State of (in)security - Week 8, 2025
Take action: Make doubly sure all management interfaces of your network equipment is isolated from the internet and accessible only from trusted networks RIGHT NOW! There's a bunch of flaws in these interfaces, and if you leave them visible on the internet, you are just inviting trouble. A lot of trouble.
Learn More
In the week between Feb. 17, 2025, midnight and Feb. 24, 2025, midnight we witnessed a total of:
- 13 advisory/vulnerability events
- 22 incident/data breach events
Week over Week comparison of week 8 2025 vs week 7 2025:
- Advisories are slightly down and incidents are up from the previous week. Advisories are down from 14 in week 7 2025 to 13 in week 8 2025. Incidents are up from 20 in week 7 2025 to 22 in week 8 2025.
- The number of known impacted individuals is down - from 12 million in week 7 2025 to 4.83 million in week 8 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 4,832,972 impacted individuals across 7 incidents, with the largest breach being the Stalkerware platforms Cocospy and Spyic leak the data of millions of people incident exposing 2,650,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Software Vulnerability and SDLC Exploits | 2 |
| System Misconfiguration Exploits | 2 |
| Third Party Compromise | 2 |
| Human bad security behaviour | 1 |
| Social Engineering and Phishing | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 6 |
| Healthcare | 5 |
| Finance | 3 |
| Education | 2 |
| Transport/Logistics | 1 |
| Utilities | 1 |
| Insurance | 1 |
| IT/Software/Technology | 1 |
| Media | 1 |
Read the Event Details of the Week
Knowledge
- active attack | CISA reports actively exploited flaw in Craft CMS
- active exploit | CISA warns of actively exploited old vulnerabilities in Paessler PRTG servers
- active exploit | Microsoft patches actively exploited flaw in Power Pages platform
- active attack | Palo Alto confirms PAN-OS vulnerability CVE-2025-0108 actively exploited
- active attack | Palo Alto Networks reports another actively exploited firewall bug
Vulnerabilities
- critical vulnerability | ABB reports critical vulnerability in ASPECT-Enterprise, NEXUS, and MATRIX devices
- critical vulnerability | ABB reports three critical flaws in FLXEON Controllers
- critical vulnerability | Apache reports critical flaw in Ignite distributed database enabling Remote Code Execution
- critical vulnerability | Atlassian patches multple products, fixes critical dependency flaws in Confluence and Crowd
- critical vulnerability | Critical flaws reported in Mongoose library exposes MongoDB to SQL injection, RCE
- critical vulnerability | Elseta reports critical vulnerability in Vinci Protocol Analyzer
- critical vulnerability | Google releases new Chrome version, patches two high severity flaws
- critical vulnerability | HP fixes vulnerabilities in LaserJet printers, at least one critical
- critical vulnerability | Juniper patches critical authentication bypass vulnerability in its Session Smart/Assurance devices
- critical vulnerability | Microsoft reports remote code execution flaw in Bing search service
- critical vulnerability | Qualys reports two flaws in OpenSSH, one critical DDoS
- critical vulnerability | Siemens reports critical flaw in SiPass physical access control system
- critical vulnerability | Ubiquiti reports multiple vulnerabilities in Unifi Protect cameras and management
Incidents
- data breach | University of Massachusetts Amherst reports data breach
- data breach | DM Clinical Research leaks 1.6M clinical records
- data breach | Ottawa Family Physicians reports data breach
- data breach | Genea in vitro fertilization provider reports cybersecurity incident
- data breach | The Pension Specialists report data breach impacting over 71k customers
- data breach | Bybit Exchange hit by security incident, loses $1.4 Billion causing Ethereum price drop
- data breach | Niva Bupa Health Insurance is investigating potential data breach
- data breach | Rainbow District School Board reports data breach
- data breach | Anne Arundel County reports cyberattack, claimed by INC Ransom group
- data breach | Insight Partners private equity and venture capital firm reports cyberattack
- data breach | Supreme Administrative Court of Bulgaria hit by ransomware attack, data stolen
- data breach | Stalkerware platforms Cocospy and Spyic leak the data of millions of people
- data breach | Burlington Hydro reports data breach exposing customer data
- data breach | Hackers get hacked - Black Basta ransomware gang chat logs leaked
- data breach | Hipshipper, shipping platform leaks over 14 million shipping records
- data breach | Supreme Bar Council of Poland reports third party data breach exposing thousands of lawyers
- data breach | The Coast Guard's personnel and pay system taken offline, investigating breach
- ransomware | South African Weather Service hit by ransomware attack
- ransomware | HCRG Care Group investigates ransomware attack after gang claims theft of sensitive data
- ransomware | Lee Enterprises hit by ransomware, causes operational disruptions
- ransomware | INC Ransomware claims breach of Persante Health Care, leaks videos of supposed patients
- ransomware | Invest Hong Kong promotion agency reports ransomware attack
