{"id":10332,"date":"2025-12-01T17:19:08","date_gmt":"2025-12-01T14:19:08","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10332"},"modified":"2025-12-01T17:19:08","modified_gmt":"2025-12-01T14:19:08","slug":"weekly-cybersecurity-report-week-48-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-48-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 48, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">CyberOne<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 48, 2025<\/h2>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<h3 id=\"1\"><a href=\"#1\"><strong>1. Macy\u2019s \u2013 Cl0p Oracle E Business Suite Campaign<\/strong><\/a><\/h3>\n<p>Macy\u2019s disclosed a breach after attackers exploited a zero day in Oracle E Business Suite as part of a wider Cl0p ransomware\/data theft campaign targeting that platform.<br \/>\nPotentially exposed information spans customer records and transaction histories, POS and supply chain documentation, HR and payroll data, internal financials, and configuration details that could aid further compromise.<\/p>\n<h3 id=\"2\"><a href=\"#2\"><strong>2. SitusAMC \u2013 Financial Technology Vendor Breach<\/strong><\/a><\/h3>\n<p>SitusAMC, a major technology provider to commercial and real estate financiers, confirmed a November 12 breach that came to wider attention in this period.<br \/>\nWhile the exact dataset is still under review, exposed information may include client corporate records (accounting and legal documents) and consumer PII such as names, addresses, and Social Security numbers.<\/p>\n<h3 id=\"3\"><a href=\"#3\"><strong>3. Healthcare Therapy Services \u2013 Healthcare PII Exfiltration<\/strong><\/a><\/h3>\n<p>US provider Healthcare Therapy Services reported that an intruder accessed and copied data from its network around late April 2025, with notice and legal analysis appearing this week.<br \/>\nCompromised records may contain full names, Social Security numbers, financial account data, driver\u2019s license numbers, and medical information, creating high risk for identity theft and insurance fraud.<\/p>\n<h3 id=\"4\"><a href=\"#4\"><strong>4. GlobalLogic \u2013 Employee Data Compromise<\/strong><\/a><\/h3>\n<p>Engineering and IT services company GlobalLogic confirmed unauthorized access to internal systems, with attackers obtaining files on current and former employees.<br \/>\nThe data likely includes names, addresses, Social Security numbers, dates of birth, employment details, and payroll related financial data, making this primarily an HR\/insider data breach rather than a customer facing incident.<\/p>\n<h3 id=\"5\"><a href=\"#5\"><strong>5. Cl0p Oracle 0 day Campaign \u2013 Broader Impact<\/strong><\/a><\/h3>\n<p>Threat intel reporting this month shows the same Oracle E Business Suite zero day used against Macy\u2019s also impacting organizations such as The Washington Post, Logitech, Allianz UK, and GlobalLogic, with others listed but not yet fully confirmed.<br \/>\nThe campaign underlines how a single ERP zero day can drive multi sector compromise, combining data theft and extortion rather than classic encrypt and lock ransomware.<\/p>\n<h3 id=\"6\"><a href=\"#6\"><strong>6. Rising Ransomware and Access Trends<\/strong><\/a><\/h3>\n<p>Insurance and threat intel analyses in late November highlight continued growth in ransomware, with Akira, Qilin and INC responsible for a large share of recent cases and leak site postings up quarter on quarter.<br \/>\nRoughly half of initial access in recent incidents is now traced to hijacked VPN credentials, with external service exploits (e.g., Oracle, Fortinet, SonicWall) accounting for another significant slice, emphasizing weaknesses in remote access and perimeter services.<\/p>\n<h3 id=\"7\"><a href=\"#7\"><strong>7. Salesforce \/ Cloud &amp; Vendor Breach Patterns in November<\/strong><\/a><\/h3>\n<p>Industry roundups of November 2025 breaches emphasize sustained attacker focus on high value SaaS and vendor environments, including Oracle cloud services, analytics platforms like Mixpanel, and logistics\/food delivery ecosystems such as DoorDash.<br \/>\nThe pattern is consistent: misconfigurations or third party compromises expose large volumes of customer and transaction data, often without any need for on premise intrusion at the victim organization itself.<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren&#8217;t just incidents, they&#8217;re blueprints of the adversary&#8217;s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0CyberOne\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 48, 2025 Information security updates and events from the past week 1. Macy\u2019s \u2013 Cl0p Oracle E Business [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10332","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10332"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10332\/revisions"}],"predecessor-version":[{"id":10333,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10332\/revisions\/10333"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8615"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}