State of (in)security - Week 35, 2025
Take action: Be aware that AI tools have become another weapon for hackers, so isolate such tools from anything production. Attackers are now even using AI as part of the ransomware to generate different scripts.
Learn More
In the week between Aug. 25, 2025, midnight and Sept. 1, 2025, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 21 incident/data breach events
Week over Week comparison of week 35 2025 vs week 34 2025:
- Advisories are up and incidents are down from the previous week. Advisories are up from 9 in week 34 to 10 in week 35. Incidents are down from 23 in week 34 2025 to 21 in week 35 2025.
- The number of known impacted individuals is up - from 2.037 million in week 34 to 5.4 million in week 35 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 5,400,007 impacted individuals across 6 incidents, with the largest breach being the TransUnion reports data breach exposing sensitive information of over 4.4 million people incident exposing 4,461,511 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Social Engineering and Phishing | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Third Party Compromise | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| Government | 4 |
| IT/Software/Technology | 4 |
| Transport/Logistics | 2 |
| Education | 2 |
| Finance | 1 |
| Other | 1 |
| Retail | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA warns of active exploitation of Git flaw
- active exploit | Cisa warns of actively exploited flaws in Citrix
- active attack | FreePBX Servers under active zero-day attack
- active phishing | Google Salesforce data breach triggers widespread phishing campaign against gmail users
- active exploit | WhatsApp vulnerability actively exploited in targeted spyware campaign
Vulnerabilities
- critical vulnerability | Citrix patches multiple flaws in NetScaler, including one actively exploited
- critical vulnerability | Click Studios reports authentication bypass vulnerability in their Passwordstate password manager
- critical vulnerability | Critical Directus vulnerability enables unauthenticated file upload and remote code execution
- critical vulnerability | Critical Google Cloud Dataform path traversal flaw enables cross-tenant data access
- ransomware | ESET reports AI-Powered ransomware called "PromptLock" that uses local AI models to generate scripts
- critical vulnerability | Google releases emergency update for Chrome, patches critical flaw in ANGLE graphics library
- critical vulnerability | QNAP patches multible security vulnerabilities in legacy VioStor NVR systems
- critical vulnerability | Researchers report flaws in Securden Unified PAM, at least one critical
- critical vulnerability | Researcher steal passwords from credential managers using new clickjacking method
- critical vulnerability | Salesforce patches multiple flaws in Tableau Server, at least one critical
Incidents
- data breach | Bartlesville Public Schools report data breach exposing employee and student data
- data breach | Healthcare Services Group reports data breach exposing information of over 624 K individuals
- data breach | TransUnion reports data breach exposing sensitive information of over 4.4 million people
- data breach | Sabine County Hospital reports email breach exposing patient data
- data breach | Multiple transit companies in Italy affected through the breach of MyCicero platform
- data breach | UI Community HomeCare reports data breach affecting 211,000 patients
- data breach | Massive data breach compromises over 700 organizations through Salesloft Drift OAuth token compromise
- data breach | Barrett-Jackson auction company reports data breach
- data breach | Retail group Auchan reports data breach affecting over 500,000 customers
- data breach | Woodlawn Hospital reports cybersecurity incident exposing patient information
- data breachlm | Supply chain attack uses AI Tools to compromise NX developer package
- ransomware | Black Nevas ransomware group claims data theft from Toyota Kirloskar Motor
- ransomware | Nevada state government reports cybersecurity Incident, forcing statewide office closures
- ransomware | Pontifical Salesian University hit by a cyber attack, all digital services disrupted
- ransomware | Spartanburg County hit by cyber attack, personal data compromised
- ransomware | Greenville municipality hit by ransomware attack
- ransomware | Ransomware gang Dire Wolf claims breach of WineWorks Australia
- ransomware | Ransomware attack on Swedish IT Provider Miljödata dirupts hundreds of municipalities
- ransomware | Lycoming County government hit by ransomware attack
- ransomware | Black Hills Regional Eye Institute reports ransomware attack
- ransomware | Maryland Transit Administration reports cyberattack
