As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 39, 2025
Information security updates and events from the past week
1. European airports ransomware
A ransomware attack against Collins Aerospace’s MUSE check-in/boarding system disrupted operations at key European hubs including Brussels, Berlin, and London Heathrow, causing widespread delays and cancellations as airports fell back to manual processing.
ENISA confirmed ransomware as the cause, with investigations continuing while airports worked through days of residual disruption into September 23.
Analyses highlighted the single point-of-failure risk in aviation IT supply chains and the heightened threat to critical infrastructure from organized cybercrime.
2. UK arrest in airport case
During the week, industry reporting noted that authorities in the UK quickly arrested an individual in connection with the Collins Aerospace incident as part of an active law enforcement response to the airport disruptions.
This development underscores the priority placed on attribution and disruption of criminal infrastructure impacting aviation operations at scale.
3. Stellantis third party breach
Automotive giant Stellantis disclosed it was investigating a data breach linked to a third-party service, with follow-on reporting indicating the incident was associated with the broader Salesforce-connected extortion wave and attributed by some sources to ShinyHunters.
Additional coverage suggested attackers claimed access to tens of millions of customer records via a vendor, reinforcing the ongoing risk of SaaS and supply-chain compromises across the auto sector.
4. Volvo employee data theft
Volvo Group North America notified current and former employees of a breach tied to third-party supplier Miljödata, with stolen data reportedly including personnel information and illustrating the persistent exposure from vendor ecosystems.
The case adds to a steady cadence of workforce data compromises where HR and payroll-adjacent providers serve as high-value targets for criminal groups.
5. Maryland Transit breach claim
The Rhysida ransomware group claimed responsibility for a breach at the Maryland Transit Administration, demanding a US$3.4 million ransom and posting samples allegedly including passport and Social Security images while state officials continued to assess scope and impact.
The claim follows a broader 2025 pattern of U.S. government entity ransomware cases, with researchers tracking dozens of confirmed incidents this year affecting service continuity and citizen data.
6. Boyd Gaming breach
Casino operator Boyd Gaming was reported as hacked with employee data stolen, expanding the week’s tally of high-profile U.S. corporate victims and emphasizing the sector’s exposure to data-theft and extortion plays.
The incident reflects attackers’ sustained focus on hospitality and gaming environments where identity stores and operational uptime pressures increase extortion leverage.
7. Alliance Steel ransomware
Reports indicated the SafePay ransomware group targeted Alliance Steel Co. in the U.S., demonstrating continued activity by mid-tier ransomware crews pursuing manufacturing targets with double-extortion tactics.
Manufacturing victims often face production downtime and sensitive partner data exposure, compounding recovery costs and supply-chain disruption risks.
8. Ransomware trend report
A Searchlight Cyber dark web intelligence report released this week found 3,734 victims posted by ransomware groups in H1 2025, up 67% year-over-year, alongside 35 new groups and a 16% increase in active crews, with 65% of listed victims in NATO countries.
The report also noted evolving extortion tradecraft and vulnerability exploitation, underscoring the need for continuous threat intelligence and hardening against SaaS and third‑party exposures highlighted by this week’s incidents.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
