State of (in)security - Week 18, 2025
Take action: When installing new code libraries or packages, always verify their legitimacy by checking for active development, multiple contributors, and an active development history of at least 2-3 years. Organizations should maintain approved package lists and educate developers about security risks. Individual developers should research packages on trusted platforms like StackOverflow before implementation.
Learn More
In the week between April 28, 2025, midnight and May 5, 2025, midnight we witnessed a total of:
- 9 advisory/vulnerability events
- 16 incident/data breach events
Week over Week comparison of week 18 2025 vs week 17 2025:
- Advisories are down and incidents remain the same as the previous week. Advisories are down from 19 in week 17 2025 to 9 in week 18 2025. Incidents remain the same - 16 in both week 17 and week 18 2025.
- The number of known impacted individuals is significantly up - from 396 thousand in week 17 to over 20 million in week 18 2025.
We also shared 10 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 20,674,723 impacted individuals across 7 incidents, with the largest breach being the UK retailer Co-op targeted by cyberattack, shuts down IT systems incident exposing 20,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 8 |
| Human bad security behaviour | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 4 |
| Healthcare | 2 |
| Retail | 2 |
| Government | 2 |
| Consulting/Professional Services | 1 |
| Transport/Logistics | 1 |
| Education | 1 |
| Insurance | 1 |
| Media | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Broadcom Brocade Fabric SAN vulnerability actively exploited
- active exploit | CISA reports critical Apache HTTP Server flaw actively exploited
- active phishing | Cloud storage "payment failed" phishing attack
- active exploit | Commvault Web Server vulnerability under active exploitation by Nation-State threat actor
- active phishing | Fake bank payment phishing attack via compromised email
- active phishing | Phishing Attack faking link to signed contract and very advanced scam site
- active scam | Scam messages and emails targeting court translators, promising huge payments
- active exploit | SonicWall confirms active exploitation of two SMA vulnerabilities
- active attack | Supply chain attack compromises Magento E-commerce extensions
- active exploit | WordPress malware campaign disguised as legitimate Security Plugin
Vulnerabilities
- critical vulnerability | Azure SQL server vulnerability allowed creation of malicious destructive Firewall rules
- critical vulnerability | CISA reports multiple flaws in KUNBUS GmbH Revolution Pi, two critical
- critical vulnerability | Critical FastCGI flaw exposes embedded devices to remote code execution
- critical vulnerability | Flaws in Apple's AirPlay protocol puts millions of devices at risk
- critical vulnerability | IBM reports multiple flaws in Cognos Analytics, at least one critical
- critical vulnerability | Library hallucinations in AI generated code creates risk of loading malware in your programs
- critical vulnerability | Mozilla addresses multiple High-Severity flaws with Firefox 138 release
- critical vulnerability | Multiple vulnerabilities in Netgear EX6200 Wi-Fi range extender
- critical vulnerability | Remote Code Execution flaw reported in Viasat Satellite Modems
Incidents
- data breach | iHeartMedia data breach exposes personal information at "a small number" of their stations
- data breach | Blue Cross and Blue Shield of Illinois data breach exposes data of over 9K individuals
- data breach | Ascension Health reports data breach exposing patient info
- data breach | Fowler Elementary School District hit by cyberattack, data breach
- data breach | xAI employee leaked private API key on GitHub exposing internal LLMs
- data breach | Media firm Urban One reports data breach following Cactus Ransomware attack
- data breach | Ticket to Cash data leak exposes over 520,000 records
- data breach | Korean job platform Albamon exposes over 22K resume entries
- data breach | Data breach may have exposed information of New Orleans sex abuse survivors
- data breach | Orthopaedic Specialists of Connecticut reports data breach exposing 22K people
- ransomware | Harrods latest UK retailer to be hit by cyber attack after M&S and Co-op
- ransomware | Japanese logistics company Kintetsu World Express confirms ransomware attack
- ransomware | UK retailer Co-op targeted by cyberattack, shuts down IT systems
- ransomware | Hamilton County Sheriff's Office website restored after two-week cybersecurity incident
- ransomware | Ransomware attack disrupts DuPage County judicial and law enforcement systems
- ransomware | Hitachi Vantara takes servers offline after Akira ransomware attack
