State of (in)security - Week 2, 2025
Take action: Industrial routers are just as prone to be vulnerable as any other device. But the patching is much more difficult. So make sure you isolate everything in a trusted network. And still be ready to patch at a moment's notice, especially since some devices may have physical or proximity vector of attack like wireless devices.
Learn More
In the week between Jan. 6, 2025, midnight and Jan. 13, 2025, midnight we witnessed a total of:
- 9 advisory/vulnerability events
- 25 incident/data breach events
Week over Week comparison of week 2 2025 vs week 1 2025:
- Both advisories and incidents are up from the previous week. Advisories are up from 2 in week 1 2025, to 9 in week 2 2025. Incidents are up from 13 in week 1 2025 to 25 in week 2 2025.
- The number of known impacted individuals is significantly up - from 1.997 million in week 1 2025 to 5.997 million in week 2 2025.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 5,947,262 impacted individuals across 9 incidents, with the largest breach being the Italian certification authority InfoCert reports third party data breach incident exposing 5,500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Software Vulnerability and SDLC Exploits | 2 |
| Unauthorized access | 2 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 4 |
| IT/Software/Technology | 4 |
| Telecommunications | 3 |
| Finance | 3 |
| Education | 2 |
| Government | 2 |
| Non-profit/Charity | 2 |
| Pharmaceuticals | 1 |
| Consulting/Professional Services | 1 |
| Entertainment/Leisure | 1 |
| Insurance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA reports active exploitation of Mitel MiCollab flaws
- active exploit | CISA warns of critical Oracle flaw actively exploited
- active attack | KerioControl firewall flaw actively exploited by hackers
Vulnerabilities
- critical vulnerability | CISA reports unpatched critical flaw in Nedap Librix Ecoreader
- critical vulnerability | Fancy Product Designer WordPress plugin has critical flaws, but no patches
- critical vulnerability | Google releases January 2025 Android patches, fixes multiple critical flaws
- critical vulnerability | Google researchers confirm critical flaw in Samsung S24, S23
- critical vulnerability | Ivanti reports two flaws in Connect Secure, Policy Secure and Neurons - one critical and actively exploited
- critical vulnerability | MediaTek reports multiple vulnerabilities, two classified as critical
- critical vulnerability | Moxa reports significant security vulnerabilities affecting their network devices
- critical vulnerability | Multiple flaws reported in Netis routers that can be chained to achieve auth bypass, RCE
- critical vulnerability | SonicWall warns customers to patch SSLVPN flaw immediately, verified to be exploitable
Incidents
- data breach | International Civil Aviation Organization investigating potential data breach
- data breach | Hyperice, Inc. reports data breach
- data breach | PowerSchool reports data breach, exposes student, teacher data
- data breach | Hackers claim breach of Gravy Analytics
- data breach | Green Bay Packers report security breach of their Pro Shop site
- data breach | American Trust Retirement reports cybersecurity incident, data breach
- data breach | Italian certification authority InfoCert reports third party data breach
- data breach | Mohawk Valley Cardiology reports data breach exposing data of nearly 5K patients
- data breach | Mission Bank reports data breach
- data breach | Telefónica confirms breach of their internal Jira ticketing system
- data breach | Bank of America reports third party data breach impacting loan customers
- data breach | Gerber Life Insurance reports data breach
- data breach | Department of Veterans Affairs reports data leak caused by printing error
- data breach | HCF Management nursing homes reports data breach
- data breach | Eindhoven University of Technology hit by cyberattack, takes network offline
- data breach | BayMark Health Services reports data breach
- data breach | Cannabis retail company STIIIZY reports data breach
- ransomware | Medical billing provider Medusind reports data breach exposing 360K people
- ransomware | Slovakia's Land Registry Office hit by cyberattack, shuts down systems
- ransomware | Teton Orthopaedics reports ransomware attack exposing patient information
- ransomware | Addison Northwest School District reports ransomware cyberattack
- ransomware | The North Los Angeles County Regional Center reports ransomware attack, data breach
- ransomware | Russian ISP Nodex confirms Ukrainian hackers breached and destroyed its network infrastructure
- ransomware | Heavy Construction Systems Specialists reports ransomware attack, data breach
- ransomware | South African mobile operator Cell C hit by ransomware attack
