State of (in)security - Week 41, 2025
Take action: Another prompt injection vector through hidden characters that the human user will not see but the AI will. Be Extremely conservative about AI access to your real systems and data, because all these products are half baked, not properly secured and the vendors hide behind "terms and conditions".
Learn More
In the week between Oct. 6, 2025, midnight and Oct. 13, 2025, midnight we witnessed a total of:
- 12 advisory/vulnerability events
- 20 incident/data breach events
Week over Week comparison of week 41 2025 vs week 40 2025:
- Advisories remain ther same, and incidents are up. Advisories remain at 12 both in weeks 40 and 41. Incidents are up from 17 in week 40 2025 to 20 in week 41 2025.
- The number of known impacted individuals is up - from 29 thousand in week 40 to 269 thousand in week 41 2025.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 269,174 impacted individuals across 5 incidents, with the largest breach being the Doctors Imaging Group radiology practice reports data breach exposing data of over 171,000 patients incident exposing 171,800 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| System Misconfiguration Exploits | 2 |
| Unauthorized access | 2 |
| Human bad security behaviour | 1 |
| Malware, Ransomware and Related Attacks | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 3 |
| Government | 3 |
| Consulting/Professional Services | 2 |
| Entertainment/Leisure | 2 |
| Insurance | 2 |
| Other | 2 |
| Non-profit/Charity | 1 |
| Finance | 1 |
| Manufacturing | 1 |
| Food and Beverage | 1 |
| Healthcare | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Ongoing attacks on Gladinet's CentreStack and Triofox vulnerabilites
- active exploit | Zimbra Collaboration Suite flaw actively exploited with stored XSS through malicious Calendar files
Vulnerabilities
- critical vulnerability | Critical flaw in Service Finder WordPress Theme actively exploited
- critical vulnerability | Critical Lua scripting flaw enables remote code execution in Redis server
- critical vulnerability | Critical memory corruption flaw in IBM AIX and VIOS package manager
- critical vulnerability | Critical privilege escalation vulnerability reported in AWS Client VPN for macOS
- critical vulnerability | Critical vulnerabilities reported in WP Travel Engine WordPress plugin
- critical vulnerability | Cybersecurity experts warn of ASCII Smuggling prompt injection vulnerability in multiple AI systems
- critical vulnerability | Dell patches multiple Unity flaws, at least one critical
- critical vulnerability | Google releases Chrome 141, patches multiple vulnerabilities enabling arbitrary code execution
- critical vulnerability | Juniper Networks patches nearly 220 security flaws in quarterly October 2025 update
- critical vulnerability | Nagios patches multiple flaws in their Log Server, at least one critical
- critical vulnerability | Oracle E-Business Suite reports another vulnerability during rising ransomware threats
- critical vulnerability | Zero Day Initiative reports 13 vulnerabilities in Ivanti Endpoint Manager
Incidents
- data breach | UBS Financial Services reports data security incident exposing client data
- data breach | Cybercrime gangs launches extortion campaign on Salesforce customers
- data breach | Pet insurance provider Rainwalk Technology leaks customer and pet data
- data breach | Doctors Imaging Group radiology practice reports data breach exposing data of over 171,000 patients
- data breach | Missouri probation services provider reports data breach exposing probationers' personal pnformation
- data breach | Electronics giant Avnet reports data breach affecting EMEA operations
- data breach | School communication platform Finalsite suspends services after security breach
- data breach | DraftKings reports credential stuffing attack targeting customer accounts
- data breach | Hackers breach prominent Washington Law Firm
- data breach | BK Technologies public safety communications provider reports data breach affecting employee data
- data breach | Trusteed Plans Service Corporation reports data breach affecting nearly 20,000 people
- data breach | Invoicely leaks nearly 180,000 files containing sensitive financial and personal data
- data breach | Sheheen, Hancock & Godwin hit by ransomware attack, exposes data of over 34,000 people
- data breach | Data breach exposes personal data of 40,000 UK Film and TV union members
- data breach | Hacker claims breach of KFC Venezuela, offers alleged stolen data for sale
- data breach | Georgia Department of Human Services reports data breach
- data breach | Shuffle.com customers exposed in Third-Party data breach of CRM provider
- data breach | NSW Reconstruction Authority reports data leak, up to 3,000 flood victims' data exposed in ChatGPT upload
- data breach | Nintendo allegedly breached by by Crimson Collective hacking group
- ransomware | Cyberattack disrupts online services in Sugar Land, Texas
