How many security events occurred in week 21 2025?

In the week between May 19, 2025, midnight and May 26, 2025, midnight, there were a total of 30 security events: 13 advisory/vulnerability events and 17 incident/data breach events.

How did week 21 compare to week 20 in terms of security incidents?

Advisories increased from 12 in week 20 to 13 in week 21 2025, while incidents decreased from 19 in week 20 to 17 in week 21 2025. However, the number of known impacted individuals significantly increased from 93 million in week 20 to over 184 million in week 21 2025.

How many individuals were impacted by data breaches in week 21 2025?

There were a total of 184,023,771 impacted individuals across 4 incidents in week 21 2025. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

What was the largest data breach in week 21 2025?

The largest breach was an unsecured database of stolen credentials that leaked 184 million credentials, exposing 184,000,000 individuals.

What were the main causes of security incidents in week 21 2025?

The main causes were: Malware, Ransomware and Related Attacks (5 incidents), Human bad security behaviour (3 incidents), Software Vulnerability and SDLC Exploits (2 incidents), System Misconfiguration Exploits (2 incidents), Third Party Compromise (1 incident), and Unauthorized access (1 incident).

Which industries were most affected by security incidents in week 21 2025?

Healthcare, Telecommunications, and Food and Beverage were the most affected industries with 2 incidents each. Other affected industries included Finance, Government, Insurance, IT/Software/Technology, Retail, Consulting/Professional Services, Transport/Logistics, Education, and Entertainment/Leisure with 1 incident each.

What types of security events were reported in week 21 2025?

The report included critical vulnerabilities in various systems (Windows Server 2025, AutomationDirect devices, WordPress plugins, etc.), active phishing campaigns, data breaches affecting millions of individuals, and ransomware attacks on organizations including schools, healthcare networks, and food suppliers.

Were there any notable phishing campaigns in week 21 2025?

Yes, there were notable phishing campaigns including a complex campaign impersonating Macedonian Post to steal personal and card data, and criminals using TikTok videos to promise pirated apps while scamming users into loading malware.

Knowledge

State of (in)security - Week 21, 2025

published: May 26, 2025

Take action: Three examples of insider threats in a single week. However unpleasant, insider controls are very important and insider abuse is a very real thing.

Learn More

In the week between May 19, 2025, midnight and May 26, 2025, midnight we witnessed a total of:

13 advisory/vulnerability events
17 incident/data breach events

Week over Week comparison of week 21 2025 vs week 20 2025:

Advisories are up and incidents are down from the previous week. Advisories are up from 12 in week 20 2025 to 13 in week 21 2025. Incidents are down from 19 in week 20 to 17 in week 21 2025.
The number of known impacted individuals is significantly up - from 93 million in week 20 to over 184 million in week 21 2025.

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 184,023,771 impacted individuals across 4 incidents, with the largest breach being the Unsecured database of stolen credentials leaks 184 million credentials incident exposing 184,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	5
Human bad security behaviour	3
Software Vulnerability and SDLC Exploits	2
System Misconfiguration Exploits	2
Third Party Compromise	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	2
Telecommunications	2
Food and Beverage	2
Finance	1
Government	1
Insurance	1
IT/Software/Technology	1
Other	1
Retail	1
Consulting/Professional Services	1
Transport/Logistics	1
Education	1
Entertainment/Leisure	1

Read the Event Details of the Week

Knowledge

active phishing | Complex phishing campaign impersonating Macedonian Post, stealing personal and card data
active phishing | Criminals use TikTok videos to promise pirated apps, scam users into loading malware
active exploit | XSS vulnerability in Zimbra collaboration suite under active exploitation

Vulnerabilities

critical vulnerability | Akamai reports privilege escalation vulnerability in Windows Server 2025 called BadSuccessor
critical vulnerability | CISA reports critical authentication vulnerability in AutomationDirect MB-Gateway devices
critical vulnerability | Critical authentication bypass flaw reported in Samlify Node.js library
critical vulnerability | Critical glibc vulnerability reported, enabling code execution with elevated privileges
critical vulnerability | Critical security vulnerability in Premium WordPress Motors theme allows unauthenticated account takeover
critical vulnerability | Critical signature verification flaw in OpenPGP.js library allows message spoofing
critical vulnerability | Critical vulnerability reported in Echo RSS Feed Post Generator WordPress Plugin
critical vulnerability | Critical vulnerability reported in RomethemeKit For Elementor WordPress Plugin
critical vulnerability | Lexmark reporting remote code execution flaw affecting over 120 Printer Models
critical vulnerability | Multiple security flaws reported in Versa Concerto platform, two critical
data breach | Socket Security reports 60 malicious npm packages exfiltrating network and host data
critical vulnerability | VMware releases patches for security flaws in multiple virtualization products
critical vulnerability | Vulnerability in ChatGPT allowed for malicious SVG that is sent to victims in chat shares

Incidents

critical vulnerability | Telefónica network outage causes nationwide emergency services disruption in Spain
critical vulnerability | Sui Blockchain's Cetus protocol suffers $200 million exploit
data breach | Ransomware groups attacks Coca-Cola systems
data breach | York County reports potential data breach of court records
data breach | OxBykes mobile app flaw grants admin acces, exposes customer information
data breach | K-pop band Highlight fan club members data leaked exposing 897 fans
data breach | Unsecured database of stolen credentials leaks 184 million credentials
data breach | Hunter Health Clinic in Wichita reports patient data breach from compromised email
data breach | O2 UK VoLTE implementation leaks customer location and device data via debug headers
data breach | Adidas Korea customer info exposed through third-party breach
data breach | US Federal contractor Opexus hit by insider threat compromising data of US Government agencies
data breach | Alera Group data breach exposed nearly 11,000 Individuals
ransomware | Mumbai advertising firm hit by ransomware attack with 425,000 Rupees ransom demand
ransomware | Kalamazoo Public Schools hit by Interlock ransomware attack
ransomware | Ransomware attack disrupts Peter Green Chilled refrigerated goods supplier
ransomware | Arla Foods reports cyberattack causing disruption at German production facility
ransomware | Ransomware attack disrupts Kettering Health Network in Ohio

Read More
State of (in)security - Week 18, 2025
State of (in)security - Week 2, 2025
State of (in)security - Week 48, 2024
State of (in)security - Week 44, 2025
State of (in)security - Week 33, 2025