What were the cybersecurity statistics for week 30 of 2025?

In the week between July 21, 2025, midnight and July 28, 2025, midnight, there were a total of 11 advisory/vulnerability events and 27 incident/data breach events. The week also included 3 practical knowledge items, with 4,941,722 individuals impacted across 14 incidents.

How did week 30 2025 compare to the previous week in cybersecurity incidents?

Advisories and incidents increased from the previous week. Advisories rose from 10 in week 29 to 11 in week 30. Incidents increased from 23 in week 29 to 27 in week 30. However, the number of known impacted individuals decreased significantly from 46.9 million in week 29 to 4.941 million in week 30.

What was the largest data breach in week 30 of 2025?

The largest breach was the Virginia-based Radiology Associates of Richmond Practice data breach incident, which exposed 1,419,091 individuals. This represented the single largest incident in terms of affected individuals during the week.

What were the main causes of cybersecurity incidents in week 30 2025?

The incidents were caused by: Malware, Ransomware and Related Attacks (4 incidents), System Misconfiguration Exploits (4 incidents), Third Party Compromise (4 incidents), Unauthorized access (3 incidents), and Software Vulnerability and SDLC Exploits (1 incident).

Which industries were most affected by cybersecurity incidents in week 30 2025?

Healthcare was the most affected industry with 6 incidents, followed by Consulting/Professional Services and IT/Software/Technology with 3 incidents each. Retail, Government, Insurance, and Manufacturing each had 2 incidents, while Aviation, Finance, Military/Defense, and Education each had 1 incident.

What notable vulnerabilities were discovered in week 30 2025?

Critical vulnerabilities included authentication bypass flaws in Network Thermostat Smart Building Systems and Mitel MiVoice MX-ONE, a Math.random() flaw in form-data JavaScript library, hardcoded password vulnerability in HPE Aruba networking, multiple flaws in Tridium Niagara Framework and Honeywell Experion PKS, and remote code execution vulnerabilities in SonicWall SMA100 and Sophos Firewall.

What major ransomware attacks occurred in week 30 2025?

Major ransomware attacks included INC RANSOM's compromise of mental health data at Clinica Family Health & Wellness, BLACKLOCK Ransomware's breach of New Jersey rehabilitation center Navesink Rehab, attacks on Singapore Traffic Police through a printing vendor, PeopleCheck's ransomware incident, and Dell's data breach by the World Leaks extortion group.

What high-profile data breaches occurred in week 30 2025?

High-profile breaches included Allianz Life's third-party attack exposing most of 1.4 million customers, the Tea dating app leak exposing thousands of women's IDs and selfies, attacks on Clive Palmer's business entities including United Australia Party, French defense contractor Naval Group targeting military ship combat systems, and the Indian Organ Retrieval Banking Organisation exposing organ donor information.

What active exploits were reported in week 30 2025?

Active exploits included the Amazon Q developer extension for VS Code being compromised and used to plant wiping commands, Cisco ISE vulnerabilities being actively exploited, and global scam SMS messages offering fake scam recovery services being sent worldwide.

How many individuals were impacted by cybersecurity incidents in week 30 2025?

There were a total of 4,941,722 impacted individuals across 14 incidents during week 30 2025. Since not all incidents report the number of impacted individuals, the real number is likely higher than this reported figure.

What browser and software security updates were released in week 30 2025?

Google released a Chrome security update patching high-severity JavaScript engine flaws, and Mozilla released updates for Firefox patching 18 vulnerabilities, with multiple being critical. These updates addressed serious security flaws that could have been exploited by attackers.

What international cybersecurity incidents occurred in week 30 2025?

International incidents included attacks on French defense contractor Naval Group, Global Louis Vuitton data breach extending into Australia, UK contractor insurance company Qdos breach, European healthcare network AMEOS Group cyberattack, Finnish technology company Exel Composites breach, Canadian hedge fund Waratah Capital Advisors breach, and Ukrainian cyber attacks targeting Russian drone manufacturer Gaskar Group.

Knowledge

State of (in)security - Week 30, 2025

published: July 28, 2025

Take action: Be very careful (and ideally DON'T USE) AI assistants. The AI source code ecosystem is far from stable, and the race to deploy more features causes a lot of problems and vulnerabilities that you are bringing to your own systems.

