{"id":10300,"date":"2025-11-03T15:51:57","date_gmt":"2025-11-03T12:51:57","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10300"},"modified":"2025-11-03T15:51:57","modified_gmt":"2025-11-03T12:51:57","slug":"weekly-cybersecurity-report-week-44-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-44-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 44, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 44, 2025<\/h2>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<h3 id=\"1\"><a href=\"#1\"><strong>1. Qilin Ransomware Campaign \u2013 Linux BYOVD Hybrid Attacks<\/strong><\/a><\/h3>\n<p>Qilin (also known as Agenda, Gold Feather, and Water Galura) was identified as one of the most active ransomware-as-a-service groups in 2025, claiming 40+ victims each month. This week, security analysts reported that Qilin began using a hybrid technique combining Linux payloads with a \u201cBring Your Own Vulnerable Driver\u201d (BYOVD) exploit to bypass security and escalate privileges on targeted systems. This enhancement increases risk for enterprises running mixed OS environments.<\/p>\n<h3 id=\"2\"><a href=\"#2\"><strong>2. ChatGPT Atlas Browser Prompt Injection<\/strong><\/a><\/h3>\n<p>A significant security issue was identified in the new ChatGPT Atlas Browser. Malicious actors discovered that prompt injection attacks could be delivered by disguising a hidden command as a harmless URL. By exploiting the omnibox (address\/search bar), attackers could trick the AI agent into executing unauthorized actions, raising concerns over misuse by phishing, spoofing, or data leakage if users unknowingly visit weaponized links.<\/p>\n<h3 id=\"3\"><a href=\"#3\"><strong>3. Ongoing Qantas Data Leak Ripple Effect<\/strong><\/a><\/h3>\n<p>Hackers from the Scattered Lapsus$ Hunters alliance continued circulating the personal data of 5.7 million Qantas airline customers on dark web forums, following the expiration of a ransom deadline earlier in October. The massive data cache, originally stolen from a compromised Salesforce-hosted customer platform, included names, emails, phone numbers, addresses, frequent flyer details, and more. Investigations revealed that the group targeted 39 Salesforce-dependent enterprises, potentially exposing more than one billion records in total. The breach highlights persistent high-value third-party and SaaS supply chain risks.<\/p>\n<h3 id=\"4\"><a href=\"#4\"><strong>4. High-Profile Global Data Breaches (October Highlights)<\/strong><\/a><\/h3>\n<p>Several breaches gained attention this week through public acknowledgments and data postings:<br \/>\n\u2022 Vietnam Airlines: Hackers published 23 million customer records on a public forum, sourcing the data from a third-party cloud partner. The records spanned 2020\u20132025.<br \/>\n\u2022 Huawei: Threat actors claimed a breach at Huawei Technologies, offering internal source code and development assets for sale online.<br \/>\n\u2022 Discord: The social platform suffered a breach via a compromised third-party provider, exposing names, emails, billing details, and even images of some government IDs. Discord did not disclose affected user count, but the platform\u2019s large user base raises the potential impact.<br \/>\n\u2022 Kido Schools UK: Hackers leaked and later deleted sensitive children\u2019s images and data following public pressure, after an attempted extortion campaign.<\/p>\n<h3 id=\"6\"><a href=\"#5\"><strong>5. Widespread Local Government Attacks (U.S.)<\/strong><\/a><\/h3>\n<p>Multiple U.S. local government entities, including Kaufman County (TX), the City of La Vergne (TN), and DeKalb County (IN), disclosed service outages and operational slowdowns due to cyber incidents. While officials have not confirmed data theft, disruptions affected core municipal functions such as payment and court systems.<\/p>\n<h3 id=\"6\"><a href=\"#6\"><strong>6. Medusa &amp; Storm-1175 \u2013 GoAnywhere MFT Vulnerability Exploitation<\/strong><\/a><\/h3>\n<p>The Medusa ransomware group (Storm-1175) continued exploiting a critical Fortra GoAnywhere MFT vulnerability (CVE-2025-10035). Reports indicated at least 500 exposed online instances, enabling remote attacks and rapid ransomware deployment. Security researchers emphasized heightened patching urgency due to evidence of widespread zero-day abuse.<\/p>\n<h3 id=\"6\"><a href=\"#7\"><strong>7. Ransomware Trends Update<\/strong><\/a><\/h3>\n<p>Indicators show Medusa, BlackSuit, BianLian, and Black Basta among the most active ransomware families this autumn. RansomHub and LockBit led globally in confirmed attacks, with incidents proliferating across manufacturing, healthcare, telecom, and education sectors.<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren&#8217;t just incidents, they&#8217;re blueprints of the adversary&#8217;s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 44, 2025 Information security updates and events from the past week 1. Qilin Ransomware Campaign \u2013 Linux BYOVD [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10300"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10300\/revisions"}],"predecessor-version":[{"id":10301,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10300\/revisions\/10301"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8603"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}