State of (in)security - Week 37, 2025
Take action: Never trust Facebook ads or messages claiming your account will be "permanently locked". Don't rush, think about the issue and consult with people. If you're concerned about your account, go directly to Facebook.com (don't click any links) and check your account status there instead.
Learn More
In the week between Sept. 8, 2025, midnight and Sept. 15, 2025, midnight we witnessed a total of:
- 13 advisory/vulnerability events
- 26 incident/data breach events
Week over Week comparison of week 37 2025 vs week 36 2025:
- Advisories are up and incidents are down. Advisories are up from 10 in week 36 to 13 in week 37. Incidents are down from 36 in week 36 2025 to 26 in week 37 2025.
- The number of known impacted individuals is down - from 1.5 million in week 36 to 520 thousand in week 37 2025.
We also shared 1 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 520,658 impacted individuals across 9 incidents, with the largest breach being the Data breach at Fairmont Federal Credit Union exposes data of 187,038 people incident exposing 187,038 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 11 |
| Third Party Compromise | 5 |
| System Misconfiguration Exploits | 3 |
| Human bad security behaviour | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 6 |
| IT/Software/Technology | 5 |
| Healthcare | 4 |
| Manufacturing | 3 |
| Finance | 3 |
| Education | 2 |
| Transport/Logistics | 1 |
| Media | 1 |
| Consulting/Professional Services | 1 |
Read the Event Details of the Week
Knowledge
- active phishing | Disabled facebook account campaign tries to get users to install malware
Vulnerabilities
- critical vulnerability | Adobe releases September 2025 patches for multiple products, warns of critical flaw in Adobe Commerce/Magento
- critical vulnerability | Critical authentication bypass flaw reported in Amp'ed RF BT-AP 111 Bluetooth access point
- critical vulnerability | Critical deserialization vulnerability reported in Apache Jackrabbit, enables remote code execution
- ransomware | Critical flaw in DELMIA Apriso manufacturing software under active exploitation
- critical vulnerability | Critical vulnerabilities reported in ABB Cylon Aspect building management systems
- critical vulnerability | Critical vulnerability reported in Siemens SIMATIC Virtualization Service
- critical vulnerability | Google releases urgent Chrome update, patches critical vulnerability
- critical vulnerability | Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed
- critical vulnerability | Multiple vulnerabilities in Siemens User Management Component affect industrial control systems
- critical vulnerability | Samsung patches critical Vulnerability exploited in targeted attacks on Galaxy devices
- critical vulnerability | SAP fixes multiple critical flaws in September 2025 patch day, including maximum severity NetWeaver flaw
- critical vulnerability | Sophos patches critical authentication bypass flaw in AP6 Series wireless access points
- critical vulnerability | Zoom releases multiple patches for Windows and macOS clients, at least one critical
Incidents
- data breach | Data of thousands Pakistani citizens sold on Dark Web platforms
- data breach | LoveSac furniture company reports Data Breach following ransomware attack
- data breach | Tenable reports being affected by the Salesloft Drift supply chain attack
- data breach | Cybersecurity company Qualys confirms data breach caused by Salesloft Drift supply chain attack
- data breach | Plex Media Streaming platform suffers data breach affecting user account data
- data breach | Vietnam's National Credit Information Center hit by cyberattack exposing over 160 million records
- data breach | Birmingham school email error exposes student data
- data breach | Data breach at Fairmont Federal Credit Union exposes data of 187,038 people
- data breach | Hampton Regional Medical Center hit by cybersecurity incident affecting patient and staff data
- data breach | MoneyBlock online trading platform hit by cybersecurity breach exposing thousands of client records
- data breach | Major NPM supply chain attack compromises 18 popular packages, injects cryptocurrency-stealing malware
- data breach | Canadian Federal Government agencies hit by cyberattack through third party service breach
- data breach | Trigg County Hospital reports data breach caused by third party incident
- data breach | City of St. Joseph, Missouri hit by ransomware attack, exposing police and health department files
- data breach | Children's Center of Hamden reports data breach exposing data of over 5,000 people
- data breach | KillSec Ransomware group hits Brazilian healthcare software provider MedicSolution
- data breach | UK Railway operator LNER reports cyberattack compromising passenger details and journey records
- data breach | NSW Health leaks medical staff credentials in website misconfiguration
- data breach | Panama's Ministry of Economy and Finance reports data breach after INC Ransom claims data theft
- data breach | Texas General Land Office leaks data of 44,485 disaster victims
- data breach | HackerOne reports data breach through third-party Salesforce Drift Integration
- ransomware | Wayne Memorial Hospital ransomware attack exposes data of 163,000 patients
- ransomware | City of Middletown, Ohio hit by cyberattack paralyzing city operations for weeks
- ransomware | Ohio based Cornwell Quality Tools hit by ransomware attack
- ransomware | Wytech Industries reports major ransomware attack exposing medical and financial records
- ransomware | Uvalde School District closes all campuses after ransomware attack hits critical safety systems
