{"id":10203,"date":"2025-09-29T13:13:34","date_gmt":"2025-09-29T10:13:34","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10203"},"modified":"2025-11-10T13:37:32","modified_gmt":"2025-11-10T10:37:32","slug":"weekly-cybersecurity-report-week-39-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-39-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 39, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 39, 2025<\/h2>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<h3 id=\"1\"><a href=\"#1\"><strong>1. European airports ransomware<\/strong><\/a><\/h3>\n<p>A ransomware attack against Collins Aerospace\u2019s MUSE check-in\/boarding system disrupted operations at key European hubs including Brussels, Berlin, and London Heathrow, causing widespread delays and cancellations as airports fell back to manual processing.<br \/>\nENISA confirmed ransomware as the cause, with investigations continuing while airports worked through days of residual disruption into September 23.<br \/>\nAnalyses highlighted the single point-of-failure risk in aviation IT supply chains and the heightened threat to critical infrastructure from organized cybercrime.<\/p>\n<h3 id=\"2\"><a href=\"#2\"><strong>2. UK arrest in airport case<\/strong><\/a><\/h3>\n<p>During the week, industry reporting noted that authorities in the UK quickly arrested an individual in connection with the Collins Aerospace incident as part of an active law enforcement response to the airport disruptions.<br \/>\nThis development underscores the priority placed on attribution and disruption of criminal infrastructure impacting aviation operations at scale.<\/p>\n<h3 id=\"3\"><a href=\"#3\"><strong>3. Stellantis third party breach<\/strong><\/a><\/h3>\n<p>Automotive giant Stellantis disclosed it was investigating a data breach linked to a third-party service, with follow-on reporting indicating the incident was associated with the broader Salesforce-connected extortion wave and attributed by some sources to ShinyHunters.<br \/>\nAdditional coverage suggested attackers claimed access to tens of millions of customer records via a vendor, reinforcing the ongoing risk of SaaS and supply-chain compromises across the auto sector.<\/p>\n<h3 id=\"4\"><a href=\"#4\"><strong>4. Volvo employee data theft<\/strong><\/a><\/h3>\n<p>Volvo Group North America notified current and former employees of a breach tied to third-party supplier Milj\u00f6data, with stolen data reportedly including personnel information and illustrating the persistent exposure from vendor ecosystems.<br \/>\nThe case adds to a steady cadence of workforce data compromises where HR and payroll-adjacent providers serve as high-value targets for criminal groups.<\/p>\n<h3 id=\"5\"><a href=\"#5\"><strong>5. Maryland Transit breach claim<\/strong><\/a><\/h3>\n<p>The Rhysida ransomware group claimed responsibility for a breach at the Maryland Transit Administration, demanding a US$3.4 million ransom and posting samples allegedly including passport and Social Security images while state officials continued to assess scope and impact.<br \/>\nThe claim follows a broader 2025 pattern of U.S. government entity ransomware cases, with researchers tracking dozens of confirmed incidents this year affecting service continuity and citizen data.<\/p>\n<h3 id=\"6\"><a href=\"#6\"><strong>6. Boyd Gaming breach<\/strong><\/a><\/h3>\n<p>Casino operator Boyd Gaming was reported as hacked with employee data stolen, expanding the week\u2019s tally of high-profile U.S. corporate victims and emphasizing the sector\u2019s exposure to data-theft and extortion plays.<br \/>\nThe incident reflects attackers\u2019 sustained focus on hospitality and gaming environments where identity stores and operational uptime pressures increase extortion leverage.<\/p>\n<h3 id=\"7\"><a href=\"#7\"><strong>7. Alliance Steel ransomware<\/strong><\/a><\/h3>\n<p>Reports indicated the SafePay ransomware group targeted Alliance Steel Co. in the U.S., demonstrating continued activity by mid-tier ransomware crews pursuing manufacturing targets with double-extortion tactics.<br \/>\nManufacturing victims often face production downtime and sensitive partner data exposure, compounding recovery costs and supply-chain disruption risks.<\/p>\n<h3 id=\"8\"><a href=\"#8\"><strong>8. Ransomware trend report<\/strong><\/a><\/h3>\n<p>A Searchlight Cyber dark web intelligence report released this week found 3,734 victims posted by ransomware groups in H1 2025, up 67% year-over-year, alongside 35 new groups and a 16% increase in active crews, with 65% of listed victims in NATO countries.<br \/>\nThe report also noted evolving extortion tradecraft and vulnerability exploitation, underscoring the need for continuous threat intelligence and hardening against SaaS and third\u2011party exposures highlighted by this week\u2019s incidents.<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren&#8217;t just incidents, they&#8217;re blueprints of the adversary&#8217;s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 39, 2025 Information security updates and events from the past week 1. European airports ransomware A ransomware attack [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8618,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10203"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10203\/revisions"}],"predecessor-version":[{"id":10204,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10203\/revisions\/10204"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8618"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}