State of (in)security - Week 46, 2025
Take action: The development of AI tool is still very much rushed, with insufficient security testing and a lot of copy-paste from other framework. All this because it's a rush to production, not building a secure product. The end user will probably suffer most. In general, be very conservative with AI frameworks, test a lot and patch very fast. And remember that AI apps are also vulnerable to all the classic web application vulnerabilities that have nothing to do with AI.
Learn More
In the week between Nov. 10, 2025, midnight and Nov. 17, 2025, midnight we witnessed a total of:
- 20 advisory/vulnerability events
- 20 incident/data breach events
Week over Week comparison of week 46 2025 vs week 45 2025:
- Advisories and incidents are up. Advisories are up from 19 in week 45 to 20 in week 46 2025. Incidents are up from 13 in week 45 2025 to 20 in week 46 2025.
- The number of known impacted individuals is down - from 241 thousand in week 44 to 52 thousand in week 45 2025.
We also shared 4 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 52,582 impacted individuals across 4 incidents, with the largest breach being the Somalia's E-Visa system breached, exposing data of over 35,000 applicants incident exposing 35,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Software Vulnerability and SDLC Exploits | 5 |
| Malware, Ransomware and Related Attacks | 5 |
| Social Engineering and Phishing | 2 |
| Human bad security behaviour | 2 |
| Unauthorized access | 2 |
| System Misconfiguration Exploits | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 5 |
| IT/Software/Technology | 5 |
| Healthcare | 2 |
| Food and Beverage | 1 |
| Manufacturing | 1 |
| Non-profit/Charity | 1 |
| Consulting/Professional Services | 1 |
| Other | 1 |
| Education | 1 |
| Finance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Akira ransomware gang attacks Nutanix VMs with multiple vulnerabilities
- active exploit | CISA reports active explotation of WatchGuard Firebox vulnerability
- active exploit | Critical remote code execution flaw in Monsta FTP web client actively exploited
- active exploit | Critical Triofox authentication bypass flaw actively exploited
Vulnerabilities
- critical vulnerability | Adobe releases November 2025 patches for multiple products
- critical vulnerability | Container escape vulnerabilities discovered in runC container runtime
- critical vulnerability | Critical arbitrary code execution flaw reported in JavaScript expression parser expr-eval
- critical vulnerability | Critical authentication bypass flaw in ASUS DSL series routers enables remote takeover
- critical vulnerability | Critical remote code execution flaw reported in pgAdmin4
- critical vulnerability | Critical Remote Code Execution vulnerability reported in Imunify360 AV
- critical vulnerability | Critical unauthenticated SQL Injection flaw reported in on-premise Zoho Analytics Plus
- critical vulnerability | Critical vulnerabilities reported in Rockwell Automation Studio 5000 simulation interface
- critical vulnerability | Critical vulneranilities reported in General Industrial Controls Lynx+ gateway
- critical vulnerability | Critical zero-day vulnerability in Fortinet FortiWeb actively exploited in the wild
- critical vulnerability | IBM reports critical flaws in AIX Network Installation Manager
- critical vulnerability | Microsoft November 2025 Patch Tuesday fixes one exploited zero-day flaw, 63 total
- critical vulnerability | Mozilla releases Firefox patches, fixes 15 vulnerabilities including sandbox escape flaws
- critical vulnerability | Multiple critical vulnerabilities reported in Festo industrial controllers
- critical vulnerability | SAP November 2025 security update fixes critical vulnerabilities enabling remote code execution and injection
- critical vulnerability | "ShadowMQ" exploit pattern reported in major AI frameworks, enables remote code execution
- critical vulnerability | SSRF vulnerability in ChatGPT Custom GPTs actions exposes Azure cloud infrastructure
- critical vulnerability | Synology patches critical remote code execution vulnerability in BeeStation OS
- critical vulnerability | Vulnerabilities reported in Siemens COMOS, one critical
- critical vulnerability | WatchGuard Firebox reported having well-known default credentials, vendor says by design
Incidents
- data breach | Data breach at Chinese infosec firm Knowsec exposes state-level cyber weapons and intelligence ops
- data breach | Allianz UK reports breach through compromise of Oracle E-Business Suite
- data breach | GlobalLogic breached in Oracle E-Business Suite Attack, exposing data of over 10,000 employees
- data breach | DoorDash reports data breach after social engineering attack
- data breach | Healthcare Technology Firm Doctor Alliance breached, allegedly exposing 1.2 Million patient records
- data breach | Healthcare Therapy Services reports email system breach exposing patient data
- data breach | Princeton University reports phone phishing attack exposing student, alumni and donor data
- data breach | Somalia's E-Visa system breached, exposing data of over 35,000 applicants
- data breach | Trumbull County reports data breach originating from third-party vendor
- data breach | Tate Art Galleries reports data breach exposing personal data of job applicants
- data breach | Malta Tax Authority leaks contact details of 7,000 companies through email error
- data breach | Marshfield Clinic Health System reports email account compromise exposing patient data
- data breach | Logitech confirms data breach caused by the breach of Oracle E-Business Suite by Clop ransomware gang
- ransomware | Alpha Omega Winery notifies customers of 2023 ransomware attack
- ransomware | Mexican Attorney General's office hit by ransomware attack
- ransomware | Ransomware gang INCRansom claims breach of Latin American law firm LatamLex
- ransomware | Italian textile supplier Fulgar reports ransomware attack exposing financial and client data
- ransomware | NHS investigating potential breach after ransomware group claims breach of Oracle E-Business Suite
- ransomware | Checkout.com reports ransomware attack, refuses to pay, donates to cyber research
- ransomware | Towne Mortgage Company hit by ransomware attack exposing customer data
