WEEKLY TOP TEN: November 10, 2025, 16:00 GMT
- Hyundai Autoever America Hit in Massive Owner Data Breach
Attackers accessed systems of Hyundai AutoEver America, exposing highly sensitive data of Hyundai, Kia, and Genesis owners, including Social Security numbers and driver’s license details. Intrusion ran from February 22 to March 2, 2025, but was confirmed and disclosed publicly in this window, highlighting serious detection and notification gaps. The breach impacts up to millions of vehicle owners across North America and underscores supply-chain and IT subsidiary risk in large automotive groups, along with the need for tighter monitoring, segmented environments, and robust incident response validation. - Slack Account Compromise Exposes 17,368 Records
Nikkei disclosed that an attacker used stolen credentials from an infected employee device to access internal Slack workspaces, exposing data of 17,368 employees and business partners. Exposed information includes names, email addresses, and chat histories. While reporting obligations were debatable under local law, the company voluntarily notified regulators and committed to stronger controls. The incident is a clean illustration of endpoint compromise plus collaboration-tool access, reinforcing MFA, EDR coverage, strict token hygiene, and better monitoring of internal messaging platforms. - Development & Alumni Systems Breach at University of Pennsylvania
University of Pennsylvania confirmed that a threat actor breached systems tied to development and alumni operations, stealing approximately 1.7 GB of data. Compromised information reportedly includes donor and alumni details, contact information, and relationship data, raising fraud and phishing risk for a high-value demographic. The attack involved access to multiple internal platforms and spoofed official emails, pressing universities to treat advancement and fundraising infrastructure with the same security rigor as core academic and clinical systems. - State Actors Exploit Sonic Wall Cloud Backup Settings
SonicWall confirmed that a state-sponsored actor exploited an API-related weakness to access firewall configuration backup files for customers using a specific cloud backup service. Exposed data includes network configurations that could assist follow-on intrusions. SonicWall says the vulnerability has been remediated and impacted customers notified. The incident is strategically serious: configuration intelligence on security appliances gives adversaries a ready-made blueprint for targeting enterprise networks, and it spotlights the blast radius of centralized backup services. - Breach Tied to Oracle E-Business Campaign
The Washington Post confirmed it is among organizations compromised in a broader campaign abusing Oracle E-Business Suite vulnerabilities. Attackers stole internal business data and employee personal information, following extortion emails referencing data allegedly taken from Oracle-linked systems. This incident ties a major media organization into a supply-chain style intrusion where enterprise software flaws and shared platforms amplify systemic risk, reinforcing urgency around rapid patching and third-party risk assessments. - Broadcast Disruption Cyberattack
Regional broadcaster RTV Noord (Netherlands) reported a major hack on November 6, 2025, disrupting TV, radio, and digital platforms. Systems were sufficiently impacted that staff resorted to manual and “back to LPs” workarounds to stay on air. A ransom-style note was reportedly left, suggesting a likely ransomware or similar extortion attack, although full technical details remain undisclosed. The case illustrates ongoing targeting of regional media and critical local communications infrastructure with operational technology dependencies. - Nevada Ransomware Report Details Scope
A public after-action report revealed that a Nevada state government ransomware attack discovered in August actually began in May 2025 via a malicious tool download. The incident disrupted key services including licensing and background checks and cost roughly $1.5 million in recovery (no ransom paid). No confirmed data theft, but the report exposes weaknesses in decentralized IT, logging, and segmentation. It’s a blunt lesson in dwell time, early detection failure, and the cost-benefit of centralized SOC capabilities. - Four Terabyte Azure Backup Exposure
Follow-up reporting confirmed Ernst & Young exposed roughly 4TB of SQL Server backup data in a misconfigured Azure environment. The dataset allegedly included internal documents, credentials, and client-related information. Discovery and deeper coverage landed in this period, turning a cloud migration misstep into a flagship example of configuration risk at a global consultancy. The case underlines that even “top-tier” firms can leak crown jewels through basic storage misconfigurations and incomplete data governance. - New Attack Variant Hitting ASA/FTD Devices
A fresh wave of attacks was disclosed targeting Cisco Secure Firewall ASA and FTD devices vulnerable to CVE-2025-20333 and CVE-2025-20362. Attackers use a new variant to force constant reloads and denial-of-service conditions against unpatched appliances. While positioned as an evolution of ongoing campaigns, the November 6 update confirms active exploitation and operational impact. Organizations running edge firewalls as primary perimeter controls are pushed—again—to treat these as high-priority patch and monitoring assets. - LinkedIn Phishing Campaign Targets Executive Credential Theft
Researchers detailed a targeted phishing campaign abusing LinkedIn