What cybersecurity events occurred during week 27 of 2025?

During the week between June 30, 2025, midnight and July 7, 2025, midnight, there were a total of 11 advisory/vulnerability events and 14 incident/data breach events. Additionally, 3 practical knowledge items were shared during this period.

How do week 27 cybersecurity statistics compare to the previous week?

Comparing week 27 2025 to week 26 2025: Advisories decreased from 16 to 11 events, while incidents remained the same at 14 events in both weeks. The number of known impacted individuals decreased from 7.4 million in week 26 to 6.7 million in week 27 2025.

How many individuals were impacted by cybersecurity incidents in week 27 2025?

There were a total of 6,719,128 impacted individuals across 7 incidents during week 27 2025. The largest breach was Australia's Qantas Airways cyberattack affecting up to 6 million customers. Since not all incidents report impact numbers, the real number is likely higher.

What were the main causes of cybersecurity incidents in week 27 2025?

The incident breakdown by cause shows: Malware, Ransomware and Related Attacks led with 6 incidents, Software Vulnerability and SDLC Exploits caused 2 incidents, while Social Engineering and Phishing, System Misconfiguration Exploits, and Third Party Compromise each accounted for 1 incident.

Which industries were most affected by cybersecurity incidents in week 27 2025?

The industry breakdown shows: Healthcare, Finance, Non-profit/Charity, and Consulting/Professional Services were each affected by 2 incidents. Retail, Government, IT/Software/Technology, and Aviation each experienced 1 incident during the week.

What was the most significant data breach in week 27 2025?

The most significant breach was Australia's Qantas Airways cyberattack affecting up to 6 million customers. This single incident accounted for the vast majority of all impacted individuals during the week, representing nearly 90% of the total impact.

What active cybersecurity threats were identified in week 27 2025?

Week 27 2025 saw several active threats including: CISA warnings of active attacks on Signal clone TeleMessage, Google patches for actively exploited Chrome vulnerabilities, and parcel delivery scams using Android group messages. These represent ongoing, immediate threats requiring urgent attention.

What critical vulnerabilities were discovered in week 27 2025?

Critical vulnerabilities discovered include: Cisco's hardcoded credentials vulnerability in Unified Communications Manager, critical flaws in end-of-life D-Link routers, remote code execution flaws in Anthropic's MCP Inspector tool and Wing FTP Server, Sudo vulnerabilities enabling privilege escalation, HIKVISION security platform flaws, Bluetooth vulnerabilities enabling device hijacking, and WordPress plugin flaws affecting over 600,000 websites.

What notable healthcare sector incidents occurred in week 27 2025?

Healthcare incidents included: Integrated Oncology Network data breach exposing cCARE cancer patients' information, Missouri healthcare provider Esse Health cyberattack exposing data of over 263,000 patients, Centers for Medicare & Medicaid warning 103,000 beneficiaries of unauthorized Medicare.gov account creation, and medical device manufacturer Surmodics hit by suspected ransomware.

What government and public sector cybersecurity incidents happened in week 27 2025?

Government sector incidents included: Swiss government data compromised in a ransomware attack on health foundation Radix, Centers for Medicare & Medicaid Services incident affecting 103,000 beneficiaries, and ransomware attack on Gloucester County Virginia exposing employee personal data.

Were there any significant ransomware attacks in week 27 2025?

Yes, notable ransomware attacks included: Global IT distributor Ingram Micro suffering an outage disrupting global operations, German aid organization Welthungerhilfe hit by ransomware, Gloucester County Virginia attack exposing employee data, Technology startup incubator IdeaLab confirming a ransomware attack, and suspected ransomware at medical device manufacturer Surmodics.

What unusual or unique security incidents occurred in week 27 2025?

Unique incidents included: Catwatchful stalkerware platform being vulnerable to SQL injection exposing 62,000 customers, a security flaw being reported in the Cl0p ransomware gang's own data theft tool, Brazilian recruitment platform CIEE leaking 248,000 records, and vulnerability in Synology Active Backup for Microsoft 365 exposing credentials and enabling unauthorized access to Teams chats.

What trends can be observed from week 27 2025 cybersecurity data?

Key trends include: Ransomware and malware attacks remained the dominant threat category with 6 incidents, healthcare and financial sectors continued to be primary targets, there was a slight decrease in advisory events but incidents remained stable, and the impact remained substantial with over 6.7 million individuals affected despite fewer total incidents.

What practical knowledge items were shared during week 27 2025?

Three practical knowledge items were shared: information about CISA warnings of active attacks on Signal clone TeleMessage, details about Google patching actively exploited Chrome vulnerabilities, and awareness of parcel delivery scams using Android group messages.

How did the aviation industry fare in week 27 2025 cybersecurity incidents?

The aviation industry experienced one major incident during week 27 2025: Australia's Qantas Airways cyberattack affecting up to 6 million customers. This single incident represented the largest data breach of the week and demonstrated the significant impact that cyberattacks can have on critical transportation infrastructure.

What does week 27 2025 tell us about the current cybersecurity landscape?

Week 27 2025 demonstrates that cybersecurity threats remain persistent and impactful. While advisory events decreased, incident numbers remained steady, and the impact on individuals remained substantial. The diversity of affected industries and attack types highlights the need for comprehensive security strategies across all sectors, with particular attention to ransomware prevention and third-party risk management.

