State of (in)security - Week 42, 2025
Take action: When using GitHub Copilot or any AI coding assistant, never trust it to analyze code or comments from external contributors or public pull requests. There are ways to hide prompts which are not even tested for until exploited. Treat AI-generated code suggestions the same way you'd treat code from an untrusted developer—always verify packages, libraries, and code logic before implementing them in your projects.
Learn More
In the week between Oct. 13, 2025, midnight and Oct. 20, 2025, midnight we witnessed a total of:
- 17 advisory/vulnerability events
- 24 incident/data breach events
Week over Week comparison of week 42 2025 vs week 41 2025:
- Advisories and incidents are up. Advisories are up from 12 in week 41 to 17 in week 42 2025. Incidents are up from 20 in week 41 2025 to 24 in week 42 2025.
- The number of known impacted individuals is up - from 269 thousand in week 41 to 26 million in week 42 2025.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 26,114,765 impacted individuals across 10 incidents, with the largest breach being the Prosper Marketplace reports data breach exposing 17.6 million people incident exposing 17,600,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Third Party Compromise | 3 |
| Software Vulnerability and SDLC Exploits | 2 |
| Social Engineering and Phishing | 1 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Education | 3 |
| Manufacturing | 2 |
| Other | 2 |
| Retail | 2 |
| IT/Software/Technology | 2 |
| Construction/Realestate | 2 |
| Government | 2 |
| Healthcare | 2 |
| Aviation | 2 |
| Telecommunications | 1 |
| Finance | 1 |
| Food and Beverage | 1 |
| Insurance | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA warns of active exploitation of Windows vulnerability
- active exploit | Critical Adobe Experience Manager flaw actively exploited
- active exploit | Rapid7 Velociraptor vulnerability actively exploited in ransomware campaigns
Vulnerabilities
- critical vulnerability | Adobe releases October 2025 patches for multiple products
- critical vulnerability | CamoLeak: GitHub Copilot vulnerability enabled silent theft of private source code and secrets
- critical vulnerability | ConnectWise Automate vulnerable to agent communication interception
- critical vulnerability | Critical authentication bypass flaw reported in Siemens TeleControl Server Basic
- critical vulnerability | Critical authentication flaw in Siemens SIMATIC ET 200SP Communication Processors exposes configuration data
- critical vulnerability | Critical deserialization flaw in Apache ActiveMQ NMS AMQP client enables remote code execution
- critical vulnerability | Critical Samba flaw enables remote code execution on Samba servers running as Active Directory domain controllers
- critical vulnerability | Critical template injection flaw in Elastic Cloud Enterprise enables remote code execution
- critical vulnerability | Critical VM Escape vulnerability reported in Happy DOM
- critical vulnerability | Critical vulnerabilities in Red Lion industrial RTUs enable complete remote takeover
- critical vulnerability | Emergency patch released for SSRF flaw in Zimbra Collaboration Suite, advised immediate patching
- critical vulnerability | Google patches high severity vulnerability in Chrome Safe Browsing
- critical vulnerability | Microsoft October 2025 patch tuesday fixes 172 flaws including Zero-Days and actively exploited flaws
- critical vulnerability | Mozilla patches multiple high severity flaws in Firefox and Thunderbird
- critical vulnerability | SAP October 2025 security patch fixes 13 new security flaws, at least two critical
- critical vulnerability | Siemens patches multiple critical flaws in User Management Component of multiple products
- critical vulnerability | Veeam reports critical flaws in their Backup & Replication product, asks for urgent patching
Incidents
- data breach | Prosper Marketplace reports data breach exposing 17.6 million people
- data breach | Hacker group doxxes U.S. federal officials in data leak
- data breach | Verisure reports data breach exposing personal data of 35,000 Swedish customers
- data breach | American Airlines subsidiary Envoy Air reports data breach through Oracle Zero-Day attack
- data breach | Kolkata real estate company hit by ransomware attack
- data breach | Healthcare equipment manufacturer Ansell reports data breach
- data breach | Data breach at Methodist Homes exposes sensitive data of nearly 26,000 people
- data breach | Canadian Tire Corporation E-Commerce database breached, exposing customer information
- data breach | University of St. Thomas Houston hit by ransomware attack, 1.8 TB of data exposed
- data breach | F5 Networks reports major Nation-State Breach, BIG-IP source code and vulnerability data stolen
- data breach | Fashion retailer MANGO reports data breach through third-party marketing vendor
- data breach | Auction house Sotheby's reports data breach exposing employee data and social security numbers
- data breach | Hackers breach UK Military contractor, exposing defence base information
- data breach | Dodo and iPrimus Telco customers hit by Data Breach affecting email and mobile services
- data breach | Vietnam Airlines hit by Salesforce CRM instance breach, exposes data of 7.3 Million customers
- data breach | Harvard University investigates data breach linked to critical Oracle zero-day flaw
- data leak | Marketing and email data platform Netcore Cloud leaks over 40 billion email marketing records
- ransomware | Volkswagen Group confirms cybersecurity incident after 8Base ransomware gang claims data theft
- ransomware | Goosehead Insurance hit by ransomware attack exposing customer data
- ransomware | Hong Kong vegetable wholesale market hit by ransomware attack affecting 7,000 users
- ransomware | Dairy Farmers of America reports ransomware attack exposing data of 4,546 individuals
- ransomware | Kearney Public Schools hit by cyberattack, disrupts communications
- ransomware | Massachusetts hospitals Heywood and Athol hit by cyberattack, divert ambulances
- ransomware | Michigan City, Indiana reports ransomware attack, data stolen
