What were the cybersecurity statistics for the week of October 20-27, 2025?

During the week between October 20, 2025, midnight and October 27, 2025, midnight there were a total of 12 advisory/vulnerability events and 12 incident/data breach events. Additionally, 6 practical knowledge items were shared.

How did week 43 of 2025 compare to week 42 in terms of cybersecurity incidents?

Advisories and incidents were down in week 43 compared to week 42. Advisories decreased from 17 in week 42 to 12 in week 43. Incidents decreased from 24 in week 42 to 12 in week 43. The number of known impacted individuals also dropped from 26 million in week 42 to 17.4 million in week 43.

How many individuals were impacted by data breaches during the week of October 20-27, 2025?

There were a total of 17,455,441 impacted individuals across 5 incidents. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

What was the largest data breach during the week of October 20-27, 2025?

The largest breach was the researchers publishing aggregated infostealer data incident that exposed 183 million email accounts and passwords, affecting 16,400,000 individuals.

What were the main causes of cybersecurity incidents during October 20-27, 2025?

The main causes were: Malware, Ransomware and Related Attacks with 4 incidents, Denial-of-Service Attacks with 1 incident, Human bad security behaviour with 1 incident, Software Vulnerability and SDLC Exploits with 1 incident, and Third Party Compromise with 1 incident.

Which industries were most affected by cybersecurity incidents during October 20-27, 2025?

Energy and Government sectors each had 2 incidents, while Manufacturing, Other, Retail, Telecommunications, Aviation, Transport/Logistics, and Hospitality/Events each had 1 incident.

What notable ransomware attacks occurred during the week of October 20-27, 2025?

Notable ransomware attacks included: Aussie Fluid Power (claimed by Anubis group), Jewett-Cameron fence wholesaler exposing financial data and video meetings, Everest Ransomware gang claiming breach of AT&T Careers platform with theft of 576,686 records, and a ransomware attack on Askul disrupting Japanese retailers Muji and Loft.

What critical vulnerabilities were reported during October 20-27, 2025?

Critical vulnerabilities included authentication bypass flaws in Kentico Xperience CMS, a three-year-old Apple JavaScriptCore vulnerability, Windows SMB privilege escalation flaw, vulnerabilities in WordPress sites, command injection flaws in Veeder-Root TLS4B and TP-Link Omada Gateways, remote code execution flaw in LANSCOPE Endpoint Manager, Chrome V8 Engine flaw, Microsoft 365 Copilot vulnerability, and actively exploited WSUS Deserialization flaw.

What other significant data breaches occurred during October 20-27, 2025?

Other significant breaches included a DDoS attack on Russia's food safety agency impacting agricultural shipments, Kaufman County Texas suffering two separate breaches, Toys R Us Canada reporting customer information exposure, Dublin Airport breach affecting millions of passengers after Collins Aerospace ransomware attack, OYO Hotel and Casino Las Vegas exposing data of almost 5,000 people, FIA Driver categorisation website exposing data of nearly 7,000 drivers, and Origin Energy reporting employee theft of credit card details from over 700 customers.

What active exploitation campaigns were reported during October 20-27, 2025?

Active exploitation campaigns included exploitation of multiple older critical vulnerabilities in WordPress sites, GlassWorm supply chain attack infecting Visual Studio Code extensions, and SessionReaper flaw in Adobe Magento being actively exploited.

Knowledge

State of (in)security - Week 43, 2025

published: Oct. 27, 2025

Take action: If you are installing any AI based tools locally, be aware that AI vendors are not that disciplined in updating those tools. For example Cursor or Windsurf AI-powered code editors, haven't been updated for months.

Learn More

In the week between Oct. 20, 2025, midnight and Oct. 27, 2025, midnight we witnessed a total of:

12 advisory/vulnerability events
12 incident/data breach events

We also shared 6 practical knowledge items

Week over Week comparison of week 43 2025 vs week 42 2025:

Total impacted individuals via the events of the week

There were a total of 17,455,441 impacted individuals across 5 incidents, with the largest breach being the Researchers publish aggregated infostealer data that exposed 183 Million email accounts and passwords incident exposing 16,400,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	4
Denial-of-Service Attacks	1
Human bad security behaviour	1
Software Vulnerability and SDLC Exploits	1
Third Party Compromise	1

Industry breakdown of incidents

Industry	Number of incidents
Energy	2
Government	2
Manufacturing	1
Other	1
Retail	1
Telecommunications	1
Aviation	1
Transport/Logistics	1
Hospitality/Events	1

Read the Event Details of the Week

Knowledge

active exploit | CISA warns of active exploitation of critical authentication bypass flaws in Kentico Xperience CMS
active exploit | CISA warns of active exploitation of three years old Apple JavaScriptCore vulnerability
active exploit | CISA warns of active exploitation of Windows SMB privilege escalation flaw
active attack | Exploitation campaign targets multiple older critical vulnerabilities in WordPress sites
active exploit | GlassWorm supply chain attack: Self-Propagating malware infects Visual Studio Code extensions
active exploit | SessionReaper flaw in Adobe Magento actively exploited

Vulnerabilities

critical vulnerability | CISA warns of critical authentication bypass flaw in Raisecomm RAX701-GC Series
critical vulnerability | CISA warns of critical vulnerabilities in Rockwell Automation 1783-NATR
critical vulnerability | Critical command injection flaw reported in Veeder-Root TLS4B automatic tank gauge system
critical vulnerability | Critical command injection vulnerabilities in TP-Link Omada Gateways enable remote code execution
critical vulnerability | Critical remote code execution flaw in LANSCOPE Endpoint Manager actively exploited
critical vulnerability | Critical vulnerability discovered in End-of-Life ASKI Energy industrial controllers
critical vulnerability | Google releases emergency security update for Chrome V8 Engine flaw
critical vulnerability | Microsoft 365 Copilot vulnerability enables data theft through malicious Mermaid diagrams
critical vulnerability | Microsoft releases emergency patches for actively exploited critical WSUS Deserialization flaw
critical vulnerability | Multiple vulnerabilities reported in AutomationDirect Productivity Suite and PLCs, at least one critical
critical vulnerability | Oracle releases October 2025 Critical Patch Update addressing 374 vulnerabilities
critical vulnerability | Security researchers report critical security flaws in Cursor and Windsurf IDEs

Incidents

Read More
State of (in)security - Week 5, 2025
Details of hacking campaign stelathy techniques targeting military …
State of (in)security - Week 43, 2023
State of (in)security - Week 2, 2025
State of (in)security - Week 38, 2025