State of (in)security - Week 23, 2025
Take action: External packages can be compromised. Always vet them and make sure to use packages with a lot of contributors and and a lot of users. Avoid brand new packages and packages with a single contributor and NEVER just trust packages suggested by AI.
Learn More
In the week between June 2, 2025, midnight and June 9, 2025, midnight we witnessed a total of:
- 14 advisory/vulnerability events
- 23 incident/data breach events
Week over Week comparison of week 23 2025 vs week 22 2025:
- Advisories remain the same as the previous week, and incidents are up. Advisories remain at 14 in week 23 2025, same as in week 22 2025. Incidents are up from 20 in week 22 to 23 in week 23 2025.
- The number of known impacted individuals is significantly up - from 2.44 million in week 22 to over 212 million in week 23 2025.
We also shared 6 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 212,914,054 impacted individuals across 9 incidents, with the largest breach being the Researchers discover unsecured database leaking 4 billion user records incident exposing 100,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Software Vulnerability and SDLC Exploits | 3 |
| System Misconfiguration Exploits | 3 |
| Unauthorized access | 2 |
| Human bad security behaviour | 1 |
| Social Engineering and Phishing | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 7 |
| IT/Software/Technology | 5 |
| Healthcare | 3 |
| Telecommunications | 2 |
| Retail | 2 |
| Education | 1 |
| Consulting/Professional Services | 1 |
| Finance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA warns of ZKTeco BioTime flaw actively exploited in State-Sponsored attacks
- active attack | Critical Roundcube Webmail vulnerability exploited within days of disclosure
- active exploit | Critical Wazuh Server vulnerability exploited by Mirai Botnet
- active exploit | Destructive npm packages enable remote system destruction
- active attack | NPM supply chain attack compromises 17 popular React Native packages
- active scam | One more attampt at "you have a delivery" scam, with some Vibe AI coding
Vulnerabilities
- critical vulnerability | CISA reports critical flaw in Hitachi Energy Relion devices
- critical vulnerability | Critical decade-old flaw in Roundcube Webmail enables remote code execution
- critical vulnerability | Critical flaw in Cisco Identity Services Engine Cloud Deployment exposes multiple platforms
- critical vulnerability | Critical security vulnerabilities discovered in Acronis Cyber Protect software
- critical vulnerability | Critical vulnerabilities patched in CyberData 011209 SIP Emergency Intercom
- critical vulnerability | Google releases emergency Chrome update to patch actively exploited flaw
- critical vulnerability | HPE patches multiple flaws in StoreOnce Backup, at least one critical authentication bypass
- critical vulnerability | IBM reports multiple flaws in QRadar Suite, including one critical
- critical vulnerability | IBM Tivoli Monitoring critical vulnerability allows remote code execution
- critical vulnerability | MediaTek reports multiple security flaws, one critical in multiple mobile phone chipsets
- critical vulnerability | Microsoft reports critical flaw in Power Automate
- critical vulnerability | Multiple vulnerabilities reported in Infoblox NetMRI Network Management Platform, at least one critical
- critical vulnerability | Out-of-Bounds write flaw in FreeRTOS-Plus-TCP can enable arbitrary code execution
- critical vulnerability | Qualcomm patches actively exploited vulnerabilities in Adreno GPU Drivers
Incidents
- critical vulnerability | ALEX Protocol reports major breach, $8.37 Million Loss
- data breach | Lexington-Richland School District Five hit by cyberattack disrupting operations and payments
- data breach | Researchers discover unsecured database leaking 4 billion user records
- data breach | AT&T customer data exposing 86 million leaked unclear if a new breach or collection from previous
- data breach | Illinois Department of Healthcare and Family Services reports data breach exposing almost 1000 people
- data breach | Tasmanian Department of State Growth reports data breach affecting 260 bus and taxi drivers
- data breach | Algerian Hacker Group "Jabaroot" attacks Moroccan Institutions again, targets Cadastre and Notaries
- data breach | Vanta leaks customer data due to product code change
- data breach | Sri Lanka Water Board SMS portal compromised in cyberattack
- data breach | Episource reports data breach exposing personal health information
- data breach | Australian RISE Racing hit by Sarcoma ransomware gang
- data breach | Cumberland County Hospital repports data breach exposing patient and employee data
- data breach | Telefónica investigates claimed Movistar data breach allegedly exposing millions of customer records
- data breach | Passion.io No-Code app platform exposes 3.6M records in unprotected database
- data breach | Texas Department of Transportation reports data breach exposing data of nearly 300K crash reports
- data breach | Cartier reports data breach exposing customer personal information
- ransomware | City of Durant ransomware attack disrupts municipal services
- ransomware | The North Face reports credential stuffing attack
- ransomware | SentinelOne suffers seven-hour global outage caused by infrastructure software flaw
- ransomware | Texas Digestive Specialists hit by InterLock ransomware, exposing patient medical records
- ransomware | Optima Tax Relief hit by ransomware attack, data stolen and leaked
- ransomware | Ransomware group Gunra claims attack on American Hospital Dubai
- ransomware | Liberty Township, Ohio reports ransomware attack
