As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 52, 2025
Information security updates and events from the past week
1.France’s national postal company, La Poste, announced that a serious cyber incident had taken down all its information systems, directly affecting postal services, digital identity and online banking, just days before Christmas.
Highlights of the incident:
– All La Poste’s information systems were temporarily down.
– Websites, apps, digital identity and Digiposte services were unavailable.
– Physical branches were only partially open.
Impact on banking:
– La Banque Postale’s online and mobile services were down.
– Cash withdrawals, card payments and physical transactions continued to operate.
– Online payments were moved to SMS verification
2.Pornhub warns Premium subscribers about blackmail emails following leak
Following the leaked and blackmail incident, Pornhub has updated its official statement and warns that attackers are threatening to contact Premium subscribers directly via emails, to blackmail them (Sextortion).
According to the announcement, users may receive messages claiming that the attackers have personal information about them. Pornhub emphasizes that the company will never ask for passwords or payment details via email.
The incident has moved from a data leak and ransom demand to a direct threat to end users. Even without revealing passwords or payment methods, the mere possession of personal activity data allows attackers to exert psychological pressure and try to profit through sextortion.
3.Nissan has issued an official statement about an information security incident, after being notified of unauthorized access to data servers operated by a contractor called Red Hat, an event that led to the exposure of customer information in Japan.
Details of the incident:
– According to the report, the intrusion was detected on September 26, 2025.
– Nissan was notified of the incident on October 3, 2025.
– This is a disclosure of customer data of Nissan Fukuoka Sales Co., Ltd. In the amount of 21,000 people.
What information was given:
– Names, addresses, phone numbers, email addresses
– According to the message: This does not involve credit card details.
Nissan’s response:
– After identification, steps were taken to eliminate unauthorized access and prevent re-intrusion.
– It was reported that the incident was reported to the Personal Information Protection Commission (Japan’s privacy protection authority).
– Customers for whom there is a suspicion of a leak have been notified.
– The company notes that beyond the leaked data, no additional customer data was stored there, and therefore, according to it, there is no concern for further leakage beyond what has already been identified.
– It was also reported that at this stage, no misuse of the information has been identified, but it is recommended to be wary of suspicious contacts (telephone/email, etc.).
This is a “classic” supply chain incident, even when the core system is not necessarily compromised, a leak at a supplier can expose customer information and quickly become a risk for fraud and phishing.
https://www.securityweek.com/nissan-confirms-impact-from-red-hat-data-breach/amp/
3.Romania’s National Water Authority suffered a ransomware attack over the weekend and somehow it once again looks like a basic exercise in network segregation failure.
The attackers exploited Windows’ built-in BitLocker to encrypt around 1,000 computers, bringing down email, DNS, website and GIS servers but missing out on operational control systems.
The result was IT on its knees, OT surviving. The water supply was not affected, employees switched to phones and radios and the state went into investigation mode.
There is no group yet claiming responsibility, and there is no official attack vector, but when ransomware uses legitimate system tools, it usually means someone was already inside long before the encryption.
4.The Qilin ransomware group claims to have breached the systems of Atletico River Plate, one of the largest and most influential clubs in South America. According to the publication, data samples have been transferred as proof of the intrusion, but at this point the incident is defined as pending verification.
The report comes from sources on the open and dark web, without official confirmation from the club. It is not yet clear whether this is a full-blown data leak or a threat aimed at extortion, but the publication itself puts another spotlight on the fact that even high-budget and high-profile sports organizations are a favorite target for cybercrime.
5.A data leak at the University of Sydney was revealed after unauthorized access to an internal code repository, which also stored historical files with personal information of employees and students.
According to the university’s statement, approximately 27,000 people were affected by the incident, and the information exposed included names, contact information, and employment data of current and former employees, as well as students and alumni. Access has been blocked, the data has been removed, and those affected are being notified.
The incident highlights once again how poorly managed development environments and code repositories can become a significant vulnerability even without a ransomware attack or public release of the information.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
