VulnHub

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by 20% in 2025, now listing a total of 1,484 vulnerabilities. Among these, 24 new vulnerabilities have been identified as being actively exploited by ransomware groups. This expansion is significant as it highlights the ongoing risk posed by these vulnerabilities to various software and hardware systems. Organizations that rely on affected products need to take immediate action to secure their systems, as these vulnerabilities can lead to severe security breaches if left unaddressed. The increase in vulnerabilities also reflects the evolving tactics of cybercriminals, making it crucial for companies to stay informed and proactive in their cybersecurity efforts.

Covenant Health, a healthcare organization based in Andover, Massachusetts, experienced a significant ransomware attack in May 2025, attributed to the Qilin group. This incident compromised the personal data of over 478,000 individuals, raising serious concerns about patient privacy and data security. Affected individuals may have had their sensitive health information exposed, which could lead to identity theft and other security risks. The breach emphasizes the ongoing vulnerabilities within the healthcare sector, where attackers increasingly target patient data for ransom. As healthcare providers continue to digitize their services, the need for robust cybersecurity measures becomes more pressing.

Covenant Health, a healthcare organization, suffered a significant data breach when the Qilin ransomware group hacked into its systems in May 2025. The incident has affected approximately 478,000 individuals, compromising sensitive personal information. While the exact nature of the stolen data has not been detailed, breaches of this scale often involve medical records and financial information, which can have serious implications for the affected individuals. This attack raises concerns about the security measures in place at healthcare facilities and the ongoing risks posed by ransomware groups. The incident serves as a reminder for organizations to strengthen their cybersecurity protocols to protect sensitive data from similar attacks.

Korean Air has confirmed a significant data breach affecting the personal information of around 30,000 employees. The breach occurred after the Cl0p ransomware group targeted a catering partner that handles sensitive employee data. The leaked information includes names, social security numbers, and other personal details, raising concerns about identity theft and privacy violations. In response to the incident, Korean Air is taking steps to enhance their data security measures and protect their staff's information. This incident serves as a reminder of the vulnerabilities that companies face when working with third-party vendors.

On December 26, 2023, the Oltenia Energy Complex, Romania's largest coal-based energy producer, fell victim to a ransomware attack attributed to the Gentlemen ransomware group. The attack severely disrupted the company's IT infrastructure, impacting its ability to operate effectively. Although specific details about the extent of the damage or data breaches have not been disclosed, the incident raises concerns about the vulnerability of critical infrastructure to cyber threats. As energy providers are essential for public services, such attacks can significantly affect energy supply and operational stability. Authorities and cybersecurity experts are likely to investigate the incident further to understand its implications and improve defenses against similar attacks in the future.

On December 25, the Everest ransomware group claimed to have stolen over 1 terabyte of data from Chrysler. This incident raises significant concerns about the security of sensitive information, as the attackers have threatened to release this data publicly if their demands are not met. Chrysler, part of the larger automotive industry, is now facing pressure to respond to the breach and protect its customers and business operations. Ransomware attacks like this not only disrupt companies but also put personal data at risk, affecting countless individuals. The situation is a stark reminder of the ongoing cyber threats facing major corporations, especially during times when security may be less prioritized, such as during holiday periods.

The Clop ransomware group has claimed responsibility for a significant data breach at the University of Phoenix, affecting approximately 3.5 million people. The breach reportedly exposed sensitive information, although the exact nature of the data compromised has not been detailed. This incident raises serious concerns about the security measures in place at educational institutions and the potential for misuse of the stolen data. Individuals affected by the breach may face risks such as identity theft or phishing attempts. As the investigation continues, it underscores the need for stronger cybersecurity protocols to protect personal information in higher education settings.

Romania's national water authority, Romanian Waters, recently experienced a significant ransomware attack that affected around 1,000 of its systems. Fortunately, the attack did not compromise the safety of the dams, which remain secure. Authorities are actively working to restore operations without paying the ransom demanded by the attackers. This incident is a stark reminder of the vulnerabilities critical infrastructure faces from cyber threats, emphasizing the need for robust cybersecurity measures in public services. The situation is still developing as officials assess the full impact and work on recovery efforts.

In 2025, ransomware attacks have shown a significant increase, with various industries facing heightened risks. The report outlines key statistics that reveal the evolving tactics used by attackers, including targeted assaults on critical infrastructure and healthcare systems. Companies are increasingly vulnerable as ransomware groups adapt, often deploying double extortion techniques that not only encrypt data but also threaten to leak sensitive information if ransoms are not paid. This trend poses serious implications for businesses, as the financial and reputational damage from such attacks can be substantial. Organizations are urged to bolster their cybersecurity measures and educate employees about phishing and other attack vectors to mitigate these risks.

The University of Phoenix has reported a data breach affecting approximately 3.5 million individuals, linked to a broader hacking campaign targeting Oracle's E-Business Suite software. This breach is attributed to the Cl0p ransomware group, known for exploiting vulnerabilities in various systems. The compromised data includes personal information, which raises significant concerns about identity theft and privacy violations for those affected. As educational institutions increasingly rely on digital platforms, this incident serves as a stark reminder of the vulnerabilities within such systems and the potential risks to sensitive information. Institutions and users alike need to remain vigilant and enhance their security measures to protect against similar attacks in the future.

The Clop ransomware group has successfully breached the University of Phoenix's network, compromising the personal data of approximately 3.5 million individuals, including students, staff, and suppliers. The attack occurred in August, and the stolen data could potentially include sensitive information, which raises concerns about identity theft and privacy violations. This incident emphasizes the growing threat of ransomware attacks on educational institutions, highlighting the need for improved cybersecurity measures. Affected individuals should be vigilant for signs of identity theft and consider monitoring their personal information more closely. The university has not yet detailed specific steps being taken to mitigate this breach or protect affected individuals.