State of (in)security - Week 36, 2025
Take action: Be suspicious of any "potential customers" who contact you out of the blue. Verify their provenance through multiple channels, like corporate registrations, phone call from official directories and business forums. Finally, BE VERY SUSPICIOUS of ZIP files for documents because part of a ZIP file may be a malicious LNK file with an attack.
Learn More
In the week between Sept. 1, 2025, midnight and Sept. 8, 2025, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 36 incident/data breach events
Week over Week comparison of week 36 2025 vs week 35 2025:
- Advisories are the same as previos week and incidents are significanlty up. Advisories remain at 10 in both week 36 and week 35. Incidents are up from 21 in week 35 2025 to 36 in week 36 2025.
- The number of known impacted individuals is down - from 5.4 million in week 35 to 1.5 million in week 36 2025.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 1,509,063 impacted individuals across 14 incidents, with the largest breach being the Nevada based Absolute Dental reports data breach affecting over 1.2 million people incident exposing 1,223,635 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 9 |
| Third Party Compromise | 8 |
| Unauthorized access | 5 |
| System Misconfiguration Exploits | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
| Social Engineering and Phishing | 1 |
| Human bad security behaviour | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 7 |
| Healthcare | 6 |
| Finance | 5 |
| Government | 4 |
| Education | 4 |
| Entertainment/Leisure | 3 |
| Consulting/Professional Services | 3 |
| Pharmaceuticals | 1 |
| Insurance | 1 |
| Manufacturing | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active phishing | Checkpoint warns of phishing campaign that emulates potential customers and vendor evaluation process
- active exploit | Critical SAP S/4HANA code injection vulnerability exploited in the wild
- active exploit | TP-Link router flaws exploited by botnet
Vulnerabilities
- critical vulnerability | Armis Labs reports multiple vulnerabilities in Copeland refrigeration and HVAC infrastructure
- critical vulnerability | Chrome 140 security update patches six vulnerabilities, one high-severity
- critical vulnerability | Critical Argo CD vulnerability exposes repository credentials through API token exploitation
- critical vulnerability | Critical Bluetooth vulnerability reported in SunPower Solar Inverters
- critical vulnerability | Critical vulnerability in Sitecore CMS is actively exploited to deploy malware
- critical vulnerability | Google releases September 2025 Android update, fixes over 80 vulnerabilities, two actively exploited
- critical vulnerability | IBM App Connect Enterprise patches multiple vulnerabilities, at least one critical
- critical vulnerability | MediaTek reports multiple vulnerabilities affecting mobile devices
- critical vulnerability | Multiple vulnerabilities reported in Hikvision HikCentral products
- critical vulnerability | Qualcomm releases September 2025 Patch, fixes over 20 flaws, two critical
Incidents
- data breach | University of the Philippines Tacloban College investigates potential data breach of learning management system
- data breach | School District Five of Lexington & Richland Counties reports data breach affecting over 31,000 individuals
- data breach | Luxembourg National Lottery suffers data breach through subcontractor cyber attack
- data breach | Kerrville Independent School District reports data breach affecting 4,300 individuals
- data breach | Somerset County Children and Youth Services reports cyberattack, data breach
- data breach | SafePay Ransomware gang claims breach on Waterford Surgical Center ambulatory surgery
- data breach | Louisiana based Risk Management Services reports data breach affecting 22,300 individuals
- data breach | Nigerian state government leaks personal data of loan applicants on website
- data breach | American Association of Critical-Care Nurses reports data breach affecting over 57,000 individuals
- data breach | Southern Graphics Inc. reports data breach exposing data of over 31,000 people
- data breach | Zscaler confirms data breach caused by Salesloft Drift supply chain attack
- data breach | Austria's Interior Ministry reports breach of about 100 government email accounts
- data breach | Carter Federal Credit Union reports data breach affecting almost 69,000 people
- data breach | Cloudflare reports customer data breach in Salesloft Drift supply chain attack
- data breach | PagerDuty confirms customer data breach in Salesloft Drift supply chain attack
- data breach | SpyCloud confirms data exposure in Salesloft Drift supply chain attack
- data breach | Palo Alto Networks reports data breach caused by Salesloft Drift supply chain attack
- data breach | Navy Federal Credit Union leaks 378 GB of internal backup data in Amazon Cloud misconfiguration
- data breach | Melbourne Catholic College hit by ransomware attack exposing student and staff data
- data breach | SaaS provider Workiva reports customer data breach in Salesloft instance
- data breach | Police investigates data breach at multiple Northern Ireland GP Practices after hard drives go missing during IT upgrade
- data breach | TeamstersCare reports data breach exposing data of 21,469 people
- data breach | Proofpoint reports data breach caused by the Salesloft Drift supply chain attack
- data breach | Bridgestone Americas hit by cyberattack affecting manufacturing operations
- data breach | Nevada based Absolute Dental reports data breach affecting over 1.2 million people
- data breach | Chess.com data breach exposes data of 4,541 users throug third-party compromise
- data breach | Cyberattack on UK software developer causes data breach affecting thousands of education staff
- data breach | Canadian fintech Wealthsimple reports data breach affecting approx. 30,000 clients
- ransomware | Sinobi Ransomware gang claims attack on Pittsburgh Gastroenterology Associates
- ransomware | K Club golf resort hit by ransomware attack just before Irish Open championship
- ransomware | Orleans Parish Sheriff's Office hit by ransomware attack
- ransomware | INC Ransomware gang claims responsibility for attack on OB-GYN Associates
- ransomware | DragonForce Ransomware gang leaks data allegedly stolen from Toowoomba Friendlies Society Dispensary
- ransomware | South Korean credit card company Lotte Card reports cyberattack
- ransomware | Jaguar Land Rover reports cyberattack that severely disrupted production and sales operations
- theft | Massive $130 million attempted theft targets brazilian Fintech through stolen vendor credentials