Learn More

In the week between July 21, 2025, midnight and July 28, 2025, midnight we witnessed a total of:

11 advisory/vulnerability events
27 incident/data breach events

Week over Week comparison of week 30 2025 vs week 29 2025:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 4,941,722 impacted individuals across 14 incidents, with the largest breach being the Virginia-based Radiology Associates of Richmond Practice reports data breach incident exposing 1,419,091 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	4
System Misconfiguration Exploits	4
Third Party Compromise	4
Unauthorized access	3
Software Vulnerability and SDLC Exploits	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	6
Consulting/Professional Services	3
IT/Software/Technology	3
Retail	2
Government	2
Insurance	2
Manufacturing	2
Other	2
Aviation	1
Finance	1
Military/Defense	1
Education	1

Read the Event Details of the Week

Knowledge

active exploit | Amazon Q developer extension for VS Code compromised, used to plant wiping commands
active exploit | Cisco ISE vulnerabilities actively exploited
active scam | Scam SMS messages offering Scam Recovery sent globally

Vulnerabilities

critical vulnerability | Authentication bypass vulnerability reported in Network Thermostat Smart Building Systems
critical vulnerability | Critical Math.random() flaw in form-data JavaScript library enables request injection attacks
critical vulnerability | Google releases Chrome security update patching high-severity JavaScript engine flaws
critical vulnerability | HPE Aruba networking Instant On Access Points have hardcoded password vulnerability
critical vulnerability | Mitel networks reports critical authentication bypass flaw in MiVoice MX-ONE
critical vulnerability | Mozilla releases updates for Firefox, 18 vulnerabilities patched, multiple critical
critical vulnerability | Multiple flaws reported in Honeywell Experion PKS, at least one critical
critical vulnerability | Multiple vulnerabilities reported in Tridium Niagara Framework
critical vulnerability | Multiple vulnerabilities reported in Weidmueller Industrial Routers
critical vulnerability | SonicWall SMA100 vulnerability enables remote code execution
critical vulnerability | Sophos fixes Firewall vulnerabilities that enable unauthenticated remote code execution

Incidents

critical vulnerability | Indian Organ Retrieval Banking Organisation exposes organ donor information
data breach | Allianz Life reports third party attack exposing most of 1.4 million customers
data breach | Zumpano Patricios Law Firm reports data breach affecting 279,275 individuals
data breach | French defense contractor Naval Group hit by cyberattack targeting military ship combat systems
data breach | Global Louis Vuitton data breach extends into Australia
data breach | UK contractor insurance company Qdos reports data breach exposing customer data
data breach | Virginia-based Radiology Associates of Richmond Practice reports data breach
data breach | Women dating safety app Tea data leak exposes thousands of women's IDs and selfies
data breach | Brigham Young University reports data breach
data breach | Attack on United Australia Party and Trumpet of Patriots also breached the business entites of Clive Palmer
data breach | Australian fashion brand SABO leaks 3.6 Million customer records
data breach | Clorox sues Cognizant over 2023 cyberattack, blames IT provider for giving hackers passwords
data breach | European healthcare network AMEOS Group hit by cyberattack
data breach | 32 Pearls dental practice hit by ransomware attack, exposes data of 23,550 people
data breach | Cybercrime forum Leak Zone leaks 22 Million user login records
data breach | Unsecured database exposes 100 million records of Swedish citizens
data breach | Finnish technology company Exel Composites reports cyberattack exposing employee and shareholder data
data breach | Canadian hedge fund Waratah Capital Advisors reports data breach exposing client data
data breach | Cathay Pacific loyalty program breach exposes customer data
data breach | Cierant Corporation reportd data breach caused by Cleo VLTrader third-party tool vulnerability
data breach | France employment agency Travail reports second data breach exposing data of 340,000 people
ransomware | INC RANSOM claims compromise of mental health data at Clinica Family Health & Wellness
ransomware | BLACKLOCK Ransomware gang claims breach of New Jersey rehabilitation center Navesink Rehab
ransomware | Singapore Traffic Police data exposed after ransomware attack on printing vendor
ransomware | PeopleCheck reports data breach caused by ransomware attack
ransomware | Ukrainian cyber attack targets Russian drone manufacturer Gaskar Group
ransomware | Dell confirms data breach of test platform by World Leaks extortion group

Read More
How (not) to get hacked in MS office …
State of (in)security - Week 38, 2023
State of (in)security - Week 20, 2023
Researchers report Apple silicon CPU vulnerability that can …
State of (in)security - Week 6, 2024