What were the overall cybersecurity statistics for week 24 2025?

In the week between June 9, 2025, midnight and June 16, 2025, midnight, there were a total of 10 advisory/vulnerability events and 21 incident/data breach events, affecting 3,355,942 individuals across 5 incidents.

How did week 24 2025 compare to the previous week in cybersecurity incidents?

Both advisories and incidents decreased from the previous week. Advisories dropped from 14 in week 23 2025 to 10 in week 24 2025. Incidents decreased from 23 in week 23 2025 to 21 in week 24 2025. The number of known impacted individuals significantly decreased from over 212 million in week 23 to 3.355 million in week 24 2025.

What was the largest cybersecurity incident in week 24 2025?

The largest breach was the Healthcare data leak that exposed 8.8 million patient records, affecting 2,700,000 individuals. This single incident accounted for the majority of impacted individuals during the week.

What were the main causes of cybersecurity incidents in week 24 2025?

The incidents broke down by cause as follows: Malware, Ransomware and Related Attacks (9 incidents), Unauthorized access (3 incidents), System Misconfiguration Exploits (2 incidents), and Third Party Compromise (1 incident).

Which industries were most affected by cybersecurity incidents in week 24 2025?

The most affected industries were IT/Software/Technology (4 incidents), Government (4 incidents), Consulting/Professional Services (3 incidents), Healthcare (3 incidents), and Insurance (3 incidents). Other affected industries included Transport/Logistics, Media, Retail, and Aviation with 1 incident each.

How many ransomware attacks occurred in week 24 2025?

There were multiple ransomware attacks during week 24 2025, including attacks by Qilin ransomware gang (targeting Spanish insurer Asefa and Philippine Coop hospital), INC Ransom (affecting Virginia mental health provider), and attacks on Korean bookstore Yes24, Philadelphia Insurance Companies, and Australian financial services firm Skeggs Goldstien.

What notable vulnerabilities were disclosed in week 24 2025?

Notable vulnerabilities included Adobe releasing May 2025 patches addressing 254 vulnerabilities across multiple products, Microsoft releasing June 2025 patches fixing 65 vulnerabilities including an actively exploited flaw, critical flaws in WordPress PayU India plugin, ManageEngine Exchange Reporter Plus, and Microsoft 365 Copilot AI (EchoLeak), among others.

Were there any notable cyberattacks on media organizations in week 24 2025?

Yes, there was a targeted cyberattack on Washington Post journalists' email accounts, with a foreign government suspected to be behind the attack. Additionally, Paragon's Graphite Spyware was reported to be targeting European journalists through iPhone flaws.

What healthcare-related cybersecurity incidents occurred in week 24 2025?

Healthcare incidents included the major healthcare data leak exposing 8.8 million patient records, a ransomware attack on eyecare software provider Ocuco, INC Ransom targeting Virginia mental health provider Mount Rogers Community Services, and Qilin Ransomware targeting Philippine Coop hospital.

How accurate is the reported number of impacted individuals?

The reported 3,355,942 impacted individuals represents a minimum count across 5 incidents that disclosed numbers. Since not all incidents report the number of impacted individuals, the real number is definitely higher than the reported figure.

What government entities were affected by cybersecurity incidents in week 24 2025?

Government entities affected included Green County, Wisconsin (data breach exposing residents' information), Thomasville municipal systems (compromised in cyberattack), and the Ogeechee Judicial Circuit District Attorney's office (forced to close for five days due to cyberattack).

What active exploits were identified during week 24 2025?

Active exploits identified included a Mirai Botnet variant exploiting TBK DVR Devices flaws, Paragon's Graphite Spyware targeting European journalists through iPhone flaws, and Microsoft addressing an actively exploited flaw in their June 2025 security updates.

Knowledge

State of (in)security - Week 24, 2025

published: June 16, 2025

Take action: Attackers are hiding malicious AI commands in messages to people, hoping people will use AI to parse messages. Read your messages! Before an AI does that! Be very careful about messages with content that looks like AI prompt instructions to do something which makes little sense to you. If not needed, fully delete such messages and content and report it to your admins so it's possibly not loaded into the AI.

