State of (in)security - Week 49, 2025
Take action: The key advisory from this week is PATCH React and Next.js! If you're running React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers are already hacking your systems. Prioritize patching right now.
Learn More
In the week between Dec. 1, 2025, midnight and Dec. 8, 2025, midnight we witnessed a total of:
- 14 advisory/vulnerability events
- 17 incident/data breach events
Week over Week comparison of week 49 2025 vs week 48 2025:
- Advisories and incidents are up. Advisories are up from 8 in week 48 to 14 in week 49 2025. Incidents are up from 13 in week 48 2025 to 17 in week 49 2025.
- The number of known impacted individuals is up - from 473 thousand in week 48 to 5.6 million in week 49 2025.
We also shared 6 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 5,629,552 impacted individuals across 4 incidents, with the largest breach being the Data breach at 700Credit exposes 5.6 million records from auto financing applications incident exposing 5,600,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Software Vulnerability and SDLC Exploits | 4 |
| Malware, Ransomware and Related Attacks | 3 |
| System Misconfiguration Exploits | 2 |
| Human bad security behaviour | 1 |
| Third Party Compromise | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| Finance | 3 |
| Government | 2 |
| Education | 2 |
| IT/Software/Technology | 2 |
| Retail | 2 |
| Telecommunications | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | 7-Zip vulnerability that enables remote code execution actively exploited
- active exploit | Active exploitation reported of command injection flaw in Array Networks AG Series VPN gateways
- active exploit | Critical privilege escalation flaw in King Addons for Elementor plugin enables takeover of WordPress Sites
- active exploit | Critical remote code execution flaw in Sneeit Framework WordPress Plugin actively exploited
- active exploit | Microsoft silently mitigates Windows LNK Zero-Day flaw exploited by state-backed hackers
- active exploit | Multiple threat groups are exploiting the critical React/Nex.js vulnerability
Vulnerabilities
- critical vulnerability | Akamai patches critical HTTP request smuggling flaw in Edge Server infrastructure
- critical vulnerability | Command injection flaw in OpenAI Codex CLI enables silent remote code execution
- critical vulnerability | Critical authentication bypass flaw reported in Iskra Smart Metering gateways
- critical vulnerability | Critical privilege escalation flaw reported in Avast and AVG Antivirus
- critical vulnerability | Critical remote code execution flaw reported in Industrial Video & Control Longwatch surveillance system
- critical vulnerability | Critical remote code execution vulnerabilities reported in React and Next.js
- critical vulnerability | Critical vulnerabilities reported in PickleScan
- critical vulnerability | Critical XXE vulnerability reported in Apache Tika, exploitable via malicious PDFs
- critical vulnerability | Devolutions reports critical SQL Injection flaw in Devolutions Server
- critical vulnerability | Google December 2025 patch fixes Over 100 Android vulnerabilities, two actively exploited
- critical vulnerability | Google releases Chrome 143 security update patching 13 flaws
- critical vulnerability | OpenVPN releases security updates patching HMAC bypass, buffer over-read, and Windows DoS flaws
- critical vulnerability | PromptPwnd: Prompt Injection vulnerabilities expose supply chain attacks through AI-Powered CI/CD pipelines
- critical vulnerability | Qualcomm December 2025 Security Bulletin, patches multiple flaws, at least one critical
Incidents
- critical vulnerability | Yearn Finance suffers $9 Million loss in yETH Pool infinite mint exploit
- data breach | Persante Health Care reports data breach exposing patient data
- data breach | University of Pennsylvania reports data breach caused by Oracle E-Business Suite exploit
- data breach | Credent Wealth Management reports data breach exposing customer data
- data breach | Dutch municipality of Nuenen reports data breach exposing addresses of 1,000+ people
- data breach | Freedom Mobile reports data breach through compromised subcontractor account exposing customer data
- data breach | Ochsner LSU Health Regional Urology reports data breach exposing patient information
- data breach | Barts Health NHS Trust reports data breach caused by exploit of Oracle E-Business Suite flaw
- data breach | Kentucky pediatric practice "Physicians to Children & Adolescents" hit by ransomware attack
- data breach | Data breach at 700Credit exposes 5.6 million records from auto financing applications
- data breach | French DIY retailer Leroy Merlin reports data breach
- data breach | University of Phoenix reports data breach caused by Oracle E-Business Suite exploit
- data breach | Petco leaks customer information through application misconfiguration
- data leak | AI Image generator MagicEdit leaks over 1 million images, mostly explicit via unsecured database
- ransomware | Everest ransomware gang claims breach of ASUS, company says a third party supplier was hacked
- ransomware | Ransomware gang claims breach of New Horizons Medical
- ransomware | Ransomware attack on Mower County exposes data of over 27,000 Minnesota residents
