LeakWatch 2025 – Security incidents, IT scandals and alerts for calendar week 51

The current calendar week was also characterized by several security-related incidents that reveal fundamental deficits in dealing with IT security, data protection and the reliability of digital services. What is striking is the renewed spread of incidents across numerous sectors, with recurring causes evident in many cases. These include, in particular, the improper handling of sensitive data, inadequately controlled processes at external service providers and technical and organizational security measures that no longer correspond to the current threat level. The events make it clear that structural and organizational deficits and outdated control mechanisms, rather than individual technical vulnerabilities, continue to be among the main points of attack.

Active zero-day exploitation in Cisco AsyncOS infrastructure

In calendar week 51, a particularly critical security situation at Cisco became known after attackers actively exploited a previously unpatched zero-day vulnerability in the AsyncOS operating system. Secure Email Gateway and Web Security Appliances, which are used as central filter instances in many companies, are particularly affected. The attackers were able to gain persistent access, manipulate log files and execute administrative commands. According to current estimates, this is a targeted campaign of high technical quality which, according to security researchers, is attributed to state-supported actors. It is particularly problematic that the affected systems often act as trusted switching points within company networks and therefore a compromise can cause far-reaching consequential damage.

Massive data exposure at Pornhub through third-party legacy assets

An internationally high-profile incident concerns the Pornhub platform, where attackers are threatening to publish data from almost two hundred million premium users. According to current knowledge, the data records originate from historical archives of a third-party service provider that were not adequately protected. Even though the operator claims that payment data and passwords are not affected, email addresses, usage metadata and profile information are highly sensitive personal data. The case illustrates once again that data risks arise not only from current production systems, but in particular from poorly controlled legacy data at analysis and marketing service providers.

Intrusion into databases of the French Ministry of the Interior

A serious security incident in France was reported this week in the government environment. Attackers gained access to internal databases of the Ministry of the Interior, including the justice register TAJ and the wanted persons file FPR. These systems contain sensitive information on millions of data records from the police and judiciary. According to previous findings, access was gained via compromised email accounts and inadequately secured authentication mechanisms. The incident reveals considerable structural deficits in the protection of official IT systems and has triggered a nationwide review of existing security concepts.

Confirmed cyberattack on British government infrastructure

The United Kingdom also reported a serious cyberattack on government IT systems. Among others, the Foreign, Commonwealth and Development Office was affected. The attack occurred in the fall, but was only officially confirmed this week. The attackers apparently targeted diplomatic communication systems and visa-related data. The British government is reluctant to make a clear attribution, but security circles point to known state actor groups. The incident underlines the continuing vulnerability of even highly sensitive government networks to attacks prepared over a long period of time.

Targeted attack on former Israeli head of government

Another geopolitically relevant incident concerns a former Israeli head of government whose personal communication data was the target of a targeted cyber attack. The attackers published excerpts of private content and contact details in order to generate political pressure. Security analysts see strong indications of an Iranian-linked group of actors. The attack is an example of how cyber operations are increasingly being extended to individuals in order to send political signals and generate media attention.

PCI Express vulnerabilities in Intel and AMD processor platforms

In the hardware environment, several security-relevant vulnerabilities have become known in connection with the PCI Express interface, which affect both Intel and AMD platforms. The vulnerabilities are at the level of data transmission between the CPU and connected peripherals and can, under certain circumstances, cause unauthorized data readout, privilege escalation or denial of service. The fact that these attack vectors are deeply rooted in hardware communication and cannot be addressed exclusively by traditional software patches is particularly critical. This poses a structural risk for data centers and security-critical working environments.

IDEsastervulnerabilities in AI-supported development environments

Security researchers have also published a comprehensive analysis of more than thirty critical vulnerabilities in modern development environments with integrated AI functions. The affected editors and IDEs combine classic development functions with autonomous AI agents, creating new attack surfaces. In certain constellations, data leakage, source code manipulation or remote code execution is possible. It is particularly problematic that these vulnerabilities often occur in development environments that offer direct access to proprietary source code and access data.

Large-scale data leaks in the education and financial sectors

Several international reports this week point to additional data leaks in the education and financial sectors. In Australia, the University of Sydney was the target of an attack in which tens of thousands of employee and alumni records were compromised. At the same time, a credit data service provider in the USA was compromised, potentially exposing millions of people to an increased risk of identity theft. These incidents show that institutions with large historical data sets in particular continue to have significant security deficits.

Insecure IoT devices and freely accessible cameras worldwide

Massive security problems in the consumer sector also came to light once again. Tens of thousands of internet-enabled cameras were identified worldwide that could be accessed without authentication or with trivial access data. Low-cost models that are used in private households to monitor living spaces or as baby cameras are particularly affected. The incident highlights the continuing irresponsibility of many manufacturers in the IoT segment and the lack of enforcement of basic security standards.

Summary classification of calendar week 51

The security situation in calendar week 51 is characterized by an extraordinary density of serious incidents at almost all levels of the digital infrastructure. From state-motivated attacks on government networks and massive data exposures of private platforms to structural vulnerabilities in hardware and development environments, there is a consistent pattern of increasing complexity and scope. These events make it clear that cyber risks are no longer an isolated IT issue, but have a deep impact on political, economic and social processes.

Sources Table

What is LeakWatch?
As part of this project, a specially created and trained ChatGPT-based bot is used for special Internet research, which takes over the automated analysis of relevant data sources and simultaneously creates translations. The aim is to use primary sources that are as unadulterated as possible, which is why all links are recorded in tabular form to enable optional in-depth research by the interested reader. The automated search and extraction would only be possible with disproportionate effort without AI support, but every evaluation and text creation is carried out editorially and everything is also checked for content, as the AI cannot interpret or formulate all content completely reliably. LeakWatch is designed as a periodic security and leak analysis format that is created in the style of igor’sLAB and using specific specifications. The focus is on verifiable events from primary sources, technical classification and completely neutral evaluation without the influence of already filtered secondary information from third parties.