As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 38, 2025
Information security updates and events from the past week
1. Ransomware Attack on Major European Airports
A widespread ransomware attack struck several major European airports, including Brussels, Berlin, and London Heathrow. The attack targeted Collins Aerospace’s MUSE check-in and boarding systems, which led to severe operational disruptions, flight delays, and thousands of cancellations across these airports. At Brussels Airport, authorities requested half of all flights be canceled for Sunday, while Heathrow experienced more than 90% of flights delayed—even four days after the initial attack. Investigations confirmed the incident as ransomware, though the identity and motivations of the perpetrators are still unknown. Manual check-in procedures were used as an interim measure, and the fallout underscored air travel’s critical dependence on vulnerable IT infrastructure.
2. Kering Group Data Breach (ShinyHunters)
Luxury retail conglomerate Kering, owner of Gucci and Balenciaga, disclosed a major data breach orchestrated by the ShinyHunters group. Attackers exfiltrated and leaked personal information of 7.4 million customers worldwide, including emails, phone numbers, and purchase addresses. The compromised data raises substantial risks of targeted scams and privacy violations for luxury brand customers. The ShinyHunters attack is part of a broader trend targeting high-profile retailers and demonstrates ongoing vulnerabilities in supply chain and cloud platforms.
3. Jaguar Land Rover Ransomware — Global Factory Shutdown
Jaguar Land Rover faced a significant ransomware incident that led to a shutdown of production lines for several days. The breach reportedly involved a third-party supply chain partner, resulting in halted manufacturing at multiple facilities, delayed new vehicle deliveries to customers, and a substantial disruption to the automaker’s global supply chain. Investigators are working to determine the attack vector and mitigate ongoing risks to operations and partners.
4. Air France–KLM Third-Party Data Exposure
A third-party provider supporting Air France and KLM customer interactions was breached, exposing personal data such as names, frequent flyer numbers, and emails. This event fits a pattern of supply chain and SaaS platform attacks on the travel sector, pushing airlines to reevaluate vendor risk and security controls in customer service operations. The breach highlights heightened threats to businesses relying on external service providers for core consumer operations.
5. TransUnion (U.S.) Data Breach via Malicious OAuth App
TransUnion, a leading American credit reporting agency, reported a breach in which attackers used a malicious OAuth-connected application within Salesforce to access data on 4.4 million Americans. Compromised records included names, social security numbers, emails, and phone numbers, making this incident a serious identity theft risk and prompting scrutiny over cloud service integrations and third-party app vetting in large enterprises.
6. Workday SaaS Supply Chain Attack
Workday, an enterprise SaaS provider, suffered a supply chain attack similar in nature to other recent incidents. The compromise affected several global business clients who leverage Workday for HR and payroll solutions, illustrating how trusted SaaS relationships can be weaponized by attackers. Customers were alerted to possible data exposure and urged to enable additional controls to limit future risks.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
