As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 28, 2025
Information security updates and events from the past week
1 M&S admits: Hackers managed to trick employees and break into entire network
British retail chain M&S has admitted that hackers managed to break into it using a simple phone scam. The attackers posed as an employee of the company, tricked the technical support company into resetting a password, and from there hacked into the entire network. They eventually took control of the computers and demanded a ransom.
– On April 17, the attackers called Tata, which provides IT services to M&S
– They posed as a real M&S employee and asked to reset his password
– Tata employees fell for the scam and reset the password
– The attackers logged in with the new password and began hacking into other systems
– They eventually managed to run the DragonForce ransomware on the computers
Archie Norman, chairman of M&S, explained to members of parliament: “They didn’t just call and say, ‘Change my password.’ It was a sophisticated impersonation; they came with all the correct details of the employee.”
The damage:
– The company shut down all computers to stop the spread
– The attackers managed to encrypt many servers and steal about 150 gigabytes of data
– The DragonForce group has not yet released the stolen data, suggesting that a ransom may have been paid
– Norman declined to say whether they paid, but said they left the matter to “professionals”
The case shows how easy it is for attackers to trick employees and break into large companies. Often, a single successful phone call is enough to start an attack that can cost millions.
2 PC version of Call of Duty: WWII taken down after hackers took control of players’ computers
Over the weekend, a storm began surrounding the PC version of the game Call of Duty: WWII. Players reported having their PCs taken over in real time while playing.
Players posted videos showing their computers being hacked in real time while playing.
– The 2017 game was released on 30 June via Xbox GamePass
– On July 5, the company announced that it was pulling the PC version from the Microsoft Store while it investigated a “problem”
– Players began posting disturbing videos of their computers being taken over
– Hackers displayed malicious messages to players telling them “I just hacked your computer”
– Some computers were forcibly shut down and hackers replaced background images with offensive images
According to an analysis by Malwarebytes, this appears to be a security flaw that allows remote code execution (RCE) via the game’s network connections. Since the old game actot maintained with dedicated servers, it uses a Peer-to-Peer mechanism – meaning one of the players’ computers act as a temporary server. Through it, attackers manage to infiltrate other players’ systems
So far, Activision has not provided an official response. The games have been removed from the store, and as of now, there is no indication when they will be back up and running
The story highlights the growing risks of connected PC games, especially when it comes to older games that no longer receive Regular security updates.
3 Critical vulnerability in KIA systems allows hackers to control the car using images
Security researchers have discovered a serious vulnerability in the entertainment systems of KIA vehicles that allows attackers to take control of the vehicle’s functions using malicious image files. The vulnerability is classified as CVE-2020-8539 and allows attackers to break into the entertainment system and run malicious code that can affect driving safety.
– Attackers create a PNG image file that looks normal but contains malicious code
– When the file is loaded into the car via USB or Bluetooth, the entertainment system tries to display the image
– The malicious code exploits a problem in the software that reads images and manages to take control of the system
– The attacker gains control of the entertainment system and can perform unauthorized actions
What attackers can do:
The vulnerability is dangerous because today’s in-car entertainment systems are connected to other systems in the car. Successful exploitation by the attacker could remotely unlock or start the vehicle, access the driver’s personal information, change navigation and multimedia settings, and even connect to the vehicle’s critical safety systems.
In the worst case, attackers could affect systems such as brakes, steering, or engine, although this requires advanced technical knowledge and switching between different systems in the vehicle. The vulnerability particularly endangers the privacy of drivers who could lose sensitive information such as locations, contacts, and usage data.
KIA’s response:
The company has released a software update that fixes the problem and recommended that all vehicle owners install it immediately. KIA also recommends avoiding connecting foreign devices to the vehicle and only loading files from trusted sources.
The discovery joins similar cases in the automotive industry in recent years that we have also published here under the #Automotive tag, in which researchers have proven that it is possible to hack into vehicles through systems that are considered secure.
4 Qantas Airlines: Hacker contacts airline after breach that exposed 6 million customer data
Australian airline Qantas said it has been contacted by what it calls a “potential cybercriminal” following a major breach that exposed customer personal data. The airline is investigating the credibility of the person who made the contact.
Contact details:
– Qantas did not release details of how to contact
– It is unclear whether a ransom payment was required from the company
– The company contacted the Australian Federal Police and declined to provide details
– “As this is a criminal matter, we have contacted the Federal Police and will not comment on contact details”
Status:
– No further threat activity has been detected on the systems since the incident was stopped on June 30
– There is no evidence that personal information stolen from Qantas has been published so far
– The company continues to actively monitor with cybersecurity experts
The company will update customers this week on the specific types of personal information that was compromised, with details varying from customer to customer.
5 Louis Vuitton Korea: Hackers breached systems and stole customer details
Louis Vuitton’s South Korean company announced that hackers breached its computer systems in June and stole personal information from customers. The company stressed that credit card and bank account details were not stolen.
The company only discovered the breach on Wednesday
and reported it to the Korean government
The company’s response:
Louis Vuitton said: “We regret to inform you that an unauthorized party temporarily accessed our system and caused a leak of customer information.” The company added that it had stopped the breach and strengthened security.
This is not the first time that LVMH companies in Korea have been hacked. Since May, the Korean government has been investigating similar data leaks at Christian Dior and Tiffany & Co., which are also owned by the same group.
This incident highlights how important it is for companies to invest in better data security, especially when it comes to companies that hold sensitive customer information in general and luxury brands in particular.
6 Attacker claims to have exposed 300,000 McDonald’s customer logins
An attacker named xCapuche1337 claims to have exposed a database of 300,000 user logins from McDonald’s websites around the world.
Details of the leak:
– 300,000 email addresses and passwords in plain text
– The data was collected from McDonald’s websites in various countries
– Including ordering platforms, customer accounts and franchise systems
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
