State of (in)security - Week 3, 2025
Take action: How to handle external code - download code only from official and trusted repositories, verify repository ownership, be wary of repositories with limited community engagement, review commit history for obvious injections, run code on virtual machine and avoid any obfuscated code.
Learn More
In the week between Jan. 13, 2025, midnight and Jan. 20, 2025, midnight we witnessed a total of:
- 13 advisory/vulnerability events
- 20 incident/data breach events
Week over Week comparison of week 3 2025 vs week 2 2025:
- Advisories are up and incidents are down from the previous week. Advisories are up from 9 in week 2 2025 to 13 in week 3 2025. Incidents are down from 25 in week 2 2025 to 20 in week 3 2025.
- The number of known impacted individuals is significantly up - from 5.997 million in week 2 2025 to over 112 million in week 3 2025.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 112,969,996 impacted individuals across 10 incidents, with the largest breach being the Cybernews reports Elasticsearch server leaking data of 1.5 billion people incident exposing 100,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Unauthorized access | 3 |
| System Misconfiguration Exploits | 2 |
| Human bad security behaviour | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Consulting/Professional Services | 5 |
| Government | 4 |
| IT/Software/Technology | 2 |
| Healthcare | 1 |
| Hospitality/Events | 1 |
| Manufacturing | 1 |
| Other | 1 |
| Retail | 1 |
| Education | 1 |
| Finance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA confirms exploitation of two BeyondTrust flaws, urges patching
- awareness | Fake exploit PoC for LDAPNightmare flaw used to spread infostealer malware
Vulnerabilities
- critical vulnerability | Adobe releases January 2025 patches for multiple products
- critical vulnerability | Critical flaws reported in Planet Technology's WGS-804HPT industrial switches
- critical vulnerability | Critical vulnerability reported in Aviatrix Controllers and is under active exploitation
- critical vulnerability | Fortinet reports and fixes actively exploited FortiOS flaw
- critical vulnerability | Google releases Chrome 132, fixes 16 flaws including possible Remote Code Execution
- critical vulnerability | IBM reports multiple security vulnerabilities affecting QRadar SIEM Log Source Management App
- critical vulnerability | Ivanti reports multiple critical security flaws in Endpoint Manager (EPM)
- critical vulnerability | Microsoft releases January 2025 patch, fixes 8 zero-days, 12 critical and a total of 159 flaws
- critical vulnerability | Microsoft researchers report macOS flaw affecting System Integrity Protection
- critical vulnerability | Multiple flaws reported in Rsync, at least one critical
- critical vulnerability | Multiple security vulnerabilities reported in SimpleHelp's remote support software
- critical vulnerability | SAP releases January 2025 patch, fixes at least two critical issues
- critical vulnerability | Supply chain breached in Kong DockerHub, malilcious Kong Ingress Controller version 3.4.0 uploaded
Incidents
- data breach | Philippines National Bureau of Investigation (NBI) investigates claimed data breach and leak
- data breach | Cloud-based hotel management platform Otelier hit by data breach
- data breach | Cybernews reports Elasticsearch server leaking data of 1.5 billion people
- data breach | Multistate Tax reports data breach
- data breach | Researchers find exposed Elastic server of a hospitality sector leaking 25M records
- data breach | EncompassCare reports data breach exposing customer Social Security Numbers
- data breach | UK Home Office confirms investigation of incident affecting visas and immigration database
- data breach | Belsen Group threat actors leak stolen configs and credentials of 15K Fortigate firewalls
- data breach | Carruth Compliance Consulting reports data breach affecting thousands school employees
- data breach | Grinding Gear Games, developer of Path of Exile 2 reports data breach
- data breach | Wolf Haldenstein Adler Freeman & Herz law firm reports data breach exposing 3.5M people
- data breach | Texas Health and Human Services Commission reports internal data breach affecting 61K SNAP beneficiaries
- data breach | Global publisher of educational materials Scholastic hit by data breach
- ransomware | Akira ransomware gang claims breach of Italian company divimast
- ransomware | Everest ransomware gang claims breach of Australian company Evidn
- ransomware | Avery Products Corporation reports data breach caused by card skimming attack on their website
- ransomware | Tennessee-based Mortgage Investors Group reports cyberattack, data breach
- ransomware | Primal Wear cycling clothing brand hit by ransomware attack
- ransomware | Gateshead Council in the UK hit byt cyber attack claimed by Medusa ransomware group
- ransomware | University of Oklahoma reports cybersecurity incident
