As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 43, 2025
Information security updates and events from the past week
1. The SECUROTROP ransomware group claims to have hacked into the servers of Superior Air Parts, an American manufacturer of aviation components
According to published data, the amount of information stolen is 383GB and includes engineering documents and sensitive operational data.
The incident was reported on October 22, 2025, and is currently under investigation by US authorities.
At the same time, the Everest group claims to have hacked AT&T, the American telecommunications giant.
If the claim is confirmed, this is the fourth security incident in the last 3 years for the company, which provides services to millions of customers worldwide.
2. Prosper data leak: 17.6 million user details exposed in cyberattack
The social lending platform Prosper reports a large-scale cyberattack that led to the exposure of personal data of 17.6 million users. The incident, first reported in September 2025, involved the leakage of sensitive information that could be used for identity theft and financial fraud.
Incident details:
– The breach occurred after attackers were able to penetrate the company’s systems and access customers’ personally identifiable information (PII).
– The data exposed included Social Security Numbers (SSNs), residential addresses, IP addresses, IDs, income levels, and email addresses.
– According to the website Have I Been Pwned, this is one of the largest leaks recorded in the fintech sector this year.
The fintech sector continues to be a prominent target for attack groups, mainly due to direct access to identity data and financial information. In the past year alone, similar attacks have been recorded on TransUnion, Wealthsimple, and AIL, which collectively affected tens of millions of users worldwide.
3. Cyberattack paralyzes two Massachusetts hospitals – ambulances diverted, imaging services suspended
Heywood Healthcare in Massachusetts has experienced a severe cyberattack that led to the shutdown of IT systems and disruption of critical medical services at its two main hospitals – Heywood Hospital in Gardner and Athol Hospital in Athol.
Incident details:
– The attack occurred last week and led to the shutdown of the computer network of both hospitals.
– Ambulance services were diverted to nearby hospitals following the shutdown of medical imaging systems including CT, X-ray and MRI machines.
– Email, telephone and laboratory systems were also shut down.
– Medical teams switched to manual work to allow continued treatment of hospitalized patients.
– The company immediately activated its cyber incident emergency procedure, disconnected the systems from the network and hired external investigation experts
– A hospital spokeswoman said that at this stage there is no information whether this is a ransomware attack or data theft, and the investigation is underway
– Hospitalized patients continue to receive regular treatment, but emergency services transported by ambulance are not currently being received. The public was asked to contact alternative hospitals for urgent care.
Attacks on healthcare institutions are becoming routine in the US.
According to a report by the Ponemon Institute and Proofpoint, about 93% of healthcare institutions have experienced cyber-attack in the past year, and 72% reported direct harm to patient care.
The main reason: the sensitivity of data and the difficulty of healthcare institutions to work without computerized systems, which makes them target with a high probability of paying a ransom to return to function.
The incident in Massachusetts joins a series of similar attacks on hospitals in the US and Europe, another reminder that information security in healthcare systems is not just a technological issue, but a direct component of patient safety
4. Information leak at alarm system manufacturer Verisure following hack of external partner
Verisure, one of the largest alarm and security manufacturers in Europe, announced that it had detected unauthorized access to information stored at an external supplier that provides it with billing and collection services.
The incident was revealed a few days after the company was floated on the Stockholm Stock Exchange and led to a 4% drop in share value.
Incident details:
– According to the company’s announcement, this was unauthorized access to the system of an external partner in the billing field, and not to Verisure’s own internal systems.
– The leak concerns the company’s secondary brand, Alert Alarm, and the company estimates that fewer than 6,000 active customers are involved.
– According to the investigation findings, details revealed personal information of 35,000 current and former customers, including names, addresses, email addresses and ID numbers.
– The company stated that at this stage there is no evidence of a breach to its internal systems or to Verisure customers outside the Alert Alarm brand.
– The investigation is still ongoing, and the company emphasized that immediate steps are being taken to reduce exposure and strengthen protections around supplier systems.
5. Ransomware attack on Dairy Farmers of America – personal information of employees and members leaked at the largest dairy cooperative in the United States
The Dairy Farmers of America (DFA), one of the largest dairy organizations in the United States, confirmed that a cyberattack that attacked its systems last June led to the leakage of personal information of thousands of employees and members of the cooperative.
The incident occurred after several of the organization’s manufacturing facilities were hit by a large-scale ransomware attack, for which the Play ransomware group, one of the most active in the world today, claimed responsibility.
Details of the incident:
– According to reports to authorities in Maine, personal information of 4,546 people was exposed, including names, social security numbers, driver’s licenses, dates of birth, bank account numbers and health insurance information.
– The organization discovered the intrusion just two days after the attack began, following a sophisticated social engineering campaign that allowed the attackers to access internal systems and extract sensitive data.
– The investigation continued until September 15, at the end of which the victims were promised two years of identity theft protection services.
– DFA did not officially respond to media inquiries beyond a statement issued to regulators.
According to Food and Ag-ISAC, in the first quarter of 2025 saw 84 cyberattacks on food and agriculture companies, more than double the previous year.
The Dairy Farmers of America hack highlights how the food and agriculture industry has become a prime target for ransomware groups.
It’s an industry that feeds the world but is increasingly dependent on technology and every link in this chain, from factory to dairy farm, can become a gateway for attackers.
6. Cl0p strikes again: American Airlines subsidiary Envoy Air hack
Airline Envoy Air confirms it has fallen victim to a widespread cyberattack conducted by the Cl0p ransomware group, which exploited vulnerabilities in the Oracle E-Business Suite system. This is one of the most significant hacks in the current wave, which has already included Harvard University, as I first reported here, and other organizations.
– Envoy Air, which operates over 160 aircraft and 875 daily flights, confirmed that “a limited amount of business information and commercial contact details may have been compromised,” but stressed that no sensitive information or customer data was stolen.
– The Cl0p group published the name of American Airlines on the list of victims, but a spokesperson for the parent company clarified that the attack only affected Envoy Air, and that American Airlines systems were not compromised.
– The attacks began about three months ago, exploiting new vulnerabilities in the Oracle system.
– Researchers note that the group is trying to blackmail the organizations by threatening to publish internal business information.
– A company spokesperson confirmed that the incident did not affect flight operations or ground systems, and that US authorities were notified immediately upon discovery of the breach.
Retail chain MUJI has suspended its online store operations in Japan after a ransomware attack on logistics provider Askul Corporation.
The attack affected its ordering and shipping systems, disrupting services such as viewing purchase history, returns and customer service.
MUJI said its physical stores and operations outside Japan continue to operate as normal and is investigating the extent of the breach and whether customer data was leaked.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
