As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 07, 2026
Information security updates and events from the past week
1. Volvo Group North America Data Breach
Volvo Group North America announced that customer data and approximately 17,000 employee data were exposed following a cyberattack on external service provider Conduent.
According to the report, the attackers gained access to Conduent’s systems, which led to the exposure of sensitive information of Volvo employees and customers.
The information exposed includes – full names, SSNs, dates of birth, insurance details and medical information in some cases
2. European Commission reveals it is under cyber incident including leakage of employee names and phone numbers
The European Commission announced that it is investigating a cyber incident after signs were identified of a breach in its central mobile device management (MDM) system for its employees. According to the announcement, the attackers were able to access the personal information of some employees, but there was no indication that the devices themselves were compromised.
The information presented includes the names and mobile phone numbers of some employees.
The incident is believed to be related to the exploitation of vulnerabilities in the Ivanti Endpoint Manager Mobile (EPMM) product.
These are two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) that allow remote code execution without identification.
The vulnerabilities were also exploited as Zero Day against other public bodies in Europe.
The Dutch Privacy Authority and the country’s Council for the Judiciary reported almost identical hacks.
There, too, employment information such as names, business email addresses, and phone numbers was exposed.
3. Sapienza University of Rome shut down after cyberattacking
La Sapienza University in Rome, one of the largest in Europe, was forced to proactively shut down all its IT systems following a serious cyberattack. As a result, the official website, information systems, email services, and access to academic platforms were shut down to prevent further damage and curb the spread.
According to reports, this was a ransomware attack that caused systems to be encrypted, with the university administration choosing not to open the ransom demand message to avoid activating pressure mechanisms from the attackers. It is not yet known whether any information was leaked, and the recovery is being carried out with the assistance of the Italian cyber authorities and the national CSIRT.
4. Iron Mountain, a company that provides storage, management and recovery services for organizations, reports a limited information leak following a ransomware attack
The company said that attackers gained access to a single folder on a file sharing server using stolen identification information. According to the company, the folder mainly contained marketing materials shared with external suppliers and did not include sensitive customer information.
The Everest Group announced that it had stolen 1.4TB of information, but the company denies this and claims that no ransomware attack was detected, no ransom demand was received, and no indications of damage to other systems were found.
5. Newsletter platform Substack informs users of data leak
According to the report, an unauthorized party was able to access user data, including email addresses and phone numbers.
The company does not disclose exactly how the attacker carried out the attack but claims to have fixed the problem in the system that allowed access.
The company’s report comes following a post published by the attacker on one of the forums.
6. Coinbase confirms internal intrusion incident by a contractor
The company announced that a former contractor had unauthorized access to the accounts of about 30 of the company’s customers.
According to the company’s announcement, the employee is no longer employed by it, and all affected customers have been notified of the incident.
The company’s investigation began after a group of attackers published a picture of an internal system on Telegram, which was deleted shortly afterwards.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
