What were the cybersecurity statistics for the week of May 5-12, 2025?

In the week between May 5, 2025, midnight and May 12, 2025, midnight, there were 13 advisory/vulnerability events, 22 incident/data breach events, and 7 practical knowledge items shared.

How did the cybersecurity events in week 19 of 2025 compare to the previous week?

Both advisories and incidents increased from the previous week. Advisories increased from 9 in week 18 to 13 in week 19. Incidents increased from 18 in week 18 to 22 in week 19. However, the number of known impacted individuals decreased significantly from over 20 million in week 18 to 2.83 million in week 19.

How many individuals were impacted by data breaches during this week?

There were a total of 2,836,638 impacted individuals across 7 incidents. The largest breach was the data leak at beWanted, which exposed the personal information of 1,100,000 job seekers. Since not all incidents report a number of impacted individuals, the actual number is likely higher.

What were the main causes of cybersecurity incidents during this week?

The main causes of incidents were: Malware, Ransomware and Related Attacks (6 incidents), System Misconfiguration Exploits (2 incidents), Third Party Compromise (2 incidents), Software Vulnerability and SDLC Exploits (1 incident), and Unauthorized access (1 incident).

Which industries were most affected by cybersecurity incidents this week?

The most affected industries were IT/Software/Technology and Education with 4 incidents each, followed by Consulting/Professional Services, Government, and Media with 2 incidents each. Other affected industries included Aviation, Healthcare, Insurance, Manufacturing, and Food and Beverage with 1 incident each.

What were some notable ransomware attacks during this week?

Notable ransomware attacks included: Oettinger Brewery hit by RansomHouse, West Lothian council's education network, LockBit ransomware gang's dark web site being hacked (exposing crypto wallets and victim negotiations), Lynx Ransomware Gang claiming breach of CBS affiliate WDEF-TV, Coweta County School System, and medical device vendor Masimo experiencing disruption to manufacturing and order fulfillment.

What were some significant data breaches reported during this week?

Significant data breaches included: Union Health System (affecting 263K patients following Oracle Health/Cerner hack), beWanted (exposing 1.1 million job seekers' personal information), PR TIMES (exposing over 900,000 users), Kelly Benefits (affecting over 400,000 individuals), TeleMessage (exposing modified messaging apps used by U.S. officials), and multiple educational institutions including Outwood Academy Acklam and Texas Alvin Independent School District.

What critical vulnerabilities were reported during this week?

Critical vulnerabilities were reported in: AWS Amplify Studio, Cisco IOS XE Wireless Controller, Ubiquiti's UniFi Protect surveillance system, Mitel SIP phones, SysAid On-Premise IT support software, Google's Android (April 2025 security update), Chrome and Chromium browsers, Microsoft's core Cloud Services (Azure DevOps, Automation, Storage, and Power Apps), Pixmeo's OsiriX MD medical imaging software, Solana's Token-2022 Program, and SonicWall's SMA 100 series.

What active exploits were reported during this week?

Active exploits reported included: 'Bring Your Own Installer' EDR bypass technique on SentinelOne, two GeoVision Device vulnerabilities, a critical Langflow authentication vulnerability, OttoKit WordPress Plugin vulnerability, a Microsoft Telnet flaw enabling credential theft through phishing, and a Samsung MagicINFO 9 server flaw.

Knowledge

State of (in)security - Week 19, 2025

published: May 12, 2025

Take action: Three rules this week: (1) Your company MUST have responsible disclosure channel to be able to quickly react to reported issues. (2) There is no honor among criminals. This is why it's usually pointless to pay a ransom for stolen data. Criminals will most likely retain the data and extort everyone as much as possible. (3) Never try to write your own cryptography, because that usually ends up with a flawed implementation. Use well known deeply tested libraries.

