State of (in)security - Week 20, 2025
Take action: We all like to consider our colleagues good people, and we don't want to insult them by assuming they can do something bad. But this week we had two examples why controls against malicious insiders are important. However painful it is to consider that your colleagues may be malicious, you still need controls against it.
Learn More
In the week between May 12, 2025, midnight and May 19, 2025, midnight we witnessed a total of:
- 12 advisory/vulnerability events
- 19 incident/data breach events
Week over Week comparison of week 20 2025 vs week 19 2025:
- Advisories and incidents are down from the previous week. Advisories are down from 13 in week 19 2025 to 12 in week 20 2025. Incidents are down from 22 in week 19 to 19 in week 20 2025.
- The number of known impacted individuals is significantly up - from 2.83 million in week 19 to over 93 million in week 20 2025.
We also shared 8 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 93,848,900 impacted individuals across 11 incidents, with the largest breach being the Hacker offer to sell SMS OTP messages of 89M Steam users, Valve clarifies no account connection incident exposing 89,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| System Misconfiguration Exploits | 5 |
| Human bad security behaviour | 2 |
| Malware, Ransomware and Related Attacks | 2 |
| Third Party Compromise | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 5 |
| Government | 3 |
| Finance | 2 |
| Education | 1 |
| Healthcare | 1 |
| Manufacturing | 1 |
| Retail | 1 |
| Telecommunications | 1 |
| Aviation | 1 |
| Utilities | 1 |
| Construction/Realestate | 1 |
| Consulting/Professional Services | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Critical Fortinet vulnerability actively exploited
- active phishing | Email reconnaissance tactics in phishing - "Are you reading this?"
- active attack | Ivanti reports actively exploited EPMM flaws, urges immediate patching
- active phishing | Netflix payment phishing campaign stealing a lot of personal data
- active exploit | Samsung makes a second patch for actively exploited flaw in MagicINFO 9 Server
- active exploit | SAP fixes second actively exploited NetWeaver vulnerability
- awareness | Take care who can physically access your Windows computer, even if fully encrypted
- active exploit | Vulnerability in Output Messenger actively exploited
Vulnerabilities
- critical vulnerability | Adobe releases April 2025 patches for multiple products
- critical vulnerability | Crawlomatic Multipage Scraper post generator allows unauthorized file uploads
- critical vulnerability | Critical authentication bypass vulnerability reported in Ivanti Neurons for ITSM
- critical vulnerability | Critical privilege escalation vulnerability in Eventin WordPress plugin
- critical vulnerability | Critical Security flaw in ASUS mainboard update system
- critical vulnerability | Critical vulnerabilities reported in Hitachi Energy MACH GWS products
- critical vulnerability | Google patches actively exploited flaw in Chrome used for account takeover and MFA bypass
- critical vulnerability | Jenkins reports vulnerabilities in multiple plugins, at least two critical
- critical vulnerability | Microsoft releases May 2025 Patch Tuesday updates addressing 72 vulnerabilities
- critical vulnerability | Mozilla Firefox patches critical security vulnerabilities with exploit PoC
- critical vulnerability | Multiple critical vulnerabilities reported in Hitachi Energy Service Suite
- critical vulnerability | Multiple security vulnerabilities reported in Zoom Workplace applications
Incidents
- data breach | Coinbase reports data breach caused by support agents bribed to steal customer info
- data breach | Electoral data security breach in West Bengal, voters deleted from electoral rolls
- data breach | Pierce County Library System reports data breach
- data breach | Belgian Effortel reports cybersecurity breach exposing 70,000 customers
- data breach | Gaming developer Arc System Works reports hack, data breach
- data breach | Hacker offer to sell SMS OTP messages of 89M Steam users, Valve clarifies no account connection
- data breach | New Zealand-based LPM Property Management leaks over 31,000 ID Documents
- data breach | PrepHero data leak exposes over 3 million records of student-athletes and college coaches
- data breach | Alabama Office of Information Technology investigating cybersecurity incident
- data breach | Cybersecurity incident at fashion brand Dior exposes customer information
- data breach | Australian Human Rights Commission reports data breach
- data breach | GlobalX Airlines used for deportation flights breached by hacktivists
- data breach | Nova Scotia Power reports data breach, customer information exposed
- data breach | Arvest Bank data leak: technical issue exposes customer account information
- data breach | Serviceaide Agentic AI company leaks data of 483,000 Catholic Health patients
- ransomware | US Steel Producer Nucor Corporation faces operational disruptions after cyberattack
- ransomware | Andy Frain reports ransomware attack and data breach affecting 100K people
- ransomware | Horizon Behavioral Health hit by ransomware attack, client data potentially compromised
- ransomware | Ransomware attack on payroll subsidiary exposes sensitive info if Broadcom employees
