As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 19, 2025
Information security updates and events from the past week
1 South African Airways hit by major cyberattack over weekend
South African Airways (SAA) suffered a major cyberattack over the weekend that affected access to the airline’s online platforms, including its website, mobile app and a number of internal systems
The attack began on Saturday and affected the airline’s key digital systems
2 West Lothian schools hit by ransomware attack
West Lothian Council in Scotland has confirmed that its education network has been hit by a ransomware attack. The council is implementing contingency plans to ensure the continued operation of schools in the area
– The attack affected the council’s educational computer network
– There is no evidence at this stage that any personal or sensitive information has been exposed or stolen.
The attack affects a large education system in Scotland, including 13 secondary schools, 69 primary schools and 61 early childhood settings in the West Lothian region.
3 Masimo Reports Ongoing Impact on Its Operations Following Cyber Incident
Medical technology manufacturer Masimo Corporation has filed an official report with the US Securities and Exchange Commission (SEC) clarifying details about a cyber incident that occurred on April 27, 2025
– The company notes that “the full scope, nature and impact of the incident are not yet known”
– The company’s ability to process, ship and deliver orders to customers in a timely manner is being affected
– The company did not disclose further details at this time regarding the source of the attack or whether sensitive information was stolen
4 Hydraulic component manufacturer KYB hit by second ransomware attack
Japanese hydraulic component manufacturer KYB, a leader in the automotive, hydraulics and aviation sectors, was hit by a ransomware attack in February 2025, which led to the leakage of personal information of thousands of people. This is the second attack on the company since 2020.
The company has a partnership with an Israeli company specializing in developing platforms for electric vehicles
KYB products are marketed in Israel through official distributors in the automotive aftermarket
– The company identified on February 18, 2025, that certain systems in its work environment were inaccessible
– The investigation of the incident revealed that an unidentified attacker gained access to the company’s systems between February 11-17, 2025
– The Cactus ransomware group claims responsibility for the attack and stated that it stole 1.8 terabytes of data
– The attackers have posted a sample of stolen documents as evidence, including a passport scan, technical drawings and a driver’s license
– So far, 2,041 people have been confirmed as victims in this incident, according to an update on May 6
The stolen information includes, according to the attackers, “data Engineering, drawings, personally identifiable information, customer and partner information, financial information, confidential business and marketing strategy information, production data, correspondence, HR department data, employee and management files, database exports and backups.”
KYB Corporation is now offering eligible victims free identity theft protection through Experian, suggesting that Social Security numbers were among the data exposed.
5 The new attack group IMN Crew attacks seven organizations worldwide
A new group called IMN Crew has emerged on the global cyber threat scene. The group has published a list of seven organizations that fell victim to its attacks on its leaked website, noting that the information stolen from them is already available for download.
The affected organizations:
– Spain: Synthesia Technology – a company in the field of chemicals and technology
– Mexico: Grupo Herradura Occidente – a group of companies engaged in various fields
– Croatia: Croatian Mint – the national mint of Croatia
– Indonesia: ABDA Insurance – a leading insurance company
– USA: Visiting Nurse Association – an organization that provides home health services
– USA: Denver Employees Retirement Plan – the pension fund of the city of Denver
– USA: Goodson Tools & Supplies – a provider of professional tools and equipment
6 Cyber-attack against Canadian electricity company Nova Scotia Power
Canadian electricity company Nova Scotia Power and its parent company Emera are during dealing with a cyber attack that damaged their information systems and networks, without affecting the supply of electricity to consumers
– On April 25, 2025, both companies detected unauthorized access to parts of their network
– In response to the attack, the companies disabled servers affected, causing disruptions to IT systems
– Customer support services and the online user portal were affected
– As of April 28, they were still working to restore services
– Immediately after identifying the external threat, the companies activated their incident response and business continuity protocols
– They hired leading third-party cybersecurity experts
– Actions were taken to contain and isolate the affected servers and prevent further intrusion
– Law enforcement agencies were notified of the incident
Experts believe it may have been a ransomware attack, although the companies did not share technical details about the incident. As of the time of publication, no known ransomware group has claimed responsibility for the attack.
7 Cyberattack shuts down Esse Health – patients stranded without files and without appointments
The attack caused systems to freeze, medical files to be locked, and medical services to be halted.
Now the phones are still not working at all, only SMS is active, and the queues and processes have been frozen.
The company claims to have detected unusual activity, and it is not yet known whether personal information was leaked.
8 Peru’s government systems are down after a cyberattack
The attack was carried out by the Rhysida group, which managed to infiltrate government systems and steal sensitive information.
The Rhysida group, which began operating in May 2023, focuses on attacking government, educational, and healthcare institutions.
As part of its extortion strategy, Rhysida threatened to publish the stolen information if the ransom was not paid.
9 Kelly Benefits, a U.S. benefits and payroll management company, is reporting that it has suffered a large-scale data breach.
The incident, which occurred on December 24, involved unauthorized access to sensitive personal information of the company’s customers, including names, Social Security numbers, dates of birth, medical and insurance information, and more.
The company informed the Maine Attorney General’s Office that the number of people affected by the breach has increased from an initial estimate of 32,000 to more than 413,000 people as of May 2025.
It is currently unknown whether this was a ransomware attack, and no attack group has claimed responsibility for the attack.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