Learn More

In the week between May 5, 2025, midnight and May 12, 2025, midnight we witnessed a total of:

13 advisory/vulnerability events
22 incident/data breach events

Week over Week comparison of week 19 2025 vs week 18 2025:

We also shared 7 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 2,836,638 impacted individuals across 7 incidents, with the largest breach being the Data leak at beWanted exposes 1.1 Million job seekers' personal information incident exposing 1,100,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
System Misconfiguration Exploits	2
Third Party Compromise	2
Software Vulnerability and SDLC Exploits	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
IT/Software/Technology	4
Education	4
Consulting/Professional Services	2
Government	2
Media	2
Aviation	1
Other	1
Food and Beverage	1
Healthcare	1
Insurance	1
Manufacturing	1

Read the Event Details of the Week

Knowledge

active attack | "Bring Your Own Installer" EDR bypass technique exploited on SentinelOne
active exploit | CISA reports active exploitation of two GeoVision Device vulnerabilities
active exploit | Critical Langflow authentication vulnerability actively exploited
active exploit | Critical OttoKit WordPress Plugin vulnerability patched after active exploitation
phishing | Microsoft Telnet flaw enables credential theft through telnet links in phishing
active exploit | Samsung MagicINFO 9 server flaw actively exploited
data breach | Università Roma Tre reports cyberattack

Vulnerabilities

critical vulnerability | Critical flaws in Mitel SIP phones allow command injection and unauthorized file upload
critical vulnerability | Critical Pre-Auth RCE vulnerabilities discovered in SysAid On-Premise IT support software
critical vulnerability | Critical vulnerability in AWS Amplify Studio allows arbitrary code execution
critical vulnerability | Critical vulnerability in Cisco IOS XE Wireless Controller allows arbitrary file upload
critical vulnerability | Critical vulnerability reported in Ubiquiti's UniFi Protect surveillance system
critical vulnerability | Google releases April 2025 Android security update, patching 57 flaws including critical and actively exploited
critical vulnerability | Google releases update for Chrome and Chromium browsers fixing critical flaw
ransomware | Malicious code injection vulnerability reported in Apache Parquet Java
critical vulnerability | Microsoft patches critical flaws in core Cloud Services including Azure DevOps, Automation, Storage, and Power Apps
critical vulnerability | Pixmeo patches multiple flaws in OsiriX MD medical imaging software, one critical
critical vulnerability | Solana fixes critical vulnerability in Token-2022 Program
critical vulnerability | SonicWall patches multiple vulnerabilities in SMA 100 series, some potentially exploited
critical vulnerability | Vulnerabilities reported in Mobile Security Framework (MobSF)

Incidents

data breach | Union Health System reports data breach affecting 263K patients following Oracle Health/Cerner hack
data breach | Outwood Academy Acklam reports data breach exposing parent and student data
data breach | Texas Alvin Independent School District reports data breach exposing 47K people
data breach | UK Legal Aid Agency reports security incident
data breach | ClickFunnels investigating alleged data breach by "Satanic" hacking group
data breach | Hackers that breached PowerSchool escalates to ransom demands directed at individuals
data breach | PR TIMES reports data breach exposing personal info of over 900,000 users
data breach | Cyber attack disrupts operational systems at South African Airways
data breach | Pearson Education hit by data breach following exposed GitLab token
data breach | Chapman & Roberts PA Law Firm reports data breach
data breach | Employee benefits firm Kelly Benefits reports massive data breach affecting over 400,000 individuals
data breach | Data leak at beWanted exposes 1.1 Million job seekers' personal information
data breach | Pakistani hackers claim to have breached multiple Indian defence websites
data breach | TeleMessage data breach exposes modified messaging apps used by U.S. officials
ransomware | iClicker website compromised with fake ClickFix CAPTCHA installing malware
ransomware | Oettinger Brewery hit by RansomHouse cyber attack
ransomware | West Lothian council hit by ransomware attack on education network
ransomware | LockBit ransomware gang dark web site hacked, exposing crypto wallets, passwords, victim negotiations and affiliate data
ransomware | Lynx Ransomware Gang claims breach of CBS affiliate WDEF-TV
ransomware | Peru denies federal system ransomware attack but confirms attack on regional capital
ransomware | Coweta County School System hit by ransomware attack
ransomware | Medical device vendor Masimo hit by cyberattack disrupting manufacturing and order fulfillment

Read More
Step-by-step: How Hacker Group 'LabRat' Works to abuse …
State of (in)security - Week 14, 2024
State of (in)security - Week 40, 2023
State of (in)security - Week 17, 2025
The MOVEit comes back to bite the victims …