How many cybersecurity events occurred in the week of September 29 to October 6, 2025?

During the week between September 29, 2025, midnight and October 6, 2025, midnight, there were a total of 12 advisory/vulnerability events and 17 incident/data breach events.

How did week 40 of 2025 compare to week 39 in terms of cybersecurity incidents?

Advisories increased from 8 in week 39 to 12 in week 40. Incidents decreased from 22 in week 39 to 17 in week 40. The number of known impacted individuals also decreased from 704 thousand in week 39 to 29 thousand in week 40 of 2025.

How many people were affected by data breaches in the week of September 29 to October 6, 2025?

There were a total of 29,485 impacted individuals across incidents during this week. The largest breach was the Fort Wayne Medical Education Program ransomware attack, which affected almost 30,000 people and exposed 29,485 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher.

What was the most common cause of cybersecurity incidents during this week?

Malware, ransomware, and related attacks were the most common cause with 6 incidents, followed by third-party compromise with 3 incidents, software vulnerability and SDLC exploits with 2 incidents, and social engineering/phishing and unauthorized access each with 1 incident.

Which industries were most affected by cybersecurity incidents during the week of September 29 to October 6, 2025?

IT/Software/Technology was the most affected industry with 5 incidents, followed by Healthcare with 4 incidents, Government with 2 incidents, and Food and Beverage, Insurance, Automotive, Media, Consulting/Professional Services, and Finance each with 1 incident.

What was the largest data breach of the week?

The largest breach was the Fort Wayne Medical Education Program ransomware attack, which affected almost 30,000 people and exposed 29,485 individuals.

What notable vulnerabilities were reported during the week of September 29 to October 6, 2025?

Notable vulnerabilities included an eight-year-old critical security flaw discovered in Unity Engine affecting thousands of games, critical remote code execution vulnerabilities in TOTOLINK X6000R routers, a critical authentication bypass flaw in Termix Docker image exposing SSH credentials, critical flaws in DrayTek Vigor router models, Oracle E-Business Suite vulnerabilities being exploited in an extortion campaign, and multiple Chrome vulnerabilities patched by Google.

What active exploits were reported by CISA during this week?

CISA reported active exploitation of a Meteobridge command injection flaw and active exploitation of a critical Sudo flaw. Additionally, hackers were exploiting a VMware zero-day for privilege escalation since October 2024, and there was a scanning campaign targeting a critical Palo Alto GlobalProtect vulnerability.

What major organizations were affected by data breaches during this week?

Major organizations affected included Platinum Federal Credit Union, FEMA and Border Protection (through CitrixBleed 2.0 flaw), Comcast Corporation (claimed by Medusa ransomware demanding $1.2 million), Red Hat, an Israeli hospital, Renault UK, Discord (third-party breach), the US Air Force, and Oracle E-Business Suite customers targeted in an extortion campaign.

Were there any ransomware attacks on healthcare organizations during this week?

Yes, healthcare organizations affected by ransomware and cyberattacks included the Fort Wayne Medical Education Program (affecting almost 30,000 people), an Israeli hospital hit during Yom Kippur, Harbor Mental Health Services, Murray-Calloway County Hospital, and Superior Vision Services.

What government entities were affected by cybersecurity incidents this week?

Government entities affected included FEMA and U.S. Customs and Border Protection (employee data compromised through CitrixBleed 2.0 flaw), the US Air Force (SharePoint-related data breach exposing personnel health and personal data), and the Legal Practice Board of Western Australia (hit by ransomware).

What was the CitrixBleed 2.0 flaw?

CitrixBleed 2.0 was a vulnerability that compromised FEMA and Border Protection employee data. The cyberattack exploited this flaw in Citrix Systems' remote access software to gain unauthorized access to sensitive government employee information.

Were there any third-party breaches reported during this week?

Yes, there were 3 third-party compromise incidents during this week. Notable examples include Discord reporting a breach at a third-party customer service provider exposing user information, Renault UK customer data exposed in a third-party cyberattack, and Murray-Calloway County Hospital reporting a third-party breach exposing patient information.

What ransomware groups were active during the week of September 29 to October 6, 2025?

Active ransomware groups mentioned include Medusa ransomware group (claiming breach of Comcast Corporation and demanding $1.2 million ransom) and various groups targeting the Fort Wayne Medical Education Program, Israeli hospital, Legal Practice Board of Western Australia, and federal cybersecurity contractor AttainX.

What critical vulnerability affected Unity Engine?

An eight-year-old critical security flaw was discovered in Unity Engine that requires urgent patching for thousands of games. This vulnerability had existed undetected for years and affects numerous gaming applications built with the Unity platform.

Knowledge

State of (in)security - Week 40, 2025

published: Oct. 6, 2025

Take action: Mass firing of people after a cybersecurity incident is just the type of culture which will not help long term. The most the organization can expect is everyone to start pushing the problem onto someone else and covering their behinds.

Learn More

In the week between Sept. 29, 2025, midnight and Oct. 6, 2025, midnight we witnessed a total of:

12 advisory/vulnerability events
17 incident/data breach events

Week over Week comparison of week 40 2025 vs week 39 2025:

We also shared 4 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 29,485 impacted individuals across 1 incidents, with the largest breach being the Fort Wayne Medical Education Program hit ransomware attack, affects almost 30,000 people incident exposing 29,485 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
Third Party Compromise	3
Software Vulnerability and SDLC Exploits	2
Social Engineering and Phishing	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
IT/Software/Technology	5
Healthcare	4
Government	2
Food and Beverage	1
Insurance	1
Automotive	1
Media	1
Consulting/Professional Services	1
Finance	1

Read the Event Details of the Week

Knowledge

active exploit | CISA reportd active exploitation of Meteobridge command injection flaw
active exploit | CISA warns of active exploitation of critical Sudo flaw
active exploit | Hackers exploit VMware Zero-Day for privilege escalation since October 2024
active attack | Scanning campaign targets critical Palo Alto GlobalProtect vulnerability

Vulnerabilities

critical vulnerability | Command Injection vulnerabilities reported in Unitree Robots
critical vulnerability | Critical authentication bypass flaw in Termix Docker image exposes SSH credentials
critical vulnerability | Critical privilege escalation flaw in Red Hat OpenShift AI enables cluster takeover
critical vulnerability | Critical remote code execution flaw patched in Western Digital My Cloud NAS devices
critical vulnerability | Critical remote code execution vulnerabilities reported in TOTOLINK X6000R routers
critical vulnerability | Eight-Year-Old critical security flaw discovered in Unity Engine, requires urgent patching for thousands of games
critical vulnerability | Google releases update for Chrome multiple flaws
critical vulnerability | High-Severity stored XSS reported in MyCourts platform, can be combined to steal session cookies
critical vulnerability | JWT signature verification bypass enables account takeover in Formbricks
critical vulnerability | Oracle releases emergency patch for E-Business Suite as ransomware gang pushes extortion campaign
critical vulnerability | OS command Injection flaw reported in MegaSys Enterprises Telenium Online web application
critical vulnerability | Remote code execution flaw reported in DrayTek Vigor router models

Incidents

Read More
State of (in)security - Week 43, 2023
Death by a thousand cuts - How Chinese …
Walkthrough in the newly discovered HTTP/2 DoS Rapid …
State of (in)security - Week 4, 2025
Take care who can physically access your Windows …