{"id":10354,"date":"2025-12-22T11:10:09","date_gmt":"2025-12-22T08:10:09","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10354"},"modified":"2025-12-22T11:24:40","modified_gmt":"2025-12-22T08:24:40","slug":"weekly-cybersecurity-report-week-51-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-51-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 51, 2025"},"content":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0CyberOne<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n

Weekly Cybersecurity Report | Week 51, 2025<\/h2>\n

Information security updates and events from the past we<\/u><\/strong>ek<\/u><\/strong><\/p>\n

1.Global auto parts manufacturer LKQ confirms Oracle E-Business Suite breach, employee data exposed<\/strong><\/h3>\n

LKQ Corporation, an American auto parts manufacturer and marketer operating in the global automotive market, confirms that it was hit by a cyberattack that compromised its Oracle E-Business Suite (EBS) system and led to the exposure of sensitive personal information of thousands of employees.<\/p>\n

Highlights of the incident:<\/p>\n

\u2013 The intrusion was carried out on August 9, 2025, into the company\u2019s Oracle EBS system.<\/p>\n

\u2013 The incident was only discovered on October 3, 2025, after unusual activity was investigated in retrospect.<\/p>\n

\u2013 According to the report to the authorities, data of more than 9,000 people was revealed.<\/p>\n

\u2013 LKQ itself did not publicly attribute the incident to a specific group.<\/p>\n

2.Mexico: Suspected cyberattack on Sonora State Treasury \u2013 Payments suspended due to fear of financial data leak<\/strong><\/h3>\n

The Treasury Department of the state of Sonora in Mexico has immediately suspended all digital payments, after identifying unusual activity and suspected damage to the government\u2019s financial systems.<\/p>\n

According to the authorities\u2019 announcement, this is a preventive measure following concerns about a data leak from the state\u2019s financial information system, including data related to government spending and payments.<\/p>\n

Highlights of the incident:<\/p>\n

\u2013 Payments through the government portal, banks and connected businesses were suspended.<\/p>\n

\u2013 Suspicious activity was identified, including attempts to penetrate and extract information.<\/p>\n

\u2013 The suspicion focuses on a financial system related to the Ministry of Expenditure.<\/p>\n

\u2013 An official complaint was filed, and a notification was given to federal cyber authorities.<\/p>\n

Background and related threats:<\/p>\n

\u2013 In recent days, a group called Team Chronus has publicly threatened government and police systems in the country.<\/p>\n

\u2013 Sensitive information was published that may include data from security agencies.<\/p>\n

\u2013 The \u201cSonora Cibersegura\u201d platform warned of an increase in hostile cyber activity in Mexico.<\/p>\n

Authorities said the investigation is ongoing and that services will only be resumed after full verification of the integrity and security of the systems.<\/p>\n

3.Venezuela: Cyber-attack disrupts the export system of state-owned oil giant PDVSA<\/strong><\/h3>\n

\u00a0<\/p>\n

A cyber-attack has hit PDVSA (Venezuela\u2019s state-owned oil company) and caused disruptions around export activities while the company is trying to calm down and frame the incident as \u201climited.\u201d<\/p>\n

The details:<\/p>\n

\u2013 PDVSA issued a statement according to which the attack \u201cdid not affect the operational area\u201d and was limited to administrative systems.<\/p>\n

\u2013 At the same time, an internal memo obtained by Bloomberg indicates instructions for employees (operational and administrative) to disconnect from the network and turn off computers.<\/p>\n

\u2013 According to sources cited by Bloomberg and Reuters, systems that manage the country\u2019s main oil terminal were still down on Monday, to the point of halting supplies (\u201cno shipments, all systems down\u201d).<\/p>\n

\u2013 PDVSA accuses the US and \u201clocal actors\u201d of trying to destabilize the country, claiming it is part of a strategy to \u201cseize Venezuelan oil by force.\u201d<\/p>\n

\u2013 The incident comes amid tensions with the US, including the seizure of an oil tanker last week, and the fact that PDVSA has been under OFAC sanctions since January 2019.<\/p>\n

4.Pornhub Extorted: Search and Viewing History of Premium Subscribers Stolen and Found by ShinyHunters<\/strong><\/h3>\n

Adult content platform PornHub is facing an extortion attempt by the ShinyHunters attack group, after sensitive activity data of Premium subscribers was stolen.<\/p>\n

According to the publication, this is a history of searches, viewings and downloads of sensitive personal information originating from a breach at a third-party provider.<\/p>\n

The incident does not result from a hack of PornHub\u2019s own systems, but from a leak of information at the analytics provider Mixpanel.<\/p>\n

