As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 11, 2025
1 – An attacker calling himself “X0Frankenstein” claims to have hacked into the database of banking and financial giant JPMorgan Chase and published sensitive information on 8,880 customers.
The information allegedly exposed includes highly personal customer details.
Type of information: Email addresses, full names, residential addresses, phone numbers, gender and dates of birth
2 – Jaguar Land Rover (JLR) hit by major data leak: internal documents and employee data exposed
A member of the BreachForums forum posted information about a hack into the company, which includes the leak of sensitive internal documents and employee data.
Scope of the leak:
– Approximately 700 internal company documents
– Development logs, tracking data and source code
– Employee data database including usernames, email addresses, display names and time zones
Jaguar Land Rover, a well-known global automotive brand with reported revenues of $29.9 billion, has yet to officially respond to the leak.
https://www.cybersecurity-insiders.com/data-breach-stories-of-bank-of-america-and-jaguar-land-rover/
3 – Researcher identifies Egyptian hacker behind Platform X DDoS attack
Security researcher Robert has published an interesting intelligence analysis that he claims identifies the likely perpetrator of the DDoS attack that took down Platform X this week. The investigation points to an Egyptian student named Mohamed Hani, who operates under the aliases “DrSinaway” and “MRHELL112”.
Key findings of the investigation:
– The group’s leader, MRHELL112, has previously used aliases such as Darkcrr and GLITCHAT1
– Links found between DrSinaway and another group called “CyberSorcerers”
– The researcher was able to locate an email address (drsinaway.crypto@gmail.com) and a partial Egyptian phone number
– Further searching led to the Linktree profile and Facebook account of an Egyptian student named Mohamed Hani
Robert also found that around August-September 2023, Mohamed was looking for a team and joined a Telegram channel associated with DDoS to align with a Russian group, claiming that it was “for the benefit of Russia and the Arab world.”
The researcher noted that Mohamed is not acting alone and has at least one accomplice, but more details on this will be published later. All information related to the investigation, including the connection graph, can be found in the attached link.
4 – Russian hackers exploit Signal to spy on users and read their messages
A Google research group has uncovered a series of espionage operations carried out by Russian hackers targeting users of the secure messaging app Signal. The main targets include military personnel, politicians and activists who use the app for sensitive communications.
The vulnerability of the application:
– The hackers exploit the “linked devices” feature of Signal – a feature that allows the user to log in to their account from multiple devices (such as a phone and a computer) at the same time
– The attackers send fake QR codes or links to fake websites
– When the victim scans the code, he essentially approves linking his account to the attackers’ device
– Once connected, the attackers receive a copy of all messages sent and received on the victim’s account
The attack groups and their methods:
– The UNC5792 group modifies legitimate group invitations and displays fake websites
– The UNC4221 group: created websites that imitate Ukrainian military systems to lure users
– The APT44 (Sandworm) group uses devices captured from Ukrainian soldiers to gain access to accounts
– The Turla and UNC1151 groups: directly hack into Signal databases on Windows and Android devices
The Signal application is considered one of the most secure messaging apps, and it provides full encryption for communication between users. Precisely because of the high level of security, it is used by people who care about protecting their privacy – which makes it an attractive target for spies.
Recommendations for users include periodically checking the list of devices connected to the Signal account (this can be found in the app settings), removing unidentified devices, and avoiding scanning QR codes or clicking on links from unknown sources.
5 – City on the Texas-Mexico border declares a state of emergency following a cyberattack on city systems
The city government of Mission, Texas, declared a state of emergency this week after a cyberattack that exposed all the information stored in city systems. The city has a population of more than 87,000, is one of the largest in Hidalgo County and is located on the border with Mexico.
Details of the attack:
– The city government notified residents of the incident on Wednesday
– The attack began on February 28 and required the shutdown of systems
– Authorities claimed that emergency services were still operating, but local media reported that officers were unable to check vehicle and driver’s licenses in the databases
– The mayor warned against exposing sensitive personal information, medical information, civil and criminal records and other data
Emergency measures:
– Mayor Nori Gonzalez Garza sent a letter to the governor of Texas on Tuesday
– She asked him to declare a broader state of emergency for the city
– At the same time, she herself filed a local disaster declaration
– A state-level declaration would allow the release of emergency funds to deal with the incident
In the past six months, local governments in Texas have been repeatedly attacked by ransomware, which has disabled municipal systems and restricted access to hospitals, energy facilities and oil companies. Matagorda County, about a four-hour drive from Mission, recently declared its own state of disaster following a cyberattack in January.
6 – Endless Mountains Health Systems (EMHS) in Pennsylvania announced that it was suffering from a cyberattack that disrupted some of its computer systems.
Starting on March 3, the company began reporting communication problems with certain services, and advised patients to bring ID, insurance cards, a list of medications, a list of allergies, and referrals for labs or imaging.
EMHS also posted alternative phone numbers for scheduling appointments at various medical centers.
No ransomware group has claimed responsibility for the attack currently.
7 – National Presto Industries, a company that manufactures and markets home appliances, reports that it is suffering from a cyberattack that began earlier this month.
The attack caused the company’s systems to shut down, affecting shipping, receiving, production, and more.
No ransomware group has claimed responsibility for the attack currently.
8 – Japanese telecommunications company NTT Communications Corporation announced that information on approximately 17,891 business customers was leaked following a cyberattack.
The company discovered the breach on February 5, 2025, and blocked unauthorized access the next day. However, on February 15, it was revealed that information such as customer names, representative names, contract numbers, phone numbers, email addresses, physical addresses, and service usage information was exposed to the attackers.
The company emphasized that information on individual customers was not exposed.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
