As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 29, 2025
Information security updates and events from the past week
1. Novabev Group and its WineLab wine store chain were attacked on July 14 in a cyberattack that the company describes as “unprecedented” and well-coordinated.
Hackers demanded a ransom, but the company announced that it firmly refuses to pay.
Details of the attack:
– The attack temporarily disrupted some of the services of Novabev Group and the WineLab chain
– The attackers contacted the company and demanded a ransom to free the systems
– The attack affected the availability of certain tools and services of the group and the network
– Damage was caused to part of the company’s technological infrastructure
Company response:
The company announced a firm position of refusing to negotiate with cybercriminals. The company announced: “We hold a principled position of not interacting with cybercriminals and firmly refuse to meet their demands.”
2. Chinese group Salt Typhoon hacks US National Guard, steals data on 70 government agencies
The Chinese hacker group Salt Typhoon hacked into the network of a US National Guard unit and collected sensitive information about communications with other units. The hack lasted from March to December 2024 and is part of a broader campaign that affected 70 government agencies and critical infrastructure.
– The breach lasted 9 months – from March to December 2024
– Hackers stole system configuration information and listened to communications with other units in all US states
– Staff identification and state cybersecurity data were stolen
– Hackers obtained administrator access credentials and network diagrams that could be used for future attacks
Scope of the broad campaign:
– Salt Typhoon group stole 1,462 network configuration files from about 70 government agencies and critical infrastructure
– The breach included 12 sectors: energy, communications, transportation, water and sewage
– Hackers stole configuration files from at least two state governments
– The breach occurred between January and March 2024
How they breached:
Hackers exploited known vulnerabilities in Cisco and Palo Alto Networks edge equipment, including CVE-2018-0171, CVE-2023-20198, CVE-2023-20273 and CVE-2024-3400.
National Guard units are in 14 countries integrated into intelligence collection centers, and a unit in one country provides cyber defense services. Access to these networks could expose countries’ cyber defense capabilities and undermine their ability to protect critical infrastructure.
3. Serbia’s national airline under cyber attack for 11 days – employees not receiving paychecks
Air Serbia, the national airline of Serbia, is under an ongoing cyber attack that is preventing the company from issuing paychecks to employees. According to leaked internal documents, the attack began on July 4 and is still ongoing, as the company tries to minimize an attack on its Active Directory system.
Attack details:
– July 4: IT team began warning employees about a cyberattack that could disrupt business processes
– July 7: Company-wide password reset, and security scanning software installed on all computers
– All service accounts were disabled, disrupting automated processes
– Internet access was removed from all computers, with only certain airserbia.com pages remaining available
– July 10: Company informed employees that the issuance of payslips would be postponed until June 2025
Current situation:
The attackers have not yet been completely removed from the network, and it is unclear exactly when they breached, due to the lack of sufficient logs. The attackers are suspected of breaching the company’s Active Directory system in the first days of July and gaining deep access to the company’s Active Directory system.
Employees have received their salaries but cannot access their digital payslips. The HR department has warned employees not to open emails related to payslips or those that mention their full names.
https://www.theregister.com/2025/07/16/air_serbia_cyberattack/
4. In the UK, the fashion company Louis Vuitton was also hacked, the third incident in the LVMH group in three months
The fashion company Louis Vuitton announced that it was hacked in the UK and British customer information was stolen. This is the third hack in the LVMH group in three months, after similar hacks in Korea and the Christian Dior brand
– The hack occurred on July 2 in the company’s British systems
– Hackers stole customer names, contact information and shopping history
– The company emphasizes that bank and credit card details were not stolen
– They reported to the British authorities, including the UK Privacy Commissioner
As a reminder, a week before the hack in the UK, Louis Vuitton had already reported a hack in its Korean systems. This is the third hack in the LVMH group in a short period of time, in May Christian Dior was also hacked in a similar way.
All events can be searched under #Fashion
The company sent an email to affected customers warning: “We have no evidence that your information has been misused, but there may be future attempts at fraud or impersonation.”
The repeated breaches at LVMH raise questions about cybersecurity at fashion companies, which hold sensitive information about wealthy and private customers.
5. McDonald’s AI-based recruitment system, built by Paradox.ai, was easily hacked using the default password 123456
Cyber researchers were able to log into the admin account and gain access to data on about 65 million applicants, including sensitive personal information such as names, addresses, phone numbers and employment history.
The breach did not require any sophistication thanks to negligence in password and permission management.
Paradox claimed that the access was only on the part of the researchers and promised security enhancements and a bug bounty program.
McDonald’s is not involved, but what’s important here is not just the leak, but the fact that critical AI systems are sometimes run with dangerous default settings, without basic oversight. This is a system failure, not “human error.”
6. Data Leak Attacks:
– Episource, a company that manages medical billing for UnitedHealth, announced a breach that affected 5.4 million Americans. Hackers stole names, addresses, Social Security numbers, medical test results, and health insurance information. The breach lasted a full week until February 6th and is one of the largest in the healthcare industry this year.
– Century Support Services, a Pennsylvania-based debt settlement company, revealed that a November 2024 cyberattack affected 160,000 people. Social Security numbers, driver’s licenses, passports, medical and financial information and more were stolen.
7. Ransomware attacks on local governments:
– Hacker group Global claims to have stolen “a lot of private information and bank accounts” from Lorain County, Ohio. The group is new and has already attacked 17 targets.
– The most profitable cryptocurrency marketplace in the West, Abacus Market, suddenly shut down when its administrator “Vitro” disappeared with all its users’ money. The marketplace sold drugs, hacking tools and fraudulent services, and its revenue jumped 183% this year thanks to the shutdown of competing sites.
8. New DDoS records:
– Cloudflare blocked the largest DDoS attack in history: 7.3 Tbps and 4.8 billion packets per second. The attack lasted 45 seconds and transferred 37.4 terabytes of data, equivalent to 9,350 full HD movies. The attack came from 122,145 IP addresses in 161 countries.
– From April to June, Cloudflare blocked more than 6,500 massive attacks, an average of 71 per day. The number of extremist attacks jumped 592% compared to the previous quarter.
9. State-based threats:
– Hackers are attacking governments in Southeast Asia by exploiting Amazon Web Services. They are using a new malware called HazyBeacon and hiding their activity in regular Amazon, Google Drive and Dropbox traffic to steal information.
10. Penalties and Arrests:
– Hill Associates, a federal computer firm in Maryland, will pay $14.75 million in fines after it was discovered that it charged unqualified employees and security services that had not been vetted for five years. The company will also pay 2.5% of its annual revenue starting next year.
– John Andreas Wick, 37, of Britain, was sentenced to probation after hacking into the wireless network of train stations and displaying anti-Muslim messages to passengers in September 2024. He worked for a company that manages the wireless network at 20 major train stations.
– 13 suspects arrested in Romania in a phishing campaign targeting the British tax system. The group stole personal information through phishing attacks to commit tax fraud.
11. New technological developments:
– MITRE has launched a new security framework called AADAPT that is specifically designed for digital currencies and advanced payment systems. The framework is structured like the well-known ATT&CK framework and includes 11 attack phases, from reconnaissance and information collection to influence and deception.
– Australia has adopted the IEC 62443 standard as a national standard for securing OT systems (AS IEC 62443), in response to the increase in threats to critical infrastructure. The standard is designed for industrial control systems and, unlike regular IT systems, cannot afford downtime.
– The US Congress has passed a law that strengthens the role of the NTIA agency in protecting communications networks, following the major Chinese hack of telecom companies (Salt Typhoon).
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
