As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 44, 2025
Information security updates and events from the past week
1. Qilin Ransomware Campaign – Linux BYOVD Hybrid Attacks
Qilin (also known as Agenda, Gold Feather, and Water Galura) was identified as one of the most active ransomware-as-a-service groups in 2025, claiming 40+ victims each month. This week, security analysts reported that Qilin began using a hybrid technique combining Linux payloads with a “Bring Your Own Vulnerable Driver” (BYOVD) exploit to bypass security and escalate privileges on targeted systems. This enhancement increases risk for enterprises running mixed OS environments.
2. ChatGPT Atlas Browser Prompt Injection
A significant security issue was identified in the new ChatGPT Atlas Browser. Malicious actors discovered that prompt injection attacks could be delivered by disguising a hidden command as a harmless URL. By exploiting the omnibox (address/search bar), attackers could trick the AI agent into executing unauthorized actions, raising concerns over misuse by phishing, spoofing, or data leakage if users unknowingly visit weaponized links.
3. Ongoing Qantas Data Leak Ripple Effect
Hackers from the Scattered Lapsus$ Hunters alliance continued circulating the personal data of 5.7 million Qantas airline customers on dark web forums, following the expiration of a ransom deadline earlier in October. The massive data cache, originally stolen from a compromised Salesforce-hosted customer platform, included names, emails, phone numbers, addresses, frequent flyer details, and more. Investigations revealed that the group targeted 39 Salesforce-dependent enterprises, potentially exposing more than one billion records in total. The breach highlights persistent high-value third-party and SaaS supply chain risks.
4. High-Profile Global Data Breaches (October Highlights)
Several breaches gained attention this week through public acknowledgments and data postings:
• Vietnam Airlines: Hackers published 23 million customer records on a public forum, sourcing the data from a third-party cloud partner. The records spanned 2020–2025.
• Huawei: Threat actors claimed a breach at Huawei Technologies, offering internal source code and development assets for sale online.
• Discord: The social platform suffered a breach via a compromised third-party provider, exposing names, emails, billing details, and even images of some government IDs. Discord did not disclose affected user count, but the platform’s large user base raises the potential impact.
• Kido Schools UK: Hackers leaked and later deleted sensitive children’s images and data following public pressure, after an attempted extortion campaign.
5. Widespread Local Government Attacks (U.S.)
Multiple U.S. local government entities, including Kaufman County (TX), the City of La Vergne (TN), and DeKalb County (IN), disclosed service outages and operational slowdowns due to cyber incidents. While officials have not confirmed data theft, disruptions affected core municipal functions such as payment and court systems.
6. Medusa & Storm-1175 – GoAnywhere MFT Vulnerability Exploitation
The Medusa ransomware group (Storm-1175) continued exploiting a critical Fortra GoAnywhere MFT vulnerability (CVE-2025-10035). Reports indicated at least 500 exposed online instances, enabling remote attacks and rapid ransomware deployment. Security researchers emphasized heightened patching urgency due to evidence of widespread zero-day abuse.
7. Ransomware Trends Update
Indicators show Medusa, BlackSuit, BianLian, and Black Basta among the most active ransomware families this autumn. RansomHub and LockBit led globally in confirmed attacks, with incidents proliferating across manufacturing, healthcare, telecom, and education sectors.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
