The digital landscape is a battlefield, and this week has been no exception. A relentless barrage of cyberattacks has targeted organizations of all sizes, from critical infrastructure providers to small businesses. The first and most crucial step in defending your organization is understanding your vulnerabilities. A professional Cyber Penetration Test is the only way to gain a clear picture of your security risks and build a resilient defense.
This weekly threat report from Cyber Grants Alliance breaks down the top 10 most significant cybersecurity incidents from the past week to help you stay informed and protected.
A sophisticated nation-state actor breached F5 Networks, a major provider of networking and security hardware, stealing source code and details of unpatched vulnerabilities. This has exposed over 266,000 F5 BIG-IP systems globally to potential remote attacks. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive compelling all federal agencies to patch their F5 devices immediately. The breach allows attackers to steal credentials, move laterally across networks, and achieve full system compromise.
This incident poses a critical threat to any organization relying on F5 BIG-IP products for application delivery and security. The most vulnerable sectors include federal agencies, financial institutions, healthcare providers, and large enterprises. Any business with an internet-facing F5 device is at immediate risk of a severe breach.
A critical vulnerability (CVE-2025-54253) in Adobe Experience Manager (AEM) Forms is being actively exploited in the wild. This flaw, which scores a perfect 10.0 on the CVSS severity scale, allows attackers to bypass authentication and execute code remotely, granting them complete control over vulnerable systems. CISA has added this vulnerability to its “Known Exploited” list, signaling an urgent need for organizations to apply the emergency patches released by Adobe.
Organizations using AEM for their websites and digital marketing, especially for collecting customer data through forms, are at extreme risk. This includes businesses in retail, financial services, media, and government. E-commerce platforms and companies with large customer-facing websites are prime targets for data breaches and system takeovers.
Microsoft’s latest “Patch Tuesday” release addressed a staggering 172 vulnerabilities, including six “zero-day” flaws that were unknown before being discovered by attackers. Three of these zero-days were already being actively exploited in attacks, allowing hackers to elevate their privileges and gain administrative control over Windows systems. The sheer volume and severity of these vulnerabilities underscore the constant threat facing all Windows users.
Every organization that uses Windows is impacted. However, businesses with legacy systems, a remote workforce using VPNs, or inconsistent patch management practices are at the highest risk. Attackers can leverage these flaws to escalate their access and deploy ransomware or steal sensitive data, making immediate patching a critical priority for all industries.
The notorious Clop ransomware gang has been exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle’s E-Business Suite, a widely used software for managing business operations. The attacks have already claimed high-profile victims, including a subsidiary of American Airlines and Harvard University. The flaw allows attackers to steal vast amounts of sensitive corporate data without needing any login credentials, leading to large-scale extortion campaigns.
This vulnerability places organizations that use Oracle E-Business Suite for their core operations at severe risk. The most vulnerable sectors are higher education, airlines, manufacturing, and retail. Any company managing financial, HR, or supply chain data with this software is a prime target for data theft and extortion.
The Akira ransomware group has launched a sophisticated campaign targeting SonicWall’s Secure Sockets Layer (SSL) VPNs, successfully compromising over 100 accounts. Alarmingly, the attackers are bypassing multi-factor authentication (MFA), a security measure that many organizations rely on to protect their remote access systems. This suggests the attackers may be using advanced techniques, such as stealing MFA seeds, to defeat these critical controls.
Small and medium-sized businesses that use SonicWall VPNs for remote employee access are the primary targets. This includes professional services firms, healthcare clinics, and legal practices. The ability to bypass MFA makes this a particularly dangerous threat for any organization with a remote workforce.
Microsoft successfully disrupted a ransomware campaign by the Rhysida group that was using malicious Microsoft Teams installers to infect corporate networks. The attackers cleverly signed their malware with what appeared to be legitimate security certificates to trick users and bypass security software. While Microsoft’s intervention prevented a widespread outbreak, the attack highlights the growing trend of using trusted applications and social engineering to deliver ransomware.
Organizations that use Microsoft Teams are potential targets, especially those that lack strict controls over software installation. The healthcare sector, a primary target for the Rhysida gang, is at particularly high risk, along with educational institutions and government agencies.
The peer-to-peer lending platform Prosper has suffered a massive data breach, compromising the personal and financial information of 17.6 million customers. The stolen data includes names, addresses, Social Security numbers, and other sensitive details, exposing a huge number of individuals to the risk of identity theft and financial fraud. This is one of the largest data breaches in the financial services sector this year.
The fintech and alternative lending sectors are the most direct victims, but the breach has wider implications for the entire financial services industry. The stolen data can be used to launch sophisticated phishing attacks against customers of other banks and financial institutions, making it a threat to the entire ecosystem.
SimonMed Imaging, a large U.S. provider of medical imaging services, has revealed that a data breach earlier this year exposed the sensitive health information of 1.2 million patients. This incident is part of a larger trend that has seen a 30% surge in ransomware attacks against the healthcare sector in 2025. Healthcare organizations remain a top target for cybercriminals due to the high value of patient data.
The healthcare industry is under siege. Hospitals, clinics, diagnostic labs, and their business associates are all at critical risk. The combination of sensitive patient data, legacy IT systems, and often limited cybersecurity budgets makes healthcare a perfect target for ransomware gangs.
The world-renowned auction house Sotheby’s has been targeted by hackers who stole sensitive personal and financial information belonging to its high-net-worth clients. The breach highlights the fact that no industry is immune to cyberattacks, and organizations that cater to wealthy individuals are becoming increasingly attractive targets due to the potential for high-value extortion.
This attack serves as a wake-up call for the luxury goods and services industry. Auction houses, high-end retailers, private wealth management firms, and any business that holds data on affluent clients must recognize that they are prime targets for sophisticated cyberattacks.
The FBI and CISA have issued a joint alert about the Interlock ransomware group, which is aggressively targeting small businesses across the United States. As a newer ransomware operation, Interlock is trying to make a name for itself by attacking organizations that often lack the resources to defend themselves effectively. The group uses double-extortion tactics, encrypting data and threatening to leak it online to pressure victims into paying a ransom.
Small and medium-sized businesses (SMBs) across all sectors are the intended victims of the Interlock ransomware. This includes retail shops, professional services, small manufacturing companies, and local government offices. Any SMB with valuable data and limited cybersecurity expertise is a potential target.
👉 Visit our website and apply for a grant today to strengthen your defenses.
Don’t wait until it’s too late. Take the first step towards a more secure future by running a Cyber Penetration Test and exploring the grant opportunities available through the Cyber Grants Alliance.
