As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 46, 2025
Information security updates and events from the past week
1. North Korea’s Lazarus Group Targets Aviation, Defense Companies with Advanced Malware
Security researchers have identified a new and sophisticated variant of an attack tool called Comebacker, associated with North Korea’s Lazarus Group.
The new variant was used in a targeted espionage campaign against the aviation and defense industries, using malicious Word documents designed to appear to come from reputable companies in the field.
Attack details:
– Word files with macros trigger a chain of infections in several stages
– Once activated, malicious code is installed on the computer that runs directly in the computer’s memory to make it difficult to identify
– The attackers use advanced encryption to preserve communication with their servers and to pull additional code if necessary
– The malicious documents impersonate official materials from aviation and defense companies, including Airbus and IIT Kanpur
– According to researchers, the campaign has been active since at least March 2025
– At least two servers used by the campaign have been identified, including hiremployee[.]com
The goal of the operation, according to ENKI, is industrial espionage and the collection of sensitive intelligence from the aviation and defense industries, as part of a broader trend by Lazarus to focus on strategic organizations and not just cyber researchers as it has done in the past.
2. Unusual leak at Chinese cyber firm reveals attack tools and sensitive information on countries around the world
A wide-ranging leak at Knownsec, a Chinese cyber firm linked to the Chinese government and security establishment, has revealed a large number of internal documents, attack tools and data collected from various countries. This is one of the rare cases in which documentation of state-sponsored cyber activity has been leaked.
What was leaked:
– Over 12,000 internal Knownsec documents
– Tools for attacking Windows, Linux, macOS, iOS and Android
– Ability to extract data from messaging apps, including Telegram
– A list of 80 targets outside of China that were reportedly successfully attacked
– About 95GB of immigration data from India
– About 3TB of call data stolen from LG Uplus in South Korea
– About 459GB of infrastructure planning data from Taiwan
According to a post on the Chinese blog MXRN, the documents were leaked from the company and uploaded online. Some of the material was also uploaded to GitHub and deleted shortly after.
A leak of this magnitude rarely occurs in entities related to state cyber activity, and it provides a rare glimpse into the capabilities, tools and goals of a significant player on the global stage.
https://mrxn.net/news/Knownsec-data-leak.html
3. CISA Warning: Critical VizAir Vulnerabilities Could Disrupt Airport Weather Data
The U.S. Cybersecurity Agency CISA has issued an official warning about serious vulnerabilities in the VizAir system, a weather monitoring system operating at airports around the world. According to the warning, an attacker could modify critical data transmitted to flight controllers and pilots, creating a dangerous safety situation.
Vulnerability details:
– There are three vulnerabilities: CVE-2025-61945, CVE-2025-54863, and CVE-2025-61956
– Each has a maximum severity score of CVSS 10.0
The management interface can be accessed without the need for identification
An attacker can change wind values, CAPE, weather warnings, and runway configuration elements
Exploiting the vulnerabilities could lead to misleading pilots and disruption of runway operations.
Aviation systems depend on reliable, real-time data, and any weakness in a verification mechanism could become a critical aviation risk factor. From my experience, as someone who has known and learned from the best in the field and even a little bit about the impact of operational information systems of this type, it is clear to what extent interference with information can affect real-time decision-making and actual flight safety
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04
4. Virginia education system shut down following unusual cyber attack
Manassas City Public Schools announced the cancellation of classes for several days after its information systems, internet, and telephony were completely shut down due to a cyber incident that was discovered over the weekend.
The district administration stated that the decision was made of caution, to allow IT teams and external information security experts to examine the scope of the intrusion and safely restore the systems. No physical danger or direct harm to students or staff was reported.
The incident affects about 7,600 students attending Manassas Public Schools, who are not expected to return to school until Wednesday, after Veterans Day and the completion of security checks.
5. New data leak in the world of healthcare in the US
Oglethorpe, a company that operates mental health and addiction rehabilitation centers, reported a security breach that affected about 92,332 American citizens.
According to reports, an attacker was able to access the company’s internal network and extract sensitive data that includes names, dates of birth, Social Security numbers, driver’s licenses and medical information.
The company cleaned and rebuilt the systems, updated security procedures and cooperated with the FBI in the investigation, and the victims were offered a credit monitoring service for a year.
6. Cyberattack shuts down Dutch regional broadcaster RTV Noord
RTV Noord reported a cyberattack that was discovered early this morning and completely disrupted its radio, television and digital platforms.
Staff were locked out of their systems and presenters were forced to play music from records to stay in the air.
While emergency broadcasts continue alternative channels, the station’s website and app are still largely down.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
