State of (in)security - Week 28, 2025
Take action: Make sure to authenticate and authorize every single request to your APIs. And don't use integer auto-incrementing IDs for users, too easy to guess. Naturally, NEVER use trivial credentials for test systems.
Learn More
In the week between July 7, 2025, midnight and July 14, 2025, midnight we witnessed a total of:
- 17 advisory/vulnerability events
- 21 incident/data breach events
We also shared 2 practical knowledge items
Week over Week comparison of week 28 2025 vs week 27 2025:
- Advisories and incidents are up from the previous week. Advisories are up from 11 in week 27 to 17 in week 28. Incidents are up from 14 in week 27 2025 to 21 in week 28 2025.
- The number of known impacted individuals is up - from 6.7 million in week 27 to 85 million in week 28 2025.
Total impacted individuals via the events of the week
There were a total of 85,106,788 impacted individuals across 8 incidents, with the largest breach being the McDonald's AI hiring platform found to be vulnerable, risking 64 million job applications incident exposing 64,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Software Vulnerability and SDLC Exploits | 3 |
| Unauthorized access | 3 |
| System Misconfiguration Exploits | 2 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Consulting/Professional Services | 5 |
| Healthcare | 3 |
| Manufacturing | 2 |
| IT/Software/Technology | 2 |
| Retail | 2 |
| Government | 1 |
| Education | 1 |
| Entertainment/Leisure | 1 |
| Media | 1 |
| Insurance | 1 |
| Finance | 1 |
| Food and Beverage | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA warns of actively exploited Zimbra Collaboration Suite flaw
- active exploit | Critical remote code execution flaw in Wing FTP Server actively exploited
Vulnerabilities
- critical vulnerability | Adobe releases July 2025 patches for multiple products
- critical vulnerability | Authorization bypass flaw in Juniper Security Director enables access to sensitive resources
- critical vulnerability | Bluetooth vulnerabilities called PerfektBlue enable remote hacking of vehicles from major automakers
- critical vulnerability | CISA reports multiple vulnerabilities in Emerson ValveLink products, at least one critical
- critical vulnerability | Critical buffer overflow flaw reported in D-Link DIR-825 routers
- critical vulnerability | Critical flaws in KUNBUS Revolution Pi industrial control systems enable authentication bypass and command execution
- critical vulnerability | Critical macOS SMBClient flaws enable remote code execution
- critical vulnerability | Critical remote code execution flaw in mcp-remote exposes AI Systems to compromise
- critical vulnerability | Critical SQL injection vulnerability in Fortinet FortiWeb enables unauthenticated remote code execution
- critical vulnerability | Critical unpatched vulnerabilities reported in Ruckus Wireless Management Systems
- critical vulnerability | Juniper releases patches for Junos OS and Junos OS Evolved to fix "BlastRADIUS" RADIUS protocol flaw
- critical vulnerability | Microsoft releases July 2025 Patch fixing one critical zero-day, 129 other flaws
- critical vulnerability | Multiple flaws in Schneider Electric EcoStruxure IT Data Center Expert, at least one critical
- critical vulnerability | Multiple vulnerabilities in Comodo Internet Security 2025 enable system compromise
- critical vulnerability | Multiple vulnerabilities reported in Siemens SINEC NMS, at least one critical
- critical vulnerability | SAP July 2025 patch day fixes 31 vulnerabilities, one maximum severity
- critical vulnerability | SureForms WordPress Plugin flaw enables unauthenticated file deletion, potential site takeover
Incidents
- critical vulnerability | Remote code execution flaw forces Activision to remove Call of Duty: WWII from Game Pass
- data breach | Louis Vuitton reports coordinated data breaches across multiple countries
- data breach | Nippon Steel Solutions reports data breach after zero-day attack on network infrastructure
- data breach | Rockerbox tax credit consultancy leaks 245 K client records
- data breach | Triage Staffing reports third party data breach exposing healthcare professionals data
- data breach | Arbor Associates reports data breach exposing patient information
- data breach | Tokai Carbon reports data breach exposing data of over 10 K individuals
- data breach | TalentHook leaks resumes of 26 Million job seekers
- data breach | Mail processing vendor Renkim hit by ransomware, exposing data of Ballad Health patients
- data breach | Central Kentucky Radiology hit by ransomware attack, exposing nearly 167 K patient records
- data breach | Flutter Entertainment data breach exposed data of Paddy Power and Betfair customers
- data breach | Bitcoin Depot reports data breach exposing information of 26,732 users
- data breach | McDonald's AI hiring platform found to be vulnerable, risking 64 million job applications
- data breach | PDCM Insurance hit by ransomware attack, exposes employee and customer data
- data breach | Florida Lung, Asthma and Sleep Specialists hit by ransomware, exposing patient data
- data breach | Dordt University reports data breach exposing data of 34 K Individuals
- data breach | Accounting Firm Blue & Co. reports data breach exposing client data
- data breach | New Zealand New World club card accounts targeted in password spraying attack
- data breach | Covenant Health Systems hit by cyberattack, exposes patient data
- data breach | Play Ransomware gang claims attack on Chicago radio station WFMT
- ransomware | Albemarle County reports ransomware attack exposing employee and resident data
