As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 45, 2025
Information security updates and events from the past week
1. Hyundai AutoEver America Hack: Exposure of Sensitive Personal Information
Hyundai AutoEver America, the technology arm of Hyundai Group in North America, reports a hack into the company’s systems and the exposure of sensitive personal information, including license plates and driver’s licenses.
The company provides IT services and infrastructure for the entire life cycle of vehicle components: manufacturing processes, ERP systems, updates, software development and technical support to Hyundai and Kia companies.
– The information exposed includes full names, Social Security numbers, driver’s license numbers
– It is not yet known how many people were affected and whether they were only employees or also customers
The incident joins a series of previous attacks on Hyundai Group, including a Black Basta attack on European operations, a leak of vehicle owner details in Italy and France, and weaknesses in the vehicle control application that allowed remote access to the vehicle.
2. University of Pennsylvania Admits Data Leak After Impersonating Employee, Hacking Internal Systems
The University of Pennsylvania has confirmed that an attacker gained access to a university employee’s account through impersonation, entered internal systems, and stole information, including donor and alumni data.
– The attacker obtained employee login details through impersonation
– A legitimate login was made to the employee’s SSO account
– The access allowed access to Salesforce, Qlik, SAP, and SharePoint
– 1.7GB of internal documents and data were stolen
– 1.2 million donor records were also reportedly leaked.
– Attacker sent malicious email in the name of the university to 700,000 recipients after access was blocked
3. Cyberattack on move XM – the digital services provider for all VW and Audi dealerships in Germany
Move XM, which provides customer experience management (CEM) services for the Volkswagen and Audi dealership network, announced that it had experienced a significant cyberattack that resulted in a complete shutdown of all online portals and services.
The event occurred on October 26, 2025, and was defined by the company as a ransomware attack.
– The company manages the CEM platform used by all VW/Audi dealerships to collect and manage customer data.
– Upon discovery of the attack, the entire infrastructure and systems were disconnected from the internet to prevent spread.
– A dedicated IR team has been activated, and the company is working with authorities and external forensics to restore the systems.
– According to estimates, the portals and services will only return to operation after security checks are completed and systems are rebuilt.
4. Serious data leak at Miljödata, a provider of IT systems for local governments in Sweden!
Miljödata, which provides management systems for local authorities and public bodies across Sweden, reported a cyber breach that led to the exposure of personal information of approximately 1.5 million citizens.
The leaked information includes names, addresses, dates of birth and government IDs, some of which have already been published on the dark web.
The Swedish regulator (IMY) has opened an investigation under GDPR regulations, fearing that children’s data and protected identities may be compromised.
5. Data Leak at Japanese Media Group Nikkei
Media giant Nikkei has announced a security breach in its internal Slack system, which led to the exposure of personal information of about 17,000 employees and business partners.
The incident occurred after an employee’s computer was infected with malware, which allowed attackers to steal login details and log into corporate Slack accounts.
The company detected the intrusion in September, locked accounts, changed passwords and reported it to Japanese authorities.
According to Nikkei, no evidence of journalistic information or sensitive sources was found.
6. Cyberattack targeting US communications provider Ribbon Communications
Ribbon Communications, which provides communications infrastructure to telecom providers and government agencies, reported a sophisticated and deliberate attack that was not linked to ransomware attacks or a financial motive. It is believed to be government espionage.
The intrusion occurred as early as December 2024, but was only discovered in October 2025, meaning the attackers were on the network for almost a year.
The intrusion was carried out by accessing an internal network through external endpoints, which allowed the attackers to move across the network.
Old files were accessed on two computers outside the main environment, with no evidence of sensitive data being stolen. At least three small customers were affected by the incident.
Incident highlights need for hardening vendor access, monitoring internal networks and implementing Zero Trust in critical infrastructure organizations
7. The French public organization France Travail, responsible for coordinating employment, registering job seekers and paying unemployment benefits (formerly Pôle Emploi), announced that it was the victim of a hack in which tens of thousands of users’ data were stolen.
According to reports, the Stormous attack group claims to have gained access to approximately 30,000 accounts and approximately 30GB of data including identity documents, email addresses, phone details and bank accounts via an infostealer implanted on the personal computers of job seekers.
France Travail confirms that “data was indeed extracted” and is now conducting a comprehensive investigation and notifying victims.
The incident comes less than a year after a previous cyberattack on the organization and highlights the ongoing risk of government agencies handling sensitive citizen data.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
