As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 51, 2025
Information security updates and events from the past week
1.Global auto parts manufacturer LKQ confirms Oracle E-Business Suite breach, employee data exposed
LKQ Corporation, an American auto parts manufacturer and marketer operating in the global automotive market, confirms that it was hit by a cyberattack that compromised its Oracle E-Business Suite (EBS) system and led to the exposure of sensitive personal information of thousands of employees.
Highlights of the incident:
– The intrusion was carried out on August 9, 2025, into the company’s Oracle EBS system.
– The incident was only discovered on October 3, 2025, after unusual activity was investigated in retrospect.
– According to the report to the authorities, data of more than 9,000 people was revealed.
– LKQ itself did not publicly attribute the incident to a specific group.
2.Mexico: Suspected cyberattack on Sonora State Treasury – Payments suspended due to fear of financial data leak
The Treasury Department of the state of Sonora in Mexico has immediately suspended all digital payments, after identifying unusual activity and suspected damage to the government’s financial systems.
According to the authorities’ announcement, this is a preventive measure following concerns about a data leak from the state’s financial information system, including data related to government spending and payments.
Highlights of the incident:
– Payments through the government portal, banks and connected businesses were suspended.
– Suspicious activity was identified, including attempts to penetrate and extract information.
– The suspicion focuses on a financial system related to the Ministry of Expenditure.
– An official complaint was filed, and a notification was given to federal cyber authorities.
Background and related threats:
– In recent days, a group called Team Chronus has publicly threatened government and police systems in the country.
– Sensitive information was published that may include data from security agencies.
– The “Sonora Cibersegura” platform warned of an increase in hostile cyber activity in Mexico.
Authorities said the investigation is ongoing and that services will only be resumed after full verification of the integrity and security of the systems.
3.Venezuela: Cyber-attack disrupts the export system of state-owned oil giant PDVSA
A cyber-attack has hit PDVSA (Venezuela’s state-owned oil company) and caused disruptions around export activities while the company is trying to calm down and frame the incident as “limited.”
The details:
– PDVSA issued a statement according to which the attack “did not affect the operational area” and was limited to administrative systems.
– At the same time, an internal memo obtained by Bloomberg indicates instructions for employees (operational and administrative) to disconnect from the network and turn off computers.
– According to sources cited by Bloomberg and Reuters, systems that manage the country’s main oil terminal were still down on Monday, to the point of halting supplies (“no shipments, all systems down”).
– PDVSA accuses the US and “local actors” of trying to destabilize the country, claiming it is part of a strategy to “seize Venezuelan oil by force.”
– The incident comes amid tensions with the US, including the seizure of an oil tanker last week, and the fact that PDVSA has been under OFAC sanctions since January 2019.
4.Pornhub Extorted: Search and Viewing History of Premium Subscribers Stolen and Found by ShinyHunters
Adult content platform PornHub is facing an extortion attempt by the ShinyHunters attack group, after sensitive activity data of Premium subscribers was stolen.
According to the publication, this is a history of searches, viewings and downloads of sensitive personal information originating from a breach at a third-party provider.
The incident does not result from a hack of PornHub’s own systems, but from a leak of information at the analytics provider Mixpanel.
What happened:
– In November 2025, Mixpanel’s systems were hacked following a smishing attack on an employee.
– Mixpanel previously provided analytics services to PornHub.
– The data stolen is historical analytics data, from 2021 and back.
– PornHub emphasizes that no passwords, payment details or financial information were hacked.
According to ShinyHunters, this is 94GB of information including over 200 million records
– The samples tested included: Premium subscribers’ email addresses, viewing times and activity, IP addresses and approximate location, video names, URLs and search terms, an indication of whether the video was watched, downloaded or if a specific channel was viewed
– This is very personal information, even if it does not include payment details.
Who is behind the extortion:
– The ShinyHunters group confirmed that it is responsible for the theft of information and the extortion requests.
– The group sent emails to Mixpanel customers with a threat to publish the data.
– As is known, the ShinyHunters group is considered one of the most prominent attack groups of 2025, with a wide range of events against SaaS and Salesforce platforms.
– Pornhub linked the information to the Mixpanel breach.
-Mixpanel claims that the data was not stolen in the latest hack, and that the data was last accessed from a legitimate account of PornHub’s parent company in 2023.
https://help.pornhub.com/hc/en-us/articles/47334442459283-Important-Message-From-Pornhub
5.The German government accuses Russia of carrying out a cyberattack on the country’s civil air traffic control systems and an attempt to influence the federal elections that took place in February this year. Following the findings, the Russian ambassador to Berlin was summoned for a clarification meeting.
According to the German Foreign Ministry, the attack and its associated activities are attributed to the Russian military intelligence (GRU).
– Cyberattack on the communications systems of Germany’s air navigation service provider in August 2024.
– According to the authorities, there was no damage to flight safety, but office and communications systems were hacked.
– The attack is attributed to the Fancy Bear group, which is affiliated with the GRU.
– German intelligence officials state that there is evidence of direct responsibility of Russian military intelligence.
– Germany claims that Russia tried to influence and undermine the federal elections through a disinformation campaign called Storm-1516.
– According to the authorities, the campaign targeted senior candidates, including Robert Haber and Friedrich Merz, who later served as Chancellor.
Russian response and consequences:
– Russia rejected the accusations, claiming that they were “baseless and ridiculous.”
– Germany announced that it would work with its European partners to take retaliatory measures, with the aim of making Russia “pay a price for hybrid actions.”
– The accusations join a series of similar claims by European countries in recent years, amid heightened tensions since the Russian invasion of Ukraine.
https://www.bbc.com/news/articles/cvgrrnylzzyo
6.SoundCloud platform reports cyber incident and fears of user data leak
The company confirms that unauthorized access to an internal system was detected, but not the service’s core system.
Following the incident, information from some of the platform’s users may have been exposed, including: email addresses, public data from user profiles, and non-sensitive metadata.
According to SoundCloud, no passwords, payment details, or financial information were exposed, and no direct damage was done to the streaming system itself.
In response to the incident, the company blocked unauthorized access, opened an investigation with external information security agencies, and reported it to the authorities.
At the same time, users experienced availability disruptions, some of which resulted from DoS attacks and configuration changes made as part of the response to the incident.
At this stage, there is no confirmed claim of responsibility, and the final extent of the exposure is still under investigation.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
