Why You Got Hacked – 2025 Super Edition

Black Hills Information Security summarized 853 penetration tests (56,000 pages) conducted over 15 months and identified roughly 6,619 vulnerabilities across services; findings include 138 critical, 1,876 high, 2,730 medium, 1,875 low, and 1,706 informational issues. Top recurring problems are weak ADCS configurations, widespread unpatched/unsupported software, password policy weaknesses, and MFA-related gaps, with External, Internal, and Web Application pentests being the most common services; the report is an aggregated assessment intended to guide remediation rather than describing an active exploit or incident.