State of (in)security - Week 45, 2025
Take action: If you have the Post SMTP plugin on WordPress, update to version 3.6.1 right now. Attackers are actively exploiting it to reset admin passwords and hijack sites.
Learn More
In the week between Nov. 3, 2025, midnight and Nov. 10, 2025, midnight we witnessed a total of:
- 19 advisory/vulnerability events
- 13 incident/data breach events
Week over Week comparison of week 45 2025 vs week 44 2025:
- Advisories are significantly up and incidents are down. Advisories are up from 9 in week 44 to 19 in week 45 2025. Incidents are down from 16 in week 44 2025 to 13 in week 45 2025.
- The number of known impacted individuals is down - from 329 thousand in week 44 to 241 thousand in week 45 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 241,738 impacted individuals across 5 incidents, with the largest breach being the Ransomware attack on Central Jersey Medical Center exposes data of 131,000 patients incident exposing 131,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 4 |
| Software Vulnerability and SDLC Exploits | 3 |
| Human bad security behaviour | 1 |
| System Misconfiguration Exploits | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Finance | 3 |
| Government | 2 |
| Healthcare | 2 |
| Media | 2 |
| Consulting/Professional Services | 2 |
| Gas/Oil | 1 |
| IT/Software/Technology | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Critical authentication bypass flaw in JobMonster WordPress theme actively exploited
- active exploit | Critical vulnerability in Post SMTP WordPress Plugin actively exploited
- active phishing | Microsoft & Atlassian Impersonation Campaigns through typosquatting
- critical vulnerability | Multiple vulnerabilities reported in ChatGPT that enable zero-click data theft
- active scam | SMS Based scam impersonating Apple, leading victims to fake support numbers for social engineering
Vulnerabilities
- critical vulnerability | Apple releases security update iOS 26.1 and iPadOS 26.1 patching over 50 vulnerabilities, at least two critical
- critical vulnerability | CISA reports active exploitation of critical vulnerability in CentOS Web Panel
- critical vulnerability | Cisco patches critical flaws in Unified Contact Center Express
- critical vulnerability | Command injection vulnerabilities reported in Claude Desktop extensions enabling Remote Code Execution
- critical vulnerability | Critical authentication flaw reported in Survision license plate recognition cameras
- critical vulnerability | Critical authentication vulnerabilities reported in Radiometrics VizAir aviation weather system
- critical vulnerability | Critical RDSEED flaw in AMD Zen 5 processors compromises cryptographic random number generation
- critical vulnerability | Critical remote code execution flaw reported in React Native CLI
- critical vulnerability | Critical security vulnerabilities patched in Nagios XI 2026R1
- critical vulnerability | Critical stack buffer overflow flaw in Redis database enables remote code execution
- critical vulnerability | Critical vulnerability reported in AI Engine WordPress plugin
- critical vulnerability | Django releases update, patches critical SQL injection flaw and Denial-of-Service condition
- critical vulnerability | Google releases Chrome update just 5 days after the previous, patches multiple vulnerabilities
- critical vulnerability | Google releases November 2025 Android patch, fixes critical zero-click flaw
- ransomware | Malicious NuGet packages carry time-delayed logic bombs targeting databases and industrial control systems
- critical vulnerability | QNAP patches critical SQL Injection flaw in QuMagie photo management application
- critical vulnerability | QNAP patches seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025
- critical vulnerability | Spyware exploited vulnerability in Samsung Galaxy devices through malicious WhatsApp images
- critical vulnerability | Vulnerability in Amazon WorkSpaces client for Linux enables unauthorized access
Incidents
- data breach | Washington Post confirms data breach in the Oracle E-Business Suite attack campaign
- data breach | Balancer DeFi protocol hit by $128 Million exploit
- data breach | Data breach at behavioral healthcare provider exposes mental health records of over 92,000 patients
- data breach | Japanese publishing company Nikkei suffers Slack compromise exposing data of over 17,000 people
- data breach | South Gloucestershire Council leaks personal data of 625 residents due to publishing error
- data breach | Klarna leaks customer data in pre-filled credit application forms
- data breach | Akira ramsomware gang claims breach of Wakefield & Associates
- data breach | Ransomware attack on Central Jersey Medical Center exposes data of 131,000 patients
- data breach | Congressional Budget Office reports cyberattack exposing sensitive communications and economic data
- data breach | Hyundai AutoEver America reports data breach exposing customer SSNs and driver's license data
- data leak | Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure
- ransomware | Mack Energy Corporation hit by ransomware attack
- ransomware | Qilin ransomware gang claims breach at Habib Bank AG Zurich
