As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 48, 2025
Information security updates and events from the past week
1. Macy’s – Cl0p Oracle E Business Suite Campaign
Macy’s disclosed a breach after attackers exploited a zero day in Oracle E Business Suite as part of a wider Cl0p ransomware/data theft campaign targeting that platform.
Potentially exposed information spans customer records and transaction histories, POS and supply chain documentation, HR and payroll data, internal financials, and configuration details that could aid further compromise.
2. SitusAMC – Financial Technology Vendor Breach
SitusAMC, a major technology provider to commercial and real estate financiers, confirmed a November 12 breach that came to wider attention in this period.
While the exact dataset is still under review, exposed information may include client corporate records (accounting and legal documents) and consumer PII such as names, addresses, and Social Security numbers.
3. Healthcare Therapy Services – Healthcare PII Exfiltration
US provider Healthcare Therapy Services reported that an intruder accessed and copied data from its network around late April 2025, with notice and legal analysis appearing this week.
Compromised records may contain full names, Social Security numbers, financial account data, driver’s license numbers, and medical information, creating high risk for identity theft and insurance fraud.
4. GlobalLogic – Employee Data Compromise
Engineering and IT services company GlobalLogic confirmed unauthorized access to internal systems, with attackers obtaining files on current and former employees.
The data likely includes names, addresses, Social Security numbers, dates of birth, employment details, and payroll related financial data, making this primarily an HR/insider data breach rather than a customer facing incident.
5. Cl0p Oracle 0 day Campaign – Broader Impact
Threat intel reporting this month shows the same Oracle E Business Suite zero day used against Macy’s also impacting organizations such as The Washington Post, Logitech, Allianz UK, and GlobalLogic, with others listed but not yet fully confirmed.
The campaign underlines how a single ERP zero day can drive multi sector compromise, combining data theft and extortion rather than classic encrypt and lock ransomware.
6. Rising Ransomware and Access Trends
Insurance and threat intel analyses in late November highlight continued growth in ransomware, with Akira, Qilin and INC responsible for a large share of recent cases and leak site postings up quarter on quarter.
Roughly half of initial access in recent incidents is now traced to hijacked VPN credentials, with external service exploits (e.g., Oracle, Fortinet, SonicWall) accounting for another significant slice, emphasizing weaknesses in remote access and perimeter services.
7. Salesforce / Cloud & Vendor Breach Patterns in November
Industry roundups of November 2025 breaches emphasize sustained attacker focus on high value SaaS and vendor environments, including Oracle cloud services, analytics platforms like Mixpanel, and logistics/food delivery ecosystems such as DoorDash.
The pattern is consistent: misconfigurations or third party compromises expose large volumes of customer and transaction data, often without any need for on premise intrusion at the victim organization itself.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