What happened:<\/p>\n

\u2013 In November 2025, Mixpanel\u2019s systems were hacked following a smishing attack on an employee.<\/p>\n

\u2013 Mixpanel previously provided analytics services to PornHub.<\/p>\n

\u2013 The data stolen is historical analytics data, from 2021 and back.<\/p>\n

\u2013 PornHub emphasizes that no passwords, payment details or financial information were hacked.<\/p>\n

According to ShinyHunters, this is 94GB of information including over 200 million records<\/p>\n

\u2013 The samples tested included: Premium subscribers\u2019 email addresses, viewing times and activity, IP addresses and approximate location, video names, URLs and search terms, an indication of whether the video was watched, downloaded or if a specific channel was viewed<\/p>\n

\u2013 This is very personal information, even if it does not include payment details.<\/p>\n

Who is behind the extortion:<\/p>\n

\u2013 The ShinyHunters group confirmed that it is responsible for the theft of information and the extortion requests.<\/p>\n

\u2013 The group sent emails to Mixpanel customers with a threat to publish the data.<\/p>\n

\u2013 As is known, the ShinyHunters group is considered one of the most prominent attack groups of 2025, with a wide range of events against SaaS and Salesforce platforms.<\/p>\n

\u2013 Pornhub linked the information to the Mixpanel breach.<\/p>\n

-Mixpanel claims that the data was not stolen in the latest hack, and that the data was last accessed from a legitimate account of PornHub\u2019s parent company in 2023.<\/p>\n

https:\/\/help.pornhub.com\/hc\/en-us\/articles\/47334442459283-Important-Message-From-Pornhub<\/a><\/p>\n

5.The German government accuses Russia of carrying out a cyberattack on the country\u2019s civil air traffic control systems and an attempt to influence the federal elections that took place in February this year. Following the findings, the Russian ambassador to Berlin was summoned for a clarification meeting.<\/strong><\/h3>\n

According to the German Foreign Ministry, the attack and its associated activities are attributed to the Russian military intelligence (GRU).<\/p>\n

\u2013 Cyberattack on the communications systems of Germany\u2019s air navigation service provider in August 2024.<\/p>\n

\u2013 According to the authorities, there was no damage to flight safety, but office and communications systems were hacked.<\/p>\n

\u2013 The attack is attributed to the Fancy Bear group, which is affiliated with the GRU.<\/p>\n

\u2013 German intelligence officials state that there is evidence of direct responsibility of Russian military intelligence.<\/p>\n

\u2013 Germany claims that Russia tried to influence and undermine the federal elections through a disinformation campaign called Storm-1516.<\/p>\n

\u2013 According to the authorities, the campaign targeted senior candidates, including Robert Haber and Friedrich Merz, who later served as Chancellor.<\/p>\n

Russian response and consequences:<\/p>\n

\u2013 Russia rejected the accusations, claiming that they were \u201cbaseless and ridiculous.\u201d<\/p>\n

\u2013 Germany announced that it would work with its European partners to take retaliatory measures, with the aim of making Russia \u201cpay a price for hybrid actions.\u201d<\/p>\n

\u2013 The accusations join a series of similar claims by European countries in recent years, amid heightened tensions since the Russian invasion of Ukraine.<\/p>\n

https:\/\/www.bbc.com\/news\/articles\/cvgrrnylzzyo<\/a><\/p>\n

6.SoundCloud platform reports cyber incident and fears of user data leak<\/strong><\/h3>\n

The company confirms that unauthorized access to an internal system was detected, but not the service\u2019s core system.<\/p>\n

Following the incident, information from some of the platform\u2019s users may have been exposed, including: email addresses, public data from user profiles, and non-sensitive metadata.<\/p>\n

According to SoundCloud, no passwords, payment details, or financial information were exposed, and no direct damage was done to the streaming system itself.<\/p>\n

In response to the incident, the company blocked unauthorized access, opened an investigation with external information security agencies, and reported it to the authorities.<\/p>\n

At the same time, users experienced availability disruptions, some of which resulted from DoS attacks and configuration changes made as part of the response to the incident.<\/p>\n

At this stage, there is no confirmed claim of responsibility, and the final extent of the exposure is still under investigation.<\/p>\n

\u00a0<\/p>\n

The cybersecurity attacks highlighted in this report aren\u2019t just incidents, they\u2019re blueprints of the adversary\u2019s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0CyberOne\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 51, 2025 Information security updates and events from the past week 1.Global auto parts manufacturer LKQ confirms Oracle […]<\/p>\n","protected":false},"author":6,"featured_media":8579,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10354","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10354"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10354\/revisions"}],"predecessor-version":[{"id":10355,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10354\/revisions\/10355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8579"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}