State of (in)security - Week 47, 2025
Take action: Don't manage authentication or trust with HTTP headers. They can be faked. If you do, make sure to remove your "special" HTTP header on the gateway or load balancer level.
Learn More
In the week between Nov. 17, 2025, midnight and Nov. 24, 2025, midnight we witnessed a total of:
- 13 advisory/vulnerability events
- 29 incident/data breach events
Week over Week comparison of week 47 2025 vs week 46 2025:
- Advisories are down and incidents are up. Advisories are down from 20 in week 46 to 13 in week 47 2025. Incidents are up from 20 in week 46 2025 to 29 in week 47 2025.
- The number of known impacted individuals is up - from 52 thousand in week 46 to 1.3 million in week 47 2025.
We also shared 1 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 1,318,772 impacted individuals across 10 incidents, with the largest breach being the Data breach at French Urssaf Pajemploi service exposes datan of 1.2 million childcare workers incident exposing 1,200,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 9 |
| Third Party Compromise | 3 |
| Software Vulnerability and SDLC Exploits | 2 |
| Unauthorized access | 2 |
| Human bad security behaviour | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 8 |
| Consulting/Professional Services | 4 |
| Government | 4 |
| Healthcare | 2 |
| Retail | 2 |
| Finance | 2 |
| Utilities | 1 |
| Construction/Realestate | 1 |
| Education | 1 |
| Energy | 1 |
| Gas/Oil | 1 |
| Aviation | 1 |
Read the Event Details of the Week
Knowledge
Vulnerabilities
- critical vulnerability | 7-Zip vulnerability enables remote code execution through malicious ZIP files
- ransomware | Cl0p Ransomware gang claims breach of Broadcom through Oracle E-Business Suite vulnerabilities
- critical vulnerability | Critical authentication bypass flaw enables takeover of Milvus Vector Database
- critical vulnerability | Critical command injection flaw reported in W3 Total Cache WordPress plugin
- critical vulnerability | Critical remote code execution flaw reported in Emerson Appleton UPSMON-PRO
- ransomware | Fortinet patches actively exploited FortiWeb vulnerability
- critical vulnerability | Google releases emergency Chrome update to patch actively exploited vulnerability
- critical vulnerability | Grafana Enterprise patches critical SCIM flaw enabling privilege escalation
- critical vulnerability | Microsoft patches critical authentication bypass flaw in Azure Bastion service
- critical vulnerability | Microsoft patches critical elevation of privilege flaw in SharePoint Online
- critical vulnerability | Multiple vulnerabilities reported in End-of-Life D-Link DIR-878 routers, two unauthenticated command injection
- critical vulnerability | Multiple vulnerabilities reported in METZ CONNECT EWIO2 Industrial Control Systems
- critical vulnerability | SolarWinds patches critical vulnerabilities in Serv-U
Incidents
- critical vulnerability | Major banks face data exposure after cyberattack on SitusAMC mortgage vendor
- data breach | Attleboro, Massachusetts IT systems hit in suspected ransomware attack
- data breach | American Israel Public Affairs Committee reports four months long breach, exposing data of 810 people
- data breach | Eurofiber France reports data breach exposing data of 3,600+ organizations
- data breach | Coupang reports data breach exposing personal data of 4,500 customers
- data breach | Consero Global reports data breach exposing sensitive data of over 9,200 people
- data breach | Italian IT Provider Almaviva reports cyberattack exposing 2.3TB of railway operator data
- data breach | Data breach at French Urssaf Pajemploi service exposes datan of 1.2 million childcare workers
- data breach | Third-Party vendor breach compromises data of nearly 45,000 Norway Savings Bank customers
- data breach | Harvard University reports a phone phishing attack and data breach on alumni affairs and development systems
- data breach | Email account compromise at St. Anthony Hospital exposes data of 6,679 patients and staff
- data breach | Cox Enterprises reports data breach caused by Oracle E-Business Suite exploitation
- data breach | Salesforce revokes Gainsight application tokens after data theft campaign targeting customer Instances
- data breach | Liberty Resources reports ransomware attack, data breach exposing patient data
- data breach | HVAC contractor Mechanical Systems & Services reports incident exposing personal data
- data breach | Greer Commission of Public Works reports data breach exposing information of over 14,000 customers
- data breach | Philippine Department of the Interior and Local Governmen investigates alleged 400GB data breach
- data breach | Payroll specialist The TEAM Companies reports data breach affecting almost 22,000 people
- data breach | Spanish Iberia Airlines reports third-party vendor data breach exposing customer data
- data breach | Nationwide CodeRED emergency alert system Compromised by ransomware gang
- ransomware | LG Energy Solution reports ransomware attack, hackers claim theft of 1.7 terabytes of data
- ransomware | Marquis Software Solutions reports ransomware attack exposing data of nearly 7,000 banking customers
- ransomware | Everest Ransomware group claims breach of Petrobras
- ransomware | CrowdStrike fires employee being caught sharing screenshots with Scattered Lapsus$ Hunters gang
- ransomware | Ahtna, Inc. reports data breach affecting at least 1,800 Individuals
- ransomware | Cleveland County Sheriff's Office in Oklahoma hit by ransomware attack
- ransomware | Everest Ransomware group claims breach of Under Armour, company has not confirmed incident
- ransomware | Qilin ransomware gang claims breach of Canadian electrical services firm Spark Power
- ransomware | Cloudflare outage brings down major websites Including Twitter, ChatGPT, and Spotify
