As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 37, 2025
Information security updates and events from the past week
Supply chain attack on British railway company LNER – customer details leaked
LNER, the operator of one of the busiest railway lines in the UK, between London and Scotland, announced that it had experienced a supply chain attack that led to the exposure of customer details through an external supplier.
According to the company’s announcement, Bridgestone, the world’s largest tire manufacturer, has confirmed a cyber-attack that affected its manufacturing systems in North America.
The attack caused the temporary shutdown of factories in South Carolina and Quebec, with employees being transferred to maintenance activities or sent home.
According to the company, this was a targeted incident in which the attackers attempted to penetrate operational systems (OT/IT), the systems were identified as being under attack at an early stage, which allowed for rapid isolation and prevention of spread.
- The attackers gained unauthorized access to files managed by a third-party provider.
- The information exposed includes customer contact details and data on past trips.
- No passwords, bank details or credit cards were leaked.
Cyber-attack on official FIFA website – concerns about user data exposure
The official FIFA website for purchasing tickets for the 2026 World Cup (access.tickets.fifa.com) has been temporarily disabled after reports of a concern about an attack.
According to initial information, the website may be vulnerable to exploitation of an XSS (Cross-Site Scripting) vulnerability, which allows attackers to inject malicious code into users’ browsers.
What has happened so far- The website displays a “planned maintenance” message, but this is apparently an initial response to an attempted attack.
- XSS vulnerability allows attackers to execute malicious code through the browser, stealing login credentials, credit card details and other sensitive information.
- Users who logged in to the site during the attack may be exposed to the risk of data theft.
Plex announces attack – users are asked to change their passwords immediately
Plex, the popular streaming platform for movies and series, announced an attack that allowed an unauthorized party to access sensitive user information. The company is urging all users to change their passwords immediately.
The information exposed includes:
- Email addresses
- Usernames
- Encrypted (not visible) passwords.
- Plex emphasizes that there is no evidence of malicious use of the information but recommends changing your password as soon as possible.
Devman Group Claims: Large-Scale Cyber Attack on Shimao Group Holdings – $91 Million Ransom Demand
The Devman attack group announced that it had carried out a cyber-attack on Shimao Group Holdings Ltd, one of the largest real estate groups in China. According to the attackers’ statement, during the attack, which began in May 2025, 12 terabytes of sensitive information were removed from the systems.
A damage to the company on such a scale could affect not only its operations, but also the entire Chinese real estate market.
Ransomware attack on Michigan Sugar, the third largest sugar producer in the United States: Akira claims the theft of 40GB of sensitive information
What was stolen?
- Financial statements, invoices and sensitive business information
- Employee and customer information, including driver’s licenses, addresses and telephone numbers
- Medical information and death certificates
- Non-disclosure agreements (NDAs) and legal documents
Another significant attack on a critical American industry. If the information held by Akira is indeed exposed, it poses a real risk to employees, customers and business partners
Rose Acre Farms, the second largest egg producer in the US, has been hit by a cyberattack
The attackers breached systems via the company’s website goodegg.com.
It is currently unclear whether business or personal information was stolen, but the attack could cause supply chain disruptions and affect food distribution on a large scale.
Lynx Group is responsible for the attack.
Wealthsimple, a Canadian investment and fintech platform, confirmed a security breach
The incident was caused by a breach in a third-party package and allowed unauthorized access to personal information of less than 1% of the company’s customers (about 30,000 out of about 3 million).
The information exposed includes contact details, dates of birth, IP addresses, account numbers and government identification documents (including SIN – Canadian National Insurance Number).
However, no passwords were stolen, and no damage was recorded to the customers’ own funds.
The company informed the affected customers and offered them a two-year protection package that included credit monitoring, dark web monitoring, identity theft protection and insurance.
In addition, customers were asked to activate two-factor authentication (2FA), not use repeated passwords and beware of phishing messages.
Bridgestone, the world’s largest tire manufacturer, confirmed a cyberattack that affected its production systems in North America.
The attack caused the temporary shutdown of factories in South Carolina and Quebec, with employees being transferred to maintenance activities or sent home.
According to the company, this was a targeted incident in which the attackers attempted to penetrate operational systems (OT/IT), the systems were identified as being under attack at an early stage, which allowed for rapid isolation and prevention of spread.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
