- data breach | SK Telecom reports customer data breach in malware attack
- data breach | Cyber attack disrupts Marks & Spencer services
- data breach | The Plastic Surgery Center reports data breach affecting patient information
- data breach | Onsite Mammography data breach exposes data of 357K individuals
- data breach | WorkComposer employee monitoring app leaks 21 million screenshots
- data breach | Cyberattack od telecom MTN Group compromises customer data
- data breach | Bluestone Bank reports that data of 7K individuals was leaked due to administrative error
- data breach | Barnstable County Sheriff's office reports internal data breach
- data breach | British Ministry of Defence confirms data leak exposing Special Forces personnel
- data breach | Baltimore City Public Schools report data breach
- data breach | Aya Healthcare reports data breach exposing personal information of healthcare workers
- ransomware | Ransomware attack at third party exposes 2,254 sleep study patients' data at Adelaide Hospital
- ransomware | Cyberattack targets Spanish water supplier Aigües de Mataró
- ransomware | Wan Hai Lines shipping company hit by cyberattack, website offline
- ransomware | Abilene, Texas local government systems taken offline after cyberattack
