{"id":10302,"date":"2025-11-10T13:43:02","date_gmt":"2025-11-10T10:43:02","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10302"},"modified":"2025-11-10T13:43:02","modified_gmt":"2025-11-10T10:43:02","slug":"weekly-cybersecurity-report-week-45-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-45-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 45, 2025"},"content":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n

Weekly Cybersecurity Report | Week 45, 2025<\/h2>\n

Information security updates and events from the past we<\/u><\/strong>ek<\/u><\/strong><\/p>\n

1. Hyundai AutoEver America Hack: Exposure of Sensitive Personal Information<\/strong><\/a><\/h3>\n

Hyundai AutoEver America, the technology arm of Hyundai Group in North America, reports a hack into the company’s systems and the exposure of sensitive personal information, including license plates and driver’s licenses.
\nThe company provides IT services and infrastructure for the entire life cycle of vehicle components: manufacturing processes, ERP systems, updates, software development and technical support to Hyundai and Kia companies.
\n– The information exposed includes full names, Social Security numbers, driver’s license numbers
\n– It is not yet known how many people were affected and whether they were only employees or also customers<\/p>\n

The incident joins a series of previous attacks on Hyundai Group, including a Black Basta attack on European operations, a leak of vehicle owner details in Italy and France, and weaknesses in the vehicle control application that allowed remote access to the vehicle.<\/p>\n

2. University of Pennsylvania Admits Data Leak After Impersonating Employee, Hacking Internal Systems<\/strong><\/a><\/h3>\n

The University of Pennsylvania has confirmed that an attacker gained access to a university employee’s account through impersonation, entered internal systems, and stole information, including donor and alumni data.
\n– The attacker obtained employee login details through impersonation
\n– A legitimate login was made to the employee’s SSO account
\n– The access allowed access to Salesforce, Qlik, SAP, and SharePoint
\n– 1.7GB of internal documents and data were stolen
\n– 1.2 million donor records were also reportedly leaked.
\n– Attacker sent malicious email in the name of the university to 700,000 recipients after access was blocked<\/p>\n

https:\/\/www.bleepingcomputer.com\/news\/security\/university-of-pennsylvania-confirms-data-stolen-in-cyberattack<\/a><\/p>\n

3. Cyberattack on move XM – the digital services provider for all VW and Audi dealerships in Germany<\/strong><\/a><\/h3>\n

Move XM, which provides customer experience management (CEM) services for the Volkswagen and Audi dealership network, announced that it had experienced a significant cyberattack that resulted in a complete shutdown of all online portals and services.
\nThe event occurred on October 26, 2025, and was defined by the company as a ransomware attack.
\n– The company manages the CEM platform used by all VW\/Audi dealerships to collect and manage customer data.
\n– Upon discovery of the attack, the entire infrastructure and systems were disconnected from the internet to prevent spread.
\n– A dedicated IR team has been activated, and the company is working with authorities and external forensics to restore the systems.
\n– According to estimates, the portals and services will only return to operation after security checks are completed and systems are rebuilt.<\/p>\n

4. Serious data leak at Milj\u00f6data, a provider of IT systems for local governments in Sweden!<\/strong><\/a><\/h3>\n

Milj\u00f6data, which provides management systems for local authorities and public bodies across Sweden, reported a cyber breach that led to the exposure of personal information of approximately 1.5 million citizens.
\nThe leaked information includes names, addresses, dates of birth and government IDs, some of which have already been published on the dark web.
\nThe Swedish regulator (IMY) has opened an investigation under GDPR regulations, fearing that children’s data and protected identities may be compromised.<\/p>\n

5. Data Leak at Japanese Media Group Nikkei<\/strong><\/a><\/h3>\n

Media giant Nikkei has announced a security breach in its internal Slack system, which led to the exposure of personal information of about 17,000 employees and business partners.
\nThe incident occurred after an employee’s computer was infected with malware, which allowed attackers to steal login details and log into corporate Slack accounts.
\nThe company detected the intrusion in September, locked accounts, changed passwords and reported it to Japanese authorities.
\nAccording to Nikkei, no evidence of journalistic information or sensitive sources was found.<\/p>\n

6. Cyberattack targeting US communications provider Ribbon Communications<\/strong><\/a><\/h3>\n

Ribbon Communications, which provides communications infrastructure to telecom providers and government agencies, reported a sophisticated and deliberate attack that was not linked to ransomware attacks or a financial motive. It is believed to be government espionage.
\nThe intrusion occurred as early as December 2024, but was only discovered in October 2025, meaning the attackers were on the network for almost a year.
\nThe intrusion was carried out by accessing an internal network through external endpoints, which allowed the attackers to move across the network.
\nOld files were accessed on two computers outside the main environment, with no evidence of sensitive data being stolen. At least three small customers were affected by the incident.
\nIncident highlights need for hardening vendor access, monitoring internal networks and implementing Zero Trust in critical infrastructure organizations<\/p>\n

7. The French public organization France Travail, responsible for coordinating employment, registering job seekers and paying unemployment benefits (formerly P\u00f4le Emploi), announced that it was the victim of a hack in which tens of thousands of users\u2019 data were stolen.<\/strong><\/a><\/h3>\n

According to reports, the Stormous attack group claims to have gained access to approximately 30,000 accounts and approximately 30GB of data including identity documents, email addresses, phone details and bank accounts via an infostealer implanted on the personal computers of job seekers.<\/p>\n

France Travail confirms that \u201cdata was indeed extracted\u201d and is now conducting a comprehensive investigation and notifying victims.
\nThe incident comes less than a year after a previous cyberattack on the organization and highlights the ongoing risk of government agencies handling sensitive citizen data.<\/p>\n

The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 45, 2025 Information security updates and events from the past week 1. Hyundai AutoEver America Hack: Exposure of […]<\/p>\n","protected":false},"author":6,"featured_media":8606,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10302"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10302\/revisions"}],"predecessor-version":[{"id":10303,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10302\/revisions\/10303"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8606"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}