How many cybersecurity events occurred in week 32 of 2025 (Aug 4-11)?

During week 32 of 2025 (August 4-11, 2025), there were a total of 41 cybersecurity events: 21 advisory/vulnerability events and 20 incident/data breach events.

How did week 32 cybersecurity events compare to the previous week?

Cybersecurity events increased from the previous week. Advisories rose from 15 in week 31 to 21 in week 32, and incidents increased from 17 in week 31 to 20 in week 32. The number of known impacted individuals also surged dramatically from 456 thousand in week 31 to 6.658 million in week 32.

What was the largest data breach in week 32 of 2025?

The largest data breach was the Bouygues Telecom cyberattack, which exposed data of 6.4 million customers. This single incident accounted for the majority of the 6,658,997 total impacted individuals across all incidents that week.

What were the main causes of cybersecurity incidents in week 32 of 2025?

The primary causes of incidents were Social Engineering and Phishing (4 incidents), followed by Malware, Ransomware and Related Attacks (3 incidents), System Misconfiguration Exploits (3 incidents), Software Vulnerability and SDLC Exploits (1 incident), and Unauthorized access (1 incident).

Which industries were most affected by cybersecurity incidents in week 32 of 2025?

Healthcare, IT/Software/Technology, and Education were the most affected industries, each experiencing 3 incidents. Government had 2 incidents, while Media, Non-profit/Charity, Other, Retail, Aviation, Telecommunications, Consulting/Professional Services, Finance, and Gas/Oil each had 1 incident.

What notable vulnerabilities were discovered in week 32 of 2025?

Notable critical vulnerabilities included Adobe Experience Manager Forms flaws with public proof-of-concept, Exchange Server Hybrid flaws that could compromise cloud instances, authentication bypass flaws in various industrial devices, buffer overflow in Squid HTTP Proxy, actively exploited flaws in Trend Micro Apex One, and vulnerabilities in Google Android requiring security updates.

What major organizations experienced data breaches in week 32 of 2025?

Major organizations that experienced data breaches included Bouygues Telecom (6.4 million customers), U.S. Federal Judiciary (court records and confidential informant identities), Connex Credit Union (172,000 members), KLM and Air France, Google's Salesforce instance, PBS (4,000 employees), and Pandora Jewelry, among others.

How many people were impacted by cybersecurity incidents in week 32 of 2025?

A total of 6,658,997 individuals were impacted across 5 incidents that reported numbers. However, since not all incidents report the number of impacted individuals, the real number is likely higher than this figure.

What active cyber threats were identified in week 32 of 2025?

Active threats included cryptocurrency theft through malicious programs, hackers breaching Salesforce instances through voice phishing, phishing campaigns targeting Firefox Add-on developers, SonicWall Gen 7 firewalls being targeted with SSL VPN zero-day vulnerabilities, and WinRAR vulnerability exploitation in malware campaigns.

What ransomware attacks occurred in week 32 of 2025?

Ransomware attacks affected Manassas Park City Schools (exposing student and staff info), New Zealand accounting firm TAS NZ Bay Limited, and Pakistan Petroleum Limited. Additionally, there was a critical vulnerability in NestJS development tools that enabled ransomware attacks against developers.

Knowledge

State of (in)security - Week 32, 2025

published: Aug. 11, 2025

Take action: Never trust "secret profit methods" or anyone claiming to share money-making exploits - if someone really found a way to make 37% profit, they'd use it themselves, not share it. Never run unknown JavaScript code or programs from random sources, especially ones promising easy profits.

Learn More

In the week between Aug. 4, 2025, midnight and Aug. 11, 2025, midnight we witnessed a total of:

21 advisory/vulnerability events
20 incident/data breach events

Week over Week comparison of week 32 2025 vs week 31 2025:

We also shared 4 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 6,658,997 impacted individuals across 5 incidents, with the largest breach being the Bouygues Telecom hit by cyberattack, exposing data of 6.4 million customers incident exposing 6,400,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Social Engineering and Phishing	4
Malware, Ransomware and Related Attacks	3
System Misconfiguration Exploits	3
Software Vulnerability and SDLC Exploits	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	3
IT/Software/Technology	3
Education	3
Government	2
Media	1
Non-profit/Charity	1
Other	1
Retail	1
Aviation	1
Telecommunications	1
Consulting/Professional Services	1
Finance	1
Gas/Oil	1

Read the Event Details of the Week

Knowledge

active scam | Cryptocurrency theft through a program that victims need to run to allegedly profit from a bug in crypto exchange
active attack | Hackers breach Salesforce instances of major corporations through voice phishing
active attack | Mozilla warns of active phishing campaign targeting Firefox Add-on developers
active attack | SonicWall Gen 7 firewalls targeted with SSL VPN Zero-Day vulnerability

Vulnerabilities

critical vulnerability | Adobe releases emergency updates for Adobe Experience Manager Forms flaes after public PoC
critical vulnerability | Authentication bypass flaw reported in Packet Power Infrastructure Monitoring devices
critical vulnerability | CISA and Microsoft warn of an Exchange Server Hybrid flaw enabling attackers to compromise the Cloud instance
critical vulnerability | ControlVault Vulnerabilities dubbed ReVault expose Dell business laptops to firmware-level attacks
critical vulnerability | Critical authentication bypass flaw in Burk Technology ARC Solo Devices
critical vulnerability | Critical authentication bypass flaw reported in Instantel Micromate industrial monitoring devices
critical vulnerability | Critical buffer overflow flaw in Squid HTTP Proxy enables remote code execution
critical vulnerability | Critical flaws in Trend Micro Apex One Management Console actively exploited
critical vulnerability | Critical path traversal flaw reported in Delta Electronics DIAView industrial automation system
ransomware | Critical remote code execution flaw in NestJS development tools enables attacks against developers
critical vulnerability | Critical SQL Injection flaw reported in ADOdb PHP database library
critical vulnerability | Critical vulnerabilities reported in EG4 electronics solar inverters
critical vulnerability | Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform
critical vulnerability | Cursor IDE vulnerability enables persistent code execution through AI plugin trust bypass
critical vulnerability | Google Looker Studio leaks "Unlisted" reports exposing them to unauthorised access
critical vulnerability | Google releases August 2025 Android Security Update, patches six vulnerabilities, two critical, two exploited
critical vulnerability | HashiCorp patches critical flaw in Vault allowing privileged code execution
data breach | Researchers report critical flaws in CyberArk vaults
critical vulnerability | Team82 Researchers report multiple flaws in Axis Communications CCTV Systems
data breach | Vulnerability chain in NVIDIA Triton Inference Server enables complete AI server takeover
ransomware | WinRAR vulnerability exploited in malware campaigns

Incidents

Read More
Two Engineering and Transparency Lessons from the suspected …
State of (in)security - Week 43, 2025
State of (in)security - Week 30, 2025
State of (in)security - Week 46, 2023
An analysis of the critical flaw in the …