As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 15, 2025
Information security updates and events from the past week
1 – South Korean tech giant SK Group hit by Qilin ransomware attack
SK Group, the second-largest conglomerate in South Korea after Samsung and the 100th company on the Fortune Global 500 list, has been targeted by the Qilin ransomware group, according to reports.
The group’s investments in the US alone are estimated at $50 billion
2 – Serious breach at US banking regulator: Hackers gained access to sensitive financial data for over a year
The Office of the Comptroller of the Currency (OCC), the federal agency responsible for banking supervision in the US, has revealed that unauthorized parties were exposed to sensitive financial information over a long period of time, in what it described as a “significant information security incident”.
Details of the breach:
– An administrative email account for the department, with access to user mailboxes and internal systems, was compromised
Scope of damage:
– Hackers gained access to approximately 150,000 emails between May 2023 and early 2025
– “Highly sensitive information regarding the financial condition of federally regulated financial institutions” was stolen
– The information was used by the department in bank examination and supervision processes
– The hackers operated for nearly two years before being discovered
3 – 14,000 ambulance users in Tennessee affected by medical data leak
The head of Hamilton County, Tennessee, confirmed this week that thousands of residents who used ambulance services were affected by a personal and medical data leak. The data leaked from the systems of a debt collection company that works with the district.
What was leaked:
– Names and Social Security numbers of patients
– Addresses and dates of birth
– Banking information and medical records
– 14,000 people affected by the leak
The incident also exposed political tensions, with the county executive suggesting that the internal memo leaked to the press was intended to damage his reputation, amid an ongoing dispute with the county’s attorney general.
The county plans to soon notify all affected people of the leak and the steps they must take to protect their identities.
https://www.govtech.com/security/hamilton-county-tenn-acknowledges-ambulance-data-breach
4 – Researchers uncover security flaw in Nissan Leaf that allows full remote control of the vehicle
A team of researchers from PCAutomotive has revealed that attackers can take full control of Nissan Leaf cars (model 2020) through a weakness in the multimedia system, which allows remote control of critical vehicle functions.
Attack chain:
– The intrusion begins by exploiting a security flaw (CVE-2025-32059) in the vehicle’s Bluetooth protocol
– The attackers send manipulative audio data to the multimedia system, which only requires temporary proximity to the vehicle
– The affected system connects to servers controlled by the attackers via the vehicle’s built-in cellular modem
– The attackers bypass the vehicle’s security mechanisms through failure in the Renesas RH850 microcontroller and gain control of the internal communication network
Demonstrated capabilities:
– Remotely unlocking doors and lowering windows without a key
– Operating horns, headlights, and windshield wipers without physical access to the vehicle
– Folding/unfolding side mirrors using remote commands
– Changing the position of the steering wheel and interfering with steering systems while driving
– Controlling the vehicle’s steering while it is in motion
Key security flaws:
– The Bosch Bluetooth system operates without memory protection mechanisms against Buffer overflow attacks
– The filtering system in the vehicle’s internal communication network (CAN Bus) does not effectively check for abnormal messages
– The multimedia system runs on an outdated version of Linux (3.14 from 2013) without checking digital signatures for the code
A company representative stated: “We are implementing over-the-air update capabilities and hardware improvements for future models. Current Leaf owners will receive critical software updates at service centers by the third quarter of 2025.”
5 – Food giant WK Kellogg reveals data leak related to Clop ransomware
American food giant WK Kellogg is warning employees and suppliers that company data was exposed because of an attack on Cleo in 2024.
The information exposed:
– The information exposed includes the names and Social Security numbers (SSNs) of victims
– The compromised servers were used to transfer employee files to human resources service providers
– The company is offering victims free identity monitoring and fraud protection services for a year through Kroll
WK Kellogg spun off from Kellogg’s in October 2023. The company, with annual revenue of $2.7 billion, owns popular breakfast cereal brands such as All-Bran, Corn Flakes, Froot Loops and Frosted Flakes.
6 – Port of Seattle: Attack Ransomware exposes data of 90,000 people
The Seattle Port Authority, the government agency responsible for the city’s seaport and airport, is notifying 90,000 people whose personal information was stolen in a ransomware attack
Scope of the incident:
– About 90,000 people received notices of personal information being exposed
– 71,000 of the victims are residents of Washington state
– The breach was carried out by the Rhysida ransomware group
– The port refused to pay the ransom, despite the hackers’ threats to publish the stolen information
The information exposed:
– Employee, contractor and parking user data
– Names, dates of birth, Social Security numbers (or last 4 digits)
– Driver’s license numbers and other government IDs
– Some of the victims’ medical information
The attack, which took place in August, disrupted several systems at the airport, including check-in systems, passenger display boards, a website The port’s website, and the flySEA app. The port stressed that at no point was flight safety or the use of seaport facilities compromised, and that payment systems were not compromised by the attack.
7 – Texas Bar Association confirms data breach, notifies affected consumers
The Texas Bar Association has confirmed a data breach after identifying unauthorized activity on its network earlier this year. The organization has begun the process of notifying affected consumers.
The information exposed:
– The investigation found that certain personal information was stolen or exposed during the breach
– The information includes names and other personally identifiable information (PII)
– The exact details exposed vary from person to person
– The bar emphasizes that there is no current evidence of misuse or fraudulent activity with the information exposed
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
