As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 50, 2025
Information security updates and events from the past week
1. Marquis – U.S. Banks & Credit Unions Vendor Breach
Fintech vendor Marquis, which provides marketing and analytics services to community banks and credit unions, disclosed a ransomware incident and data breach impacting dozens of U.S. financial institutions.
Exposed data, taken from systems Marquis hosted for its clients, includes customer names, contact details, dates of birth, account information and in some cases Social Security numbers, forcing downstream banks to issue their own breach notices and fraud warnings.
2. Salesforce / Gainsight Incident – 200+ Organizations Affected
Reports this week highlighted that a compromise of a Gainsight environment integrated with Salesforce exposed customer data for more than 200 companies using the platform.
The incident underscores the systemic risk of deeply integrated cloud CRMs and customer‑success tools, where a single vendor breach can cascade across hundreds of enterprises’ customer datasets.
3. Oracle E Business Suite Zero-Day Fallout
Universities of Pennsylvania and Phoenix publicly confirmed they were victims of the broader Cl0p ransomware/data‑theft campaign exploiting the Oracle E‑Business Suite pre‑auth RCE vulnerability CVE‑2025‑61882.
For Penn, roughly 1.2 million records tied to students, alumni, and donors were impacted, including contact details, demographics, and financial/wealth information accessed via compromised SSO into systems such as Salesforce, Qlik, SAP, and SharePoint.
4. November Ransomware and Threat Landscape Metrics
Check Point and other threat‑intel providers reported that organizations worldwide faced on average 2,003 cyberattacks per week in November 2025, with 727 recorded ransomware incidents, a 22% year‑over‑year increase.
North America accounted for about 55% of disclosed ransomware activity, with Europe around 18%, and the month was dominated by Qilin and Akira operations plus extensive data‑theft/extortion via the Oracle EBS zero‑day.
5. INC, Qilin, DragonForce, Sinobi – High‑Impact November Attacks
A November roundup released in early December detailed several critical ransomware and supply‑chain cases: INC Ransom breached a U.S. emergency alert provider and claimed to exfiltrate roughly 1.15 TB of client data before encryption; Qilin hit a U.S. firm supplying remote power management and OOB control tech used in data centers and critical infrastructure; DragonForce targeted a major UAE telecom services provider and leaked over 44 GB of data; and Sinobi attacked a large India‑based IT and cloud‑engineering company, allegedly stealing around 450 GB of corporate and customer information.
These incidents collectively show attackers prioritizing service providers whose compromise can expose many downstream organizations at once, especially in telecom, industrial, and managed‑services environments.
6. Shai Hulud 2.0 npm Supply Chain Campaign
Security research released in this period flagged a renewed wave of Shai‑Hulud 2.0 supply‑chain attacks abusing npm packages, with malicious packages pushed to compromise developer environments and CI/CD pipelines.
The campaign is described as one of the most significant recent cloud‑native ecosystem compromises, capable of credential theft, lateral movement in cloud environments, and downstream infections wherever tainted packages are integrated.
7. Broader November Breach Themes
Multiple November threat reports emphasized that data‑theft‑first ransomware and vendor/SaaS breaches remained the dominant patterns, with Cl0p’s Oracle EBS campaign alone claiming at least 29 named organizations and over 100 total victims across aviation, media, higher education, healthcare, and manufacturing.
Analysts highlighted how the rapid growth of generative‑AI tools and cloud integrations is expanding attack surface and creating “shadow AI” and misconfiguration risks that many organizations have yet to fully manage.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
