State of (in)security - Week 6, 2025
Take action: NETGEAR is high priority this week. If you are using NETGEAR WiFi routers, update your routers IMMEDIATELY. Don't delay this one, the flaws are very easily exploitable.
Learn More
In the week between Feb. 3, 2025, midnight and Feb. 10, 2025, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 26 incident/data breach events
Week over Week comparison of week 6 2025 vs week 5 2025:
- Advisories are down and incidents are up from the previous week. Advisories are up from 13 in week 5 2025 to 10 in week 6 2025. Incidents are up from 23 in week 5 2025 to 26 in week 6 2025.
- The number of known impacted individuals is significantly up - from 1.763 million in week 5 2025 to almost 25 million in week 6 2025.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 24,992,742 impacted individuals across 11 incidents, with the largest breach being the OpenAI investigating claims of data breach potentially exposing 20M users incident exposing 20,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 8 |
| Third Party Compromise | 2 |
| Unauthorized access | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| IT/Software/Technology | 4 |
| Construction | 3 |
| Manufacturing | 2 |
| Consulting/Professional Services | 2 |
| Education | 2 |
| Retail | 1 |
| Telecommunications | 1 |
| Utilities | 1 |
| Entertainment/Leisure | 1 |
| Food and Beverage | 1 |
| Government | 1 |
| Insurance | 1 |
| Non-profit/Charity | 1 |
Read the Event Details of the Week
Knowledge
- active attack | CISA warns of ongoing attacks exploiting Microsoft Outlook remote code execution (RCE) flaw
- active attack | Flaws in SimpleHelp RMM flaws exploited to breach corporate networks
- active exploit | Trimble and CISA report active exploitation of their Cityworks platform
Vulnerabilities
- critical vulnerability | ABB reports a critical vulnerability in their Drive Composer software
- critical vulnerability | AutomationDirect reports critical security vulnerability in C-more EA9 HMI product line
- critical vulnerability | Belgian healthcare technology company Orthanc reports critical vulnerability in their server software
- critical vulnerability | Cisco patches two critical flaws in its Identity Services Engine
- critical vulnerability | Dell reports seven critical flaws in PowerProtect Data Domain (DD) systems
- critical vulnerability | Google releases February 2025 Android update, fixing among others one critical and possibly exploited Android kernel flaw
- critical vulnerability | Microsoft reports and patches vulnerabilities in Azure and AI services
- critical vulnerability | Netgear reports critical flaws in WiFi routers, advises urgent patch
- critical vulnerability | Researchers warn of critical flaw in iPadOS, macOS Sequoia and macOS Sonoma
- critical vulnerability | Veeam patches critical vulnerability in the Veeam Updater enabling Man-in-the-Middle attacks
Incidents
- data breach | OpenAI investigating claims of data breach potentially exposing 20M users
- data breach | O'Connor Corporation reports data breach
- data breach | Tokio Marine companies report data breach
- data breach | Biomedical Caledonia Medical Laboratory Limited reports data breach
- data breach | San Francisco-Marin Food Bank reports data breach exposing 60K people
- data breach | City of McKinney reports data breach
- data breach | Asheville Eye Associates reports data breach exposing 193K people
- data breach | HPE reports data breach caused by 2023 Office 365 hack
- data breach | Bankers Cooperative Group reports data breach
- data breach | University Diagnostic Medical Imaging reports data breach exposing 138K people
- data breach | Econet Wireless Zimbabwe hit by data breach exposing over 850K customers
- data breach | IntelBroker claims third leak of Hewlett Packard Enterprise
- data breach | Grubhub reports cyberattack, data breach
- data breach | InterCon Construction reports data breach exposing 6,600 people
- data breach | Caiafa & Company, LLC reports data breach
- data breach | Yazoo Valley Electric Power Association reports data breach exposing 20k residents
- data breach | Stock Development LLC reports data breach
- ransomware | Japanese Sanrio Entertainment reports Puroland theme park hit by ransomware
- ransomware | University of The Bahamas hit by ransomware attack
- ransomware | Qilin ransomware group claims breach of Hikari Seiko, supposedly stole 500GB
- ransomware | Casio UK e-store breached, customer credit cards stolen
- ransomware | University of Oklahoma isolates systems and investigates after ransomware gang claims breach
- ransomware | DragonForce ransomware gang claims breach of Australian healthcare provider Heart Centre
- ransomware | Hospital Sisters Health System reports almost 2 year old data breach exposing 880K patients
- ransomware | British global engineering firm IMI reports cybersecurity attack
