State of (in)security - Week 4, 2025
Take action: A reminder to patch everything on Windows - including office. Too many products, too widely available. Hackers love them because single piece of code can attack everywhere. Patch. Your. Microsoft. Products.
Learn More
In the week between Jan. 20, 2025, midnight and Jan. 27, 2025, midnight we witnessed a total of:
- 8 advisory/vulnerability events
- 25 incident/data breach events
Week over Week comparison of week 4 2025 vs week 3 2025:
- Advisories are down and incidents are up from the previous week. Advisories are down from 13 in week 3 2025 to 9 in week 4 2025. Incidents are up from 20 in week 3 2025 to 25 in week 4 2025.
- The number of known impacted individuals is significantly down - from over 112 million in week 3 2025 to 7.884 million in week 4 2025.
We also shared 1 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 7,884,829 impacted individuals across 5 incidents, with the largest breach being the Georgian citizens' personal information leaked in exposed Elasticsearch database incident exposing 7,200,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 5 |
| Third Party Compromise | 5 |
| Unauthorized access | 3 |
| Social Engineering and Phishing | 1 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Education | 5 |
| Retail | 3 |
| Government | 3 |
| Healthcare | 2 |
| Consulting/Professional Services | 2 |
| IT/Software/Technology | 2 |
| Entertainment/Leisure | 2 |
| Telecommunications | 1 |
| Finance | 1 |
| Insurance | 1 |
| Manufacturing | 1 |
| Military/Defense | 1 |
| Construction | 1 |
Read the Event Details of the Week
Knowledge
- awareness | CISA and FBI release detailed exploit chain of flaws in Ivanti Cloud Service Applications
Vulnerabilities
- critical vulnerability | CISA reports flaws in mySCADA myPRO Manager and Runtime
- critical vulnerability | Cisco patches critical flaw in Meeting Management software
- critical vulnerability | Critical unpatched flaws reported in premium WordPress real estate plugins RealHome and Easy Real Estate
- critical vulnerability | Flaw in ChatGPT API enables reflective DDoS attacks
- critical vulnerability | Moxa reports critical flaw affecting EDS-508A Ethernet switches
- critical vulnerability | Oracle releases January 2025 Patch update addressing 318 new security vulnerabilities
- critical vulnerability | Researchers warn of critical Outlook flaw that executes malicious code in mail preview
- critical vulnerability | SonicWall reports actively exploited critical flaw SMA appliances, urges immediate patch
Incidents
- critical vulnerability | The Harrison County Board of Education reports cyberattack, possible data breach
- data breach | Sports and entertainment agency Octagon reports data breach
- data breach | IntelBroker claims breach of Hewlett Packard Enterprise, offers data for sale
- data breach | E & M Insurance reports cyberattack, data breach
- data breach | Fort Thomas Independent Schools report data breach caused by phishing attack
- data breach | Frank, Rimerman + Co. reports data breach caused by email system compromise
- data breach | Crunchyroll addresses series of user account breaches, claims systems are not breached
- data breach | Thailand Poseify Group Co Ltd reports data breach
- data breach | Allegheny Health Networ reports data breach, home care patients impacted
- data breach | Gas Express convenience store chain reports data breach affecting customer information
- data breach | Upper Canada District School Board reports cyberattack, data breach
- data breach | PFS Investments Inc. reports data breach
- data breach | Georgian citizens' personal information leaked in exposed Elasticsearch database
- data breach | UK ISP TalkTalk investigating claims of potential data breach caused by third party supplier
- data breach | Singapore Council for Estate Agencies reports data leak exposing over 3000 people
- data breach | Hackers claim breach of North Pole Company exposing over 500K people
- ransomware | Ausstralian manufacturer Clutch Industries confirms ransomware attack, data breach
- ransomware | Edw. C. Levy Co. reports ransomware attack, data breach
- ransomware | Blacon High School near Chester forced to close because of ransomware attack
- ransomware | Major government contractor Conduent hit by service interruptions, blames third party
- ransomware | INC Ransom claims attack on defense contractor Stark Aerospace
- ransomware | Ransomware attack on third party provider impacts schools in Rhineland-Palatinate, Germany
- ransomware | Spanish Guardia Civil and the Ministry of Defense potentially hit by third party data breach
- ransomware | Argentinian hospital El Cruce hit by ransomware attack
