As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 41, 2025
Information security updates and events from the past week
1. Qantas (Australia) – Massive Customer Data Leak
Hackers from the Scattered Lapsus$ Hunters group leaked personal data belonging to 5.7 million Qantas customers after a ransom deadline expired. The data leak included names, emails, phone numbers, addresses, dates of birth, genders, frequent flyer numbers, status tiers, and points balances. The compromised information originated from a Salesforce-hosted customer service platform. The breach also affected dozens of other large companies using Salesforce, with attackers claiming over one billion records stolen in total. Qantas is offering round-the-clock support and identity protection to affected customers and working with authorities, while advising vigilance against fraud attempts. Despite a court order to stop publication, the data quickly spread on dark web forums.
2. Orange Telecom (France) – Ransomware/Data Breach
French telecom giant Orange confirmed a ransomware attack that led to the theft and publication of business customer data on the dark web. The incident was attributed to the Warlock ransomware group. Orange stated that attackers gained only limited access to internal systems and exfiltrated outdated data, but the ongoing wave of attacks against orange divisions in multiple countries highlights the persistent cyber risk telecom operators face.
3. Global Healthcare – 400% Surge in Ransomware vs. Hospitals (United States & Worldwide)
A joint FBI-CISA alert revealed a staggering 400% surge in ransomware attacks targeting U.S. healthcare since July 2025, with more than 350 hospitals compromised, 18 million patient records exposed, and $500 million+ in ransom demands. LockBit 3.0, BlackCat/ALPHV, Royal, Hive, and BianLian ransomware variants dominated attacks. Emergency departments diverted patients and canceled surgeries, with an average 23-day operational outage. Federal and state officials called the situation “the most severe healthcare cybersecurity crisis in U.S. history,” with costs to the sector estimated at $92 billion for 2025.
4. Rheinmetall (Germany) – Defense Contractor Hit by BlackBasta Ransomware
German defense conglomerate Rheinmetall AG, one of the key military equipment manufacturers in Europe, suffered a BlackBasta ransomware attack that disrupted military production. The incident is part of a series of ransomware campaigns this year targeting defense and critical manufacturing sectors globally, representing an ongoing risk to defense supply chains and national security.
5. Oracle E-Business Suite/VMware/Veeam – Widespread Critical Exploitation
Multiple zero-day vulnerabilities saw active exploitation this week by ransomware and data theft groups. These include Oracle E-Business Suite (CVE-2025-61882) targeted by Cl0p, VMware ESXi (CVE-2025-22245), and Veeam Backup (CVE-2025-40633). Security agencies issued emergency patching guidance as attackers prioritized these flaws for initial access, data exfiltration, and late-stage ransomware deployment.
6. Medusa Ransomware – Exploiting GoAnywhere MFT Flaw (Storm-1175 Group)
The Medusa ransomware group, via Storm-1175, exploited a critical vulnerability in Fortra’s GoAnywhere MFT file transfer system (CVE-2025-10035) to conduct targeted ransomware campaigns against hundreds of organizations globally. The flaw allowed attackers to gain access and deploy ransomware with minimal interaction. Security researchers urged urgent patching and forensic review for any Fortra GoAnywhere users.
7. Advanced Nation-State and Supply Chain Attacks
Reports this week highlighted Chinese threat actors exploiting Ivanti Connect Secure VPNs and a SharePoint zero-day to access 400+ organizations, including U.S. government and national security agencies. Supply chain threats and data leaks via cloud/SaaS vendors (notably Salesforce) were frequent, compounding enterprise risk at scale.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