Learn More

In the week between June 9, 2025, midnight and June 16, 2025, midnight we witnessed a total of:

10 advisory/vulnerability events
21 incident/data breach events

Week over Week comparison of week 24 2025 vs week 23 2025:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 3,355,942 impacted individuals across 5 incidents, with the largest breach being the Healthcare data leak exposes 8.8 M patient records incident exposing 2,700,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	9
Unauthorized access	3
System Misconfiguration Exploits	2
Third Party Compromise	1

Industry breakdown of incidents

Industry	Number of incidents
IT/Software/Technology	4
Government	4
Consulting/Professional Services	3
Healthcare	3
Insurance	3
Transport/Logistics	1
Media	1
Retail	1
Aviation	1

Read the Event Details of the Week

Knowledge

active exploit | Mirai Botnet variant exploits TBK DVR Devices flaw
awareness | Over 40,000 Internet-connected cameras stream live footage with NO protection
active exploit | Paragon's Graphite Spyware targets European journalists through iPhone flaws

Vulnerabilities

critical vulnerability | Adobe releases May 2025 patches, addressing 254 vulnerabilities across multiple products
critical vulnerability | Critical account takeover flaw reported in WordPress PayU India plugin
critical vulnerability | Critical vulnerability discovered in ManageEngine Exchange Reporter Plus
data breach | Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration
critical vulnerability | GitLab patches multiple account takeover and injection vulnerabilities
critical vulnerability | Ivanti reports three high severity hardcoded keys flawa in Ivanti Workspace Control
critical vulnerability | Microsoft releases June 2025 Patch, fixing actively exploited flaw and 65 additional vulnerabilities
critical vulnerability | Multiple vulnerabilities reported in DataEase Platform exposing risk of system compromise
data breach | Salesforce patches five vulnerabilities in Industry Cloud Components
critical vulnerability | Trend Micro fixes 15 flaws, at least six critical across multiple products

Incidents

data breach | OneGroup NY reports data breach caused by compromised email account
data breach | United Natural Foods Inc hit by cyberattack, disrupting food supply chain
data breach | Indian grocery startup KiranaPro hit by insider security incident affecting over 55,000 people
data breach | Ransomware attack compromises eyecare software provider Ocuco
data breach | Headero dating app leaks data exposing 4 million user records
data breach | Green County, Wisconsin reports data breach exposing residents' information
data breach | WestJet investigates cybersecurity incident affecting systems and mobile app
data breach | Healthcare data leak exposes 8.8 M patient records
data breach | Targeted cyberattack on Washington Post journalists' email accounts, foreign government suspected
data breach | Thomasville municipal systems compromised in cyberattack
data breach | Hacktivist groups hit Russian helicopter manufacturer, leaks stolen data
data breach | Pennsylvania law firm Carpenter McCadden & Lane reports data breach affecting over 7,900 individuals
ransomware | Qilin ransomware gang hits spanish insurer Asefa, exposing FC Barcelona stadium plans
ransomware | INC Ransom ransomware gang breaches Virginia mental health provider Mount Rogers Community Services
ransomware | Erie Insurance reports cybersecurity incident causing system outages
ransomware | Korean online bookstore Yes24 hit by ransomware attack, offline for two days
ransomware | Qilin Ransomware gang targets Philippine Coop hospital
ransomware | Global ransomware group claims breach of Australian Epworth Healthcare, possibly breached third party vendor
ransomware | Cyberattack forces five-day closure of Ogeechee Judicial Circuit District Attorney's office
ransomware | Philadelphia Insurance Companies hit by ransomware attack
ransomware | Australian financial services firm Skeggs Goldstien hit by Qilin Ransomware

Read More
State of (in)security - Week 16, 2025
State of (in)security - Week 41, 2025
State of (in)security - Week 29
How to target Security Professionals - Fake exploit …
State of (in)security - Week 35, 2024