State of (in)security - Week 25, 2025
Take action: AI integrations require rock-solid tenant isolation at every layer of the system, and experimental AI features need extra security safeguards and logging to track data access patterns. As a user, be cautious with AI features, understand exactly what data your favorite AI can access, don't over-share because AI implementations are far from well understood and controlled - even when the developer has only the best intentions.
Learn More
In the week between June 16, 2025, midnight and June 23, 2025, midnight we witnessed a total of:
- 16 advisory/vulnerability events
- 17 incident/data breach events
Week over Week comparison of week 24 2025 vs week 25 2025:
- Advisories are up and incidents are down from the previous week. Advisories are up from 10 in week 24 2025, to 16 in week 25 2025. Incidents are down from 21 in week 24 2025 to 17 in week 25 2025.
- The number of known impacted individuals is up - from over 3.355 million in week 24 to 9.7 million in week 25 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 9,737,000 impacted individuals across 4 incidents, with the largest breach being the Car-sharing Zoomcar reports data breach exposing 8.4 M users incident exposing 8,400,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 3 |
| Third Party Compromise | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Consulting/Professional Services | 2 |
| Manufacturing | 2 |
| Government | 2 |
| Education | 2 |
| IT/Software/Technology | 1 |
| Non-profit/Charity | 1 |
| Automotive | 1 |
| Other | 1 |
| Construction/Realestate | 1 |
| Entertainment/Leisure | 1 |
| Insurance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Active exploitation of critically vulnerable WordPress Motors theme
- active exploit | Coordinated cyberattacks target two years old Zyxel firewall flaw
- active exploit | Multiple exploited critical vulnerabilities reported in PTZOptics and other Pan-Tilt-Zoom Cameras
- active scam | Online marketplace fake overpayment (payment hold) scam
- active phishing | State-sponsored attackers conduct complex Social Engineering campaign targeting App-Specific passwords to bypass MFA
Vulnerabilities
- ransomware | Another flaw in ASUS Armoury Crate mainboard update system enables System-level privilege escalation
- critical vulnerability | BeyondTrust reports vulnerability enabling pre-authentication remote code execution
- critical vulnerability | CISA warns of active exploitation of discontinued TP-Link router models
- critical vulnerability | CISA warns of vulnerabilities in discontinued LS Electric GMWin 4 programming software
- critical vulnerability | ClamAV releases updates patching multiple flaws, at least one critical
- critical vulnerability | Critical authentication bypass flaw reported in Dover ProGauge MagLink LX Consoles
- critical vulnerability | Critical keyless entry vulnerability exposes KIA vehicles in Ecuador to theft
- critical vulnerability | Critical vulnerability in Insomnia API client enables arbitrary code execution
- critical vulnerability | Critical vulnerability in OpenVPN Windows driver enables system crashes
- critical vulnerability | Default credentials vulnerability discovered in Siemens Energy Services Digital Fault Recorder
- critical vulnerability | IBM reports multiple flawa in QRadar SIEM, at least one critical
- data breach | LangChain patches vulnerability called "AgentSmith" that exposed API Keys and user data
- critical vulnerability | Mitel reports critical path traversal flaw in Mitel MiCollab
- critical vulnerability | Multiple security vulnerabilities patched in Veeam Backup & Replication, one critical
- critical vulnerability | Pre-authentication remote code execution exploit chain reported in Sitecore Experience platform
- critical vulnerability | Siemens SIMATIC S7-1500 CPU Family has 63 Vulnerabilities, no current fix available
Incidents
- data breach | UBS Employee data exposed in ransomware attack on third party supplier Chain IQ
- data breach | Oxford City Council hit by cyberattack exposing two decades of employee data
- data breach | Database of Income Property Investments data discovered unprotected, exposing surveillance and employee records
- data breach | World Leaks gang claims cyberattack and are extorting Freedman HealthCare
- data breach | Massive infostealer collection published, lists 16 billion credentials
- data breach | Car-sharing Zoomcar reports data breach exposing 8.4 M users
- ransomware | Scattered Spider cybercrime group breaches Aflac Insurance
- ransomware | Feng Chia University hit by NOVA ransomware gang
- ransomware | Asana reports logic flaw in AI Integration feature exposing customer data across organizations
- ransomware | Japanese steel manufacturer Yodogawa reports ransomware attack on Taiwanese subsidiary
- ransomware | Tonga Ministry of Health paralyzed by ransomware attack
- ransomware | Anubis ransomware gang claims data breach at Disneyland Paris
- ransomware | Scania confirms cyberattack and data breach of their corporate insurance division
- ransomware | Australian company Pressure Dynamics hit by ransomware attack, data breach
- ransomware | Chaos ransomware group claims attack on Salvation Army USA
- ransomware | Virginia Radford School District hit by cyberattack
- ransomware | Data Breach at Cock.li email provider exposes over 1 Million user records
