What cybersecurity events occurred during week 26 of 2025?

During the week between June 23, 2025, midnight and June 30, 2025, midnight, there were a total of 16 advisory/vulnerability events and 14 incident/data breach events. Additionally, 4 practical knowledge items were shared during this period.

How do week 26 cybersecurity statistics compare to the previous week?

Comparing week 26 2025 to week 25 2025: Advisories remained the same at 16 events in both weeks, while incidents decreased from 17 in week 25 to 14 in week 26. The number of known impacted individuals also decreased from 9.7 million in week 25 to 7.4 million in week 26 2025.

How many individuals were impacted by cybersecurity incidents in week 26 2025?

There were a total of 7,480,357 impacted individuals across 3 incidents during week 26 2025. The largest breach was the Paraguay catastrophic data breach where hacktivists leaked personal data of the entire population, exposing 7,400,000 individuals. Since not all incidents report impact numbers, the real number is likely higher.

What were the main causes of cybersecurity incidents in week 26 2025?

The incident breakdown by cause shows: Malware, Ransomware and Related Attacks accounted for 6 incidents, Third Party Compromise caused 2 incidents, and Unauthorized Access was responsible for 2 incidents.

Which industries were most affected by cybersecurity incidents in week 26 2025?

The industry breakdown shows: Government and Healthcare sectors were equally affected with 4 incidents each, Education had 3 incidents, while Aviation, Consulting/Professional Services, and IT/Software/Technology each experienced 1 incident.

What was the most significant data breach in week 26 2025?

The most significant breach was the Paraguay catastrophic data breach where hacktivists leaked personal data of the entire population, affecting 7,400,000 individuals. This single incident accounted for the vast majority of all impacted individuals during the week.

What types of vulnerability events were reported in week 26 2025?

Week 26 2025 saw various critical vulnerabilities reported including: Citrix NetScaler products with actively exploited flaws, Cisco Identity Services Engine remote code execution vulnerabilities, critical flaws in Hunt Electronics DVR systems, Mitsubishi Electric Air Conditioning Controllers, and vulnerabilities in the Open VSX Registry affecting VS Code extensions marketplace.

Were there any actively exploited vulnerabilities in week 26 2025?

Yes, several actively exploited vulnerabilities were reported including: Citrix NetScaler 'Citrix Bleed 2' flaw, AMI MegaRAC vulnerability enabling server takeover, and an emergency patch release from Citrix for actively exploited NetScaler products vulnerabilities.

What notable healthcare sector incidents occurred in week 26 2025?

Healthcare incidents included: Horizon Healthcare RCM hit by ransomware exposing patient data, Texas Centers for Infectious Disease Associates reporting a third-party data breach, WorldLeaks claiming a data breach of Myrtue Medical Center, Upper Dublin Family Dentistry ransomware attack affecting 5,000 patients, and Northern Light Health patient data exposed in a third-party vendor attack.

What education sector cybersecurity incidents happened in week 26 2025?

Education sector incidents included: A ransomware attack on a college admission system that exposed student data and scammed applicants, Columbia University investigating a suspected cyberattack after widespread system outages, University of Massachusetts Dartmouth data breach exposing data of 75,000 people, and Interboro School District hit by a cyberattack exposing student and staff data.

Were there any government-related cybersecurity incidents in week 26 2025?

Yes, government-related incidents included: The massive Paraguay data breach affecting the entire population, Glasgow City Council hit by a cyberattack with potential data theft, City of Green River, Wyoming hit by ransomware affecting municipal systems, and Iran-linked hacktivists leaking records of thousands of Saudi Games athletes and visitors.

What practical knowledge items were shared during week 26 2025?

Four practical knowledge items were shared including: Active attacks on Citrix NetScaler products, critical Citrix 'Bleed 2' flaw exploitation, scammers using search forms to display fraudulent contact numbers on major platforms like Apple, HP, and Netflix, and the threat group Educated Manticore targeting academia and cybersecurity experts through phishing.

What trends can be observed from the week 26 2025 cybersecurity data?

Key trends include: Ransomware and malware attacks remained the dominant threat category, healthcare and government sectors continued to be primary targets, third-party vendor compromises were a significant attack vector, and while the number of incidents decreased slightly from the previous week, the impact remained substantial with over 7.4 million individuals affected.

What does week 26 2025 tell us about the current cybersecurity landscape?

