State of (in)security - Week 51, 2025
Take action: We've seen secrets in code, but storing PII in code repository is totally weird, especially when you think of the code repository of just program code and forget the data files. Never store PII in code repository. There are so many ways to expose it. And make sure to delete data of former customers unless you are legally required to keep it.
Learn More
In the week between Dec. 15, 2025, midnight and Dec. 22, 2025, midnight we witnessed a total of:
- 17 advisory/vulnerability events
- 16 incident/data breach events
Week over Week comparison of week 51 2025 vs week 50 2025:
- Advisories and incidents are up. Advisories are up from 16 in week 50 to 17 in week 51 2025. Incidents are up from 13 in week 50 2025 to 16 in week 51 2025.
- The number of known impacted individuals is up - from 296 thousand in week 50 to over 28 million in week 51 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 28,239,967 impacted individuals across 6 incidents, with the largest breach being the SoundCloud reports data breach exposing millions of user accounts incident exposing 28,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Physical Device theft or attack | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Third Party Compromise | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| IT/Software/Technology | 2 |
| Other | 2 |
| Government | 2 |
| Construction/Realestate | 1 |
| Retail | 1 |
| Consulting/Professional Services | 1 |
| Education | 1 |
| Finance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA reports active exploitation of ASUS Live Update supply chain vulnerability
- active exploit | CISA reports active exploitation of critical Fortinet authentication bypass flaw
- active exploit | CISA reports active expploit of Sierra Wireless Router vulnerability
- active exploit | Cisco Email Security appliances actively exploited
- active exploit | Critical actively exploited flaw in WatchGuard Fireware OS enables remote code execution through VPN service
Vulnerabilities
- critical vulnerability | Apache StreamPark hard-coded encryption key exposes sensitive data to decryption attacks
- critical vulnerability | Atlassian patches 46 vulnerabilities in December 2025 security bulletin, nine critical Third-Party flaws
- critical vulnerability | Command injection flaw reported in Node.js systeminformation package
- critical vulnerability | Critical arbitrary file upload flaw reported in WordPress Motors theme
- critical vulnerability | Critical authentication bypass and multiple flaws discovered in FreePBX VoIP platform
- critical vulnerability | Critical flaw in pgAdmin 4 allows remote code execution
- critical vulnerability | Critical Plesk vulnerability enables privilege escalation, server compromise
- critical vulnerability | Critical remote code execution flaw reported in Apache Commons Text library
- critical vulnerability | Critical remote code execution flaw reported in HPE OneView
- critical vulnerability | Critical remote code execution flaw reported in n8n workflow automation platform
- critical vulnerability | Critical vulnerabilities reported in Axis Communications Camera management systems
- critical vulnerability | Critical WSUS flaw reported in Schneider Electric Foxboro DCS systems
- critical vulnerability | Flaw in NVIDIA Isaac Lab enables remote code execution
- critical vulnerability | Google Chrome patches two high severity vulnerabilities in emergency update
- critical vulnerability | Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families
- critical vulnerability | Privilege escalation flaw reported in JumpCloud Remote Assist for Windows
- critical vulnerability | SonicWall patches actively exploited flaw vulnerability chain in SMA 1000 appliances
Incidents
- data breach | Artivo Surfaces reports data breach exposing data of over 1,000 people
- data breach | PornHub Premium members data exposed after Mixpanel analytics breach
- data breach | SoundCloud reports data breach exposing millions of user accounts
- data breach | Mitchell County, North Carolina reports ransomware attack exposing Department of Social Services data
- data breach | Rhysida ransomware gang claims attac on Australian medical centre Harbour Town Doctors
- data breach | Allied Wealth Partners reports data breach exposing client data through email breach
- data breach | LKQ Corporation reports data breach impacting 9,070 individuals after Oracle EBS exploit
- data breach | Sports Medicine & Orthopaedics reports data breach affecting patient information
- data breach | Ransomware attack on NHS technology provider DXS International exposes patient data
- data breach | Physical break-In at Texas Behavioral Health Facility exposes patient records of 1,309 people
- data breach | University of Sydney data breach compromises personal data of over 27,000 staff and students
- data breach | Rockrose Development Corp. reports data breach exposing data of 47,000 people
- data breach | Rhysida ransomware gang claims MedStar Health, steals 3.7TB of patient data
- data breach | NAHGA Claim Services data breach exposes health information of over 181,000 individuals
- ransomware | Madison Healthcare Services reports ransomware attack exposing patient data
- ransomware | Irish Office of the Ombudsman hit by ransomware attack
