As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 49, 2025
Information security updates and events from the past week
1. Hacking of 120,000 home cameras in South Korea to record sexual acts and sell them overseas
The South Korean National Police (KNPA) has filed indictments against four suspects who ran a large-scale hacking operation into IP cameras in homes and businesses. According to the report, they gained access to 120,000 cameras to collect and trade intimate photographic content.
Modus operandi:
The suspects hacked into IP cameras connected to home or business networks.
They stole photographic documentation, including videos and photos, and sold hundreds of them to a website operated from abroad.
The main suspect was also seized with sexual material of minors and youth, content that was held but not sold.
The point of technology is how not to approve the use of the same week and repetitive passwords without changing at all
https://www.washingtonpost.com/world/2025/12/02/south-korea-home-cameras-hacked/
2. GPS disruptions at several major airports in India – the government confirms and intends to tighten security procedures
The federal government of India has confirmed a series of GPS Spoofing events near Indira Gandhi Airport in New Delhi and at other major airports. Despite the disruption, air operations continued as usual.
What is GPS Spoofing?
The transmission of a fake GPS signal leads navigation systems to think that the location/altitude is different from reality.
In aircraft, the effect is mainly manifested in landing approaches based on satellite navigation.
Flight and control crews are trained to deal with such events, but a sequence of events requires a systemic response.
Confirmed incidents:
India’s civil aviation minister told parliament that flights approaching runway 10 in New Delhi had detected GPS disruptions.
Additional reports were received from Mumbai, Kolkata, Bangalore, Hyderabad, Ambithar and Chennai.
When the disruption was detected, backup procedures were activated and the aircraft switched to ground-based navigation, with no impact on flight performance.
The civil aviation authority DGCA has issued an SOP for real-time reporting of GNSS disruptions.
Since reporting became mandatory (November 2023), regular reports have been received, allowing for pattern recognition and expedited handling.
The Airports Authority of India (AAI) is implementing advanced tools to protect IT infrastructure at airports.
Although the incidents did not affect schedules or safety, surveillance at major airports will be stepped up.
3. Data leak at British telecom giant Brsk – more than 230,000 records offered for sale
British telecommunications company Brsk is investigating a data security incident in which unauthorized access was made to one of its customer data systems. At the same time, a forum ad on Derkent is offering 230,105 records attributed to the company for sale.
Incident details:
– An attacker claims to have obtained information that includes full names, email addresses, residential addresses, installation details, location data and phone numbers.
– The ad also claims that there is a field indicating whether the customer is defined as “vulnerable”.
– The information is being sold to potential buyers via Telegram.
4. Brsk confirmed unauthorized access to one of its customer systems and according to the company’s statement:
– The compromised information is limited to basic contact details.
– No payment details were leaked.
– No passwords or login details were exposed.
– There is no evidence of misuse of the information currently.
– The affected customers were offered a one-year personal, financial and legal monitoring service provided by Experian.
– The company said that its network and operational infrastructure were not compromised, and internet services continue as usual.
Steps taken:
– Brsk reported the incident to the relevant authorities, including the police and the ICO (UK privacy regulator).
– The company hired external information security experts to investigate and handle the incident.
Brsk was founded in 2020, and in 2024 merged with Netomnia.
Together they operate fibre services to over 1.5 million addresses in the UK, serving more than 140,000 customers.
5. Crypto exchange Upbit halts operations following $33m leak from Solana-based hot wallet
South Korea’s largest crypto exchange Upbit has reported a serious security incident: an unauthorized transfer of $33m worth of assets from a hot wallet. The company claims that customer funds were not affected and that the loss will be covered by the company’s funds.
Incident details:
– On November 27, 2025, at 04:42 (Korean time), a series of transfers from Upbit’s hot wallet to unidentified external addresses were detected.
– The assets are Solana ecosystem assets, including SOL, RENDER, PYTH, BONK, IO, ORCA, USDC, and more.
– Cold wallets, where customer assets are stored, were not hacked or affected.
Response steps:
– Complete halt of deposits and withdrawals to prevent continued unauthorized spending.
– Transfer of all assets from hot wallets to Cold Storage wallets.
– Attempted On-Chain freeze, currently reported to have frozen approximately ₩23 billion in the Solayer asset.
– Cooperation with projects and investigative bodies to locate additional assets.
– Conducting a horizontal review of the deposit/withdrawal infrastructure for all assets, not just Solana.
https://upbit.com/service_center/notice?id=5800&view=share
6. Freedom Mobile, a major Canadian mobile carrier, has revealed that it has experienced a data breach following unauthorized access to its customer account management system through a hacked third-party contractor account.
The incident exposed personal customer information, including full names, addresses, dates of birth, phone numbers and account numbers. The extent of the damage has not been officially disclosed.
The company has blocked the offending accounts and IPs, launched an investigation, and notified customers who may have been affected, advising them to beware of targeted phishing and impersonation attempts. No passwords or financial information were reported exposed, and this is not a ransomware attack.
7. SmartTube app for Android TV distributed with malicious code
The developers of SmartTube, a popular YouTube client for smart TVs, announced that the app’s digital signing keys had been stolen, allowing malicious actors to distribute “official” updates that contained hidden spyware.
A malicious library was found in the affected versions that collects device data and communicates with external servers.
Following the incident, Google Play Protect blocked the app on many devices. The developers revoked the old signatures and released a new version with a new key, which requires uninstallation and reinstallation.
8. The French Football Federation (FFF) announced that it had experienced a cyberattack that led to unauthorized access to its IT systems and the leakage of personal information.
The attackers were able to extract data including names, email addresses, phone numbers and sometimes positions of employees, association officials, players and partners.
It was reported that no passwords, bank details or payment methods were exposed, and the critical systems for the operation were not disabled.
The association sent messages to the victims warning against phishing and impersonation attempts.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