Week 26 2025 demonstrates that cybersecurity threats remain persistent and impactful, with critical infrastructure sectors like healthcare, government, and education continuing to be primary targets. The prevalence of ransomware attacks and third-party compromises highlights the need for comprehensive security strategies that include vendor risk management and incident response planning.

Knowledge

State of (in)security - Week 26, 2025

published: June 30, 2025

Take action: Infostealers are a nightmare, especially if they stumble on a computer with system accounts. Suddenly the entire country's data can be at risk. Work both on technical prevention and on very diligent awareness of people to persuade them not to be optimists and download crap, click on links and save passwords in browsers.

Learn More

In the week between June 23, 2025, midnight and June 30, 2025, midnight we witnessed a total of:

16 advisory/vulnerability events
14 incident/data breach events

Week over Week comparison of week 26 2025 vs week 25 2025:

We also shared 4 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 7,480,357 impacted individuals across 3 incidents, with the largest breach being the Paraguay hit by catastrophic data breach as hacktivists leak personal data of entire population incident exposing 7,400,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
Third Party Compromise	2
Unauthorized access	2

Industry breakdown of incidents

Industry	Number of incidents
Government	4
Healthcare	4
Education	3
Aviation	1
Consulting/Professional Services	1
IT/Software/Technology	1

Read the Event Details of the Week

Knowledge

active attack | Citrix releases emergency patches for actively exploited vulnerability in NetScaler Products
active exploit | Critical Citrix Netscaler "Citrix Bleed 2" flaw actively exploited
active scam | Scammers use search forms to display fraudulent contact numbers on Apple, HP, Netflix and others
active phishing | Threat group Educated Manticore targets academia and cybersecurity experts

Vulnerabilities

ransomware | CISA warns that AMI MegaRAC Vulnerability that enables server takeover is actively exploited
critical vulnerability | Cisco reports perfect 10 critical remote code execution flaws in Identity Services Engine (ISE)
critical vulnerability | Critical build cache flaw exposes organizations to production code injection attacks
critical vulnerability | Critical cryptographic flaw in Meshtastic Mesh Networking platform exposes private communications
critical vulnerability | Critical flaw reported in Hunt Electronics DVR Systems exposes plaintext admin credentials
critical vulnerability | Critical Gogs flaw enables complete code repository takeover
critical vulnerability | Critical remote authentication bypass flaw reported in Teleport access management platform
critical vulnerability | Critical vulnerabilities discovered in Citrix NetScaler ADC and Gateway products
critical vulnerability | Critical vulnerability exposes Mitsubishi Electric Air Conditioning Controllers to remote takeover
critical vulnerability | Directory traversal flaw in WinRAR enables remote code execution
critical vulnerability | Multiple critical flaws reported in MICROSENS NMP Web+ Network Management Platform
critical vulnerability | Multiple vulnerabilities reported in ControlID iDSecure vehicle access control systems
critical vulnerability | Researchers report flaw in Open VSX Registry that can compromise VS Code extensions marketplace
critical vulnerability | Security vulnerabilities reported in Kaleris Navis N4 terminal Operating System
awareness | U.S. House bans WhatsApp on their devices due to data security and transparency concerns
critical vulnerability | Vulnerabilities reported in Brother printers and other vendors, at least one critical

Incidents

data breach | Horizon Healthcare RCM hit by ransomware attack exposing patient data
data breach | Glasgow City Council hit by cyberattack, potential data theft
data breach | Paraguay hit by catastrophic data breach as hacktivists leak personal data of entire population
data breach | Hawaiian Airlines hit by major cyberattack affecting IT systems, flights not disrupted
data breach | Texas Centers for Infectious Disease Associates reports third party data breach
data breach | WorldLeaks claims data breach of Myrtue Medical Center
data breach | Iran-Linked hacktivists leak records of thousands of Saudi Games athletes and visitors
data breach | Upper Dublin Family Dentistry reports ransomware attack exposing data of 5,000 patients
data breach | University of Massachusetts Dartmouth data breach exposes data of 75 Kpeople
data breach | Northern Light Health patient data exposed in ransomware attack on third-party vendor
ransomware | Ransomware attack on college admission system exposes student data, scams applicants
ransomware | Columbia University investigates suspected cyberattack after widespread system outages
ransomware | City of Green River, Wyoming hit by ransomware, affecting municipal systems
ransomware | Interboro School District hit by cyberattack, exposing student and staff data

Read More
State of (in)security - Week 32, 2024
State of (in)security - Week 50, 2023
State of (in)security - Week 49, 2023
Everyone should do better than Veritas who's fixing …
State of (in)security - Week 23, 2024