State of (in)security - Week 22, 2025
Take action: Nobody wants to give you money - EVER! If someone offers you thousands or millions, it's a scam. Never pay any fees or "verification" charges to access the supposed money. You'll only be sending your real money to criminals.
Learn More
In the week between May 26, 2025, midnight and June 2, 2025, midnight we witnessed a total of:
- 14 advisory/vulnerability events
- 20 incident/data breach events
We also shared 5 practical knowledge items
Week over Week comparison of week 22 2025 vs week 21 2025:
- Advisories and incidents are up from the previous week. Advisories are up from 13 in week 21 2025 to 14 in week 22 2025. Incidents are up from 17 in week 21 to 20 in week 22 2025.
- The number of known impacted individuals is significantly down - from 184 million in week 21 to 2.44 million in week 22 2025.
Total impacted individuals via the events of the week
There were a total of 2,445,390 impacted individuals across 5 incidents, with the largest breach being the E-Commerce data leak exposes 1.6M customer records through misconfigured cloud storage incident exposing 1,600,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Software Vulnerability and SDLC Exploits | 3 |
| Third Party Compromise | 3 |
| System Misconfiguration Exploits | 2 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Retail | 4 |
| Healthcare | 4 |
| Government | 3 |
| Other | 2 |
| Education | 2 |
| IT/Software/Technology | 2 |
| Transport/Logistics | 1 |
| Insurance | 1 |
| Construction/Realestate | 1 |
Read the Event Details of the Week
Knowledge
- active scam | Active "ex-partner left you money" advance fee scam
- active exploit | Critical vBulletin Pre-Authentication remote code execution flaws actively exploited
- awareness | Cursor app (and others) has bypass flaw of Transparency, Consent, and Control protections on macOS
- awareness | DragonForce ransomware exploits SimpleHelp vulnerabilities in MSP supply chain attack
- active exploit | Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published
Vulnerabilities
- critical vulnerability | Apache InLong deserialization vulnerability enables Remote Code Execution through JDBC component
- critical vulnerability | Apple addresses 33 security vulnerabilities in iOS 18.5 and iPadOS 18.5
- critical vulnerability | Critical certificate validation flaw reported in Icinga 2 monitoring
- critical vulnerability | Critical flaw in TI WooCommerce Wishlist Plugin enables remote code execution
- critical vulnerability | Critical remote code execution flaw reported in Evertz Broadcasting Infrastructure
- critical vulnerability | Critical unpatched flaws in MICI NetFax Server enable root access
- critical vulnerability | Critical vulnerabilities in Rockwell Automation PowerMonitor 1000 enable remote takeover
- critical vulnerability | Critical WSO2 SOAP account takeover flaw enables password reset for any user
- critical vulnerability | Critical XSS vulnerability in Argo CD exposes Kubernetes clusters to full resource manipulation
- critical vulnerability | GitHub AI integration allows attackers to access private repository data via malicious issues
- critical vulnerability | Google releases Chrome security update patching multiple flaws, two high severity
- critical vulnerability | Mozilla releases patches for multiple flaws in Firefox and Thunderbird, one critical
- critical vulnerability | Multiple security flaws, two critical expose IBM Db2 and Tivoli Monitoring to remote code execution
- critical vulnerability | Smartbedded patches a command injection flaw in Meteobridge
Incidents
- critical vulnerability | Two NHS trusts affected by cyber attack on Ivanti Mobile Management
- data breach | LexisNexis risk solutions data breach exposes information of 364K people
- data breach | E-Commerce data leak exposes 1.6M customer records through misconfigured cloud storage
- data breach | Bradford Health Services reports data breach exposing sensitive patient and employee information
- data breach | Oklahoma City Abstract & Title Co hit by ransomware attack, exposing historical client data
- data breach | Botetourt County Public Schools reports cybersecurity incident, data posted on the dark web
- data breach | Cooper Health System data breach exposes information of nearly 60K patients
- data breach | Hackers breach ConnectWise ScreenConnect environment, affecting multiple cloud customers
- data breach | Missouri Department of Conservation reports data breach exposing employee health data
- data breach | Lower Merion School District BoardDocs system leaks sensitive internal documents
- data breach | Tiffany & Company Korea reports data breach of third-party application managing customer data
- data breach | Japanese yearbook publishing companies targeted by cyberattacks
- data breach | MathWorks, developer of MATLAB hit by ransomware attack that disrupted services and sytems
- data breach | Adidas confirms data breach through compromised third-party service provider
- data breach | Victoria's Secret suffers multi-day website shutdown after security incident
- ransomware | Marlboro-Chesterfield Pathology hit by SafePay ransomware, compromises 235K patients
- ransomware | Singapore Income Insurance policyholder data exposed in third-party breach
- ransomware | Sri Lankan Pensions Department hit by ransomware attack, 617GB of data exposed
- ransomware | City of St. Cloud, Florida hit by ransomware, 1.4 TB data stolen
- ransomware | Clop Ransomware gang targets Greek logistics company Orphee Beinoglou
