{"id":10346,"date":"2025-12-16T10:45:10","date_gmt":"2025-12-16T07:45:10","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10346"},"modified":"2025-12-16T10:45:10","modified_gmt":"2025-12-16T07:45:10","slug":"weekly-cybersecurity-report-week-50-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-50-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 50, 2025"},"content":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0CyberOne<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n

Weekly Cybersecurity Report | Week 50, 2025<\/h2>\n

Information security updates and events from the past we<\/u><\/strong>ek<\/u><\/strong><\/p>\n

1. Marquis \u2013 U.S. Banks & Credit Unions Vendor Breach<\/strong><\/a><\/h3>\n

Fintech vendor Marquis, which provides marketing and analytics services to community banks and credit unions, disclosed a ransomware incident and data breach impacting dozens of U.S. financial institutions.\u200b
\nExposed data, taken from systems Marquis hosted for its clients, includes customer names, contact details, dates of birth, account information and in some cases Social Security numbers, forcing downstream banks to issue their own breach notices and fraud warnings.\u200b<\/p>\n

2. Salesforce \/ Gainsight Incident \u2013 200+ Organizations Affected<\/strong><\/a><\/h3>\n

Reports this week highlighted that a compromise of a Gainsight environment integrated with Salesforce exposed customer data for more than 200 companies using the platform.\u200b
\nThe incident underscores the systemic risk of deeply integrated cloud CRMs and customer\u2011success tools, where a single vendor breach can cascade across hundreds of enterprises\u2019 customer datasets.\u200b<\/p>\n

3. Oracle E Business Suite Zero-Day Fallout<\/strong><\/a><\/h3>\n

Universities of Pennsylvania and Phoenix publicly confirmed they were victims of the broader Cl0p ransomware\/data\u2011theft campaign exploiting the Oracle E\u2011Business Suite pre\u2011auth RCE vulnerability CVE\u20112025\u201161882.\u200b
\nFor Penn, roughly 1.2 million records tied to students, alumni, and donors were impacted, including contact details, demographics, and financial\/wealth information accessed via compromised SSO into systems such as Salesforce, Qlik, SAP, and SharePoint.<\/p>\n

4. November Ransomware and Threat Landscape Metrics<\/strong><\/a><\/h3>\n

Check Point and other threat\u2011intel providers reported that organizations worldwide faced on average 2,003 cyberattacks per week in November 2025, with 727 recorded ransomware incidents, a 22% year\u2011over\u2011year increase.\u200b
\nNorth America accounted for about 55% of disclosed ransomware activity, with Europe around 18%, and the month was dominated by Qilin and Akira operations plus extensive data\u2011theft\/extortion via the Oracle EBS zero\u2011day.<\/p>\n

5. INC, Qilin, DragonForce, Sinobi \u2013 High\u2011Impact November Attacks<\/strong><\/a><\/h3>\n

A November roundup released in early December detailed several critical ransomware and supply\u2011chain cases: INC Ransom breached a U.S. emergency alert provider and claimed to exfiltrate roughly 1.15 TB of client data before encryption; Qilin hit a U.S. firm supplying remote power management and OOB control tech used in data centers and critical infrastructure; DragonForce targeted a major UAE telecom services provider and leaked over 44 GB of data; and Sinobi attacked a large India\u2011based IT and cloud\u2011engineering company, allegedly stealing around 450 GB of corporate and customer information.\u200b
\nThese incidents collectively show attackers prioritizing service providers whose compromise can expose many downstream organizations at once, especially in telecom, industrial, and managed\u2011services environments.\u200b<\/p>\n

6. Shai Hulud 2.0 npm Supply Chain Campaign<\/strong><\/a><\/h3>\n

Security research released in this period flagged a renewed wave of Shai\u2011Hulud 2.0 supply\u2011chain attacks abusing npm packages, with malicious packages pushed to compromise developer environments and CI\/CD pipelines.\u200b
\nThe campaign is described as one of the most significant recent cloud\u2011native ecosystem compromises, capable of credential theft, lateral movement in cloud environments, and downstream infections wherever tainted packages are integrated.\u200b<\/p>\n

7. Broader November Breach Themes<\/strong><\/a><\/h3>\n

Multiple November threat reports emphasized that data\u2011theft\u2011first ransomware and vendor\/SaaS breaches remained the dominant patterns, with Cl0p\u2019s Oracle EBS campaign alone claiming at least 29 named organizations and over 100 total victims across aviation, media, higher education, healthcare, and manufacturing.\u200b
\nAnalysts highlighted how the rapid growth of generative\u2011AI tools and cloud integrations is expanding attack surface and creating \u201cshadow AI\u201d and misconfiguration risks that many organizations have yet to fully manage.\u200b<\/p>\n

The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0CyberOne\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 50, 2025 Information security updates and events from the past week 1. Marquis \u2013 U.S. Banks & Credit […]<\/p>\n","protected":false},"author":6,"featured_media":8621,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10346","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10346"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10346\/revisions"}],"predecessor-version":[{"id":10347,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10346\/revisions\/10347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8621"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}