Were there any supply chain or third-party related security incidents in week 27 2025?

Yes, several incidents involved third-party or supply chain elements: Ingram Micro's outage affecting global IT distribution operations, Swiss health foundation Radix affecting government data, trade show management firm Nth Degree exposing sensitive data, and vulnerability in Synology's backup solution for Microsoft 365. These incidents highlight the continued risk posed by interconnected business relationships.

What software vulnerabilities posed the greatest risk in week 27 2025?

The most critical software vulnerabilities included: Cisco's hardcoded credentials vulnerability with perfect CVSS scores, Wing FTP Server remote code execution enabling server takeover, Sudo vulnerabilities allowing privilege escalation to root, HIKVISION security management platform flaws, and WordPress plugin vulnerabilities affecting over 600,000 websites. These represent fundamental security flaws requiring immediate patching.

How did the financial services sector perform in week 27 2025?

The financial services sector experienced 2 incidents during week 27 2025, including Virginia student loan administrator Southwood Financial being hit by a ransomware attack. The sector's continued targeting demonstrates the ongoing attractiveness of financial institutions to cybercriminals due to the sensitive financial data they process.

What can organizations learn from the week 27 2025 cybersecurity events?

Organizations can learn the importance of: maintaining robust ransomware defenses given their continued prevalence, implementing proper third-party risk management, ensuring timely patching of critical vulnerabilities, having incident response plans ready, and recognizing that no industry is immune to cyber threats. The diversity of attack types and affected sectors emphasizes the need for comprehensive, multi-layered security approaches.

Knowledge

State of (in)security - Week 27, 2025

published: July 7, 2025

Take action: This week malware code was reported to have a vulnerability that can be exploited against the owners of the malware. Obviously, we don't really care if the criminals patch their software. But this is a prime example that all software can be flawed, and that input validation IS ALWAYS A GREAT IDEA.

Learn More

In the week between June 30, 2025, midnight and July 7, 2025, midnight we witnessed a total of:

11 advisory/vulnerability events
14 incident/data breach events

Week over Week comparison of week 27 2025 vs week 26 2025:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 6,719,128 impacted individuals across 7 incidents, with the largest breach being the Australia's Qantas Airways suffers cyberattack affecting up to 6 million customers incident exposing 6,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
Software Vulnerability and SDLC Exploits	2
Social Engineering and Phishing	1
System Misconfiguration Exploits	1
Third Party Compromise	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	2
Finance	2
Non-profit/Charity	2
Consulting/Professional Services	2
Retail	1
Government	1
IT/Software/Technology	1
Aviation	1

Read the Event Details of the Week

Knowledge

active attack | CISA warns of active attacks on Signal clone TeleMessage
active exploit | Google patches actively exploited flaw in Chrome
active scam | Parcel delivery scam using Android group messages

Vulnerabilities

critical vulnerability | Cisco patches critical hardcoded credentials vulnerability in Unified Communications Manager
critical vulnerability | Critical flaws reported in end-of-life D-Link DIR-816 routers
critical vulnerability | Critical remote code execution flaw reported in Anthropic's MCP Inspector tool
critical vulnerability | Critical Sudo vulnerabilities enable local privilege escalation to root
critical vulnerability | Critical vulnerability in Wing FTP Server enables remote code execution, server takeover
ransomware | Medical device manufacturer Surmodics hit by cyberattack, suspected ransomware
critical vulnerability | Remote code execution flaw reported in HIKVISION Security Management Platforms
critical vulnerability | Researchers report Bluetooth flaws that enable remote eavesdropping, device hijacking
ransomware | Security flaw reported in Cl0p ransomware gang data theft tool
data breach | Vulnerability in Synology Active Backup for Microsoft 365 exposes credentials, enables unauthorized access to Teams chats
critical vulnerability | WordPress Plugin flaw exposes over 600,000 websites to potential remote takeover

Incidents

data breach | Swiss government data compromised in ransomware attack on health foundation Radix
data breach | Trade show management firm Nth Degree hit by data breach, exposing sensitive data
data breach | Brazilian recruitment platform CIEE leaks 248 K records
data breach | Technology startup incubator IdeaLab confirms ransomware attack
data breach | Louis Vuitton Korea hit by cyberattack, customer data compromised
data breach | Australia's Qantas Airways suffers cyberattack affecting up to 6 million customers
data breach | Data breach at Integrated Oncology Network exposes patient information of cCARE cancer patients
data breach | Virginia student loan administrator Southwood Financial hit by ransomware attack
data breach | Centers for Medicare & Medicaid warn 103,000 beneficiaries of unauthorized Medicare.gov account creation
data breach | Cyberattack in Missouri healthcare provider Esse Health exposes data of over 263,000 patients
data breach | Catwatchful stalkerware platform vulnerable to SQL Injection exposes 62,000 customers
ransomware | Global IT Distributor Ingram Micro suffers outage disrupting global operations, suspected ransomware
ransomware | German aid organization Welthungerhilfe hit by ransomware attack
ransomware | Ransomware attack on Gloucester County Virginia exposes employee personal data

Read More
State of (in)security - Week 32, 2025
State of (in)security - Week 2, 2024
Massive collection of breached data with 26 billion …
State of (in)security - Week 7, 2026
State of (in)security - Week 16, 2024