State of (in)security - Week 9, 2025
Take action: Verify that Microsoft's Vulnerable Driver Blocklist is enabled on your systems (Settings → Privacy & security → Windows Security → Device security → Core isolation → Microsoft Vulnerable Driver Blocklist). And Make sure you enforce MFA on all your accounts, since you can become a victim of infostealer at any time. Also, check your phone from time to time, you may have spyware on it. And know that the vendors of these products are far from competent in securing their own application.
Learn More
In the week between Feb. 24, 2025, midnight and March 3, 2025, midnight we witnessed a total of:
- 11 advisory/vulnerability events
- 23 incident/data breach events
Week over Week comparison of week 9 2025 vs week 8 2025:
- Advisories are slightly down and incidents are up from the previous week. Advisories are down from 13 in week 8 2025 to 11 in week 9 2025. Incidents are up from 22 in week 8 2025 to 23 in week 9 2025.
- The number of known impacted individuals is massively up - from 4.83 million in week 8 2025 to 288 million in week 8 2025.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 288,403,874 impacted individuals across 8 incidents, with the largest breach being the Have I Been Pwned adds 284 million stolen accounts stolen accounts incident exposing 284,132,969 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 3 |
| Unauthorized access | 3 |
| Human bad security behaviour | 2 |
| Social Engineering and Phishing | 2 |
| Software Vulnerability and SDLC Exploits | 2 |
| System Misconfiguration Exploits | 2 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 4 |
| IT/Software/Technology | 3 |
| Finance | 3 |
| Education | 2 |
| Hospitality/Events | 2 |
| Manufacturing | 1 |
| Military/Defense | 1 |
| Consulting/Professional Services | 1 |
| Telecommunications | 1 |
| Entertainment/Leisure | 1 |
| Food and Beverage | 1 |
| Healthcare | 1 |
| Insurance | 1 |
Read the Event Details of the Week
Knowledge
- active attack | CISA reports active exploitation of Microsoft Partner Center Flaw
- active exploit | CISA reports active exploitation of Oracle AgilePLM flaws
- active exploit | Microsoft reports active exploitation of Paragon Partition Manager flaws by ransomware gangs
- active attack | Researchers detect hackers exploiting flaw in Cisco Small Business Routers to create botnet
- active attack | Spam campaign via XSS vulnerability in Krpano Virtual Tour Framework
Vulnerabilities
- critical vulnerability | Arista reports flaws in Arista EOS, one critical
- critical vulnerability | CISA reports active exploitation of Adobe ColdFusion flaw
- critical vulnerability | Critical flaw reported Parallels Desktop, PoC released
- critical vulnerability | Critical vulnerability reported in Chamilo E-Learning platform
- critical vulnerability | Critical vulnerability reported in Everest Forms WordPress Plugin
- critical vulnerability | Critical well known default password flaw reported in Hirsch Enterphone door access system
- critical vulnerability | Google security research reports multiple RSync flaws, at least one critical
- critical vulnerability | IBM patches third party library flaw in TXSeries middleware
- critical vulnerability | Maximum severity Remote Code Execution flaw in MITRE Caldera Framework
- critical vulnerability | Ping Identity reports critical flaw in PingAM Java Agent
- critical vulnerability | Schneider Electric reports critical flaw in Modicon M580 and Quantum Controllers
Incidents
- critical vulnerability | Hackers breach Belgian intelligence mail through vulnerable Barracuda system, lurk for two years
- data breach | Zapier reports their code repositories breached, potentially accessed customer data
- data breach | Shetland Islands council confirms data breach of council tax debt data
- data breach | City of Roseburg, Oregon reports data breach
- data breach | Reading Cooperative Bank reports data breach, exposing 24K people
- data breach | Indian brokerage firm Angel One Ltd reports cybersecurity incident, data breach
- data breach | BNS Foods reports breach of SushiCo customer data
- data breach | Café Zupas reports data breach, exposing customer Social Security Numbers
- data breach | Stalkerware App Spyzie breached, over 500K people exposed
- data breach | Charleston Area Medical Center reports data breach caused by phishing
- data breach | New Era Enterprises reports data breach
- data breach | The Philippine Army and Navy investigating alleged cyberattack
- data breach | Racine Unified School District reports data breach
- data breach | Boys & Girls Clubs of the Tennessee Valley report data breach
- data breach | Inspira Financial Trust reports data breach exposing over 2000 customers
- data breach | Northern Caribbean University hit by cyberattack, systems and data breached
- data breach | Nuna Baby Essentials reports data breach affecting over 16K people
- data breach | Drug testing firm DISA Global Solutions reports data breach exposing 3.3 million people
- data breach | Have I Been Pwned adds 284 million stolen accounts stolen accounts
- ransomware | Russia warns of breach of major IT service provider LANIT serving the financial sector
- ransomware | Semyonishna dairy processing plant hit by ransomware
- ransomware | Researcher reports breach of Wayne County by the Interlock ransomware group
- ransomware | French telecom operator Orange Group reports breach of Romanian subsidiary
