As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 33, 2025
Information security updates and events from the past week
-
Advanced Ransomware Campaign – Charon Group in the Middle East
The ransomware group Charon conducted a targeted campaign in the Middle East against both business and public sectors. Advanced techniques typically associated with APT groups were observed, including BYOVD (Bring Your Own Vulnerable Driver) to disable EDR systems. This reinforces the growing notion of blurred lines between criminal cybercrime operations and state-backed activity.
-
Hacktivist Operations Against Israeli Targets – SiegedSec
During the week, reports indicated an expansion of SiegedSec’s “Fourth Operation” campaign. The hacktivist group claimed to have leaked data stolen from Israeli companies including Israir, Bezeq, and Cellcom. Some of the material was distributed via Telegram, although not all of the information has been independently verified. The incident aligns with the group’s recent pro-Palestinian activities.
-
United States – Cyberattack on the Pennsylvania Attorney General’s Office
The website, email systems, and phone lines of the Pennsylvania Attorney General’s Office were disrupted early in the week due to a cyberattack. Services were gradually restored after several days. Authorities are investigating whether the incident was a ransomware attack.
-
BlackSuit Ransomware Group Takedown – $1 Million Seized
Authorities in the U.S. and Europe conducted a joint operation against the ransomware group BlackSuit, seizing servers, taking down domains, and confiscating approximately $1 million in cryptocurrency. The group had been responsible for dozens of ransomware attacks against critical U.S. organizations since 2022.
-
Norway – Pro-Russian Hackers Breach Hydropower Dam
Hackers linked to Russia infiltrated the control systems of a Norwegian dam, triggering a controlled opening of floodgates that released over 1.9 million gallons of water. No physical damage was reported, but the incident highlighted severe vulnerabilities in critical infrastructure.
-
Poland – Water Supply Attack Foiled
Polish authorities reported successfully thwarting a cyberattack targeting water supply systems in a major city. The intrusion was detected and blocked before causing disruptions. Poland continues to invest billions in cybersecurity to protect vital infrastructure.
-
United Kingdom – Sensitive Data Breach at Aviation Contractor
Inflite, a contractor at Stansted Airport, experienced a breach in which data from around 3,500 individuals was leaked. Victims included Afghan refugees, former government ministers, and military personnel. The UK government has launched a formal investigation.
-
Global Intelligence Assessments – Akira, PXA Stealer, and CERT-UA Warnings
- The Akira ransomware group has been observed conducting widespread campaigns, particularly exploiting vulnerable VPNs.
- Extensive data theft was attributed to PXA Stealer malware.
- CERT-UA issued warnings about UAC-0099, which targeted government and defense entities in Ukraine.
-
New Ransomware Variant – Jackpot Ransomware
A new ransomware strain called Jackpot was identified on underground forums. Analysts noted its advanced capabilities and similarities to the infamous LockBit group’s tools and techniques.
-
Critical Security Updates – Microsoft
On August 13, Microsoft released its monthly Patch Tuesday, addressing 111 vulnerabilities, including a critical zero-day flaw in Kerberos (CVE-2025-53779) affecting Active Directory environments
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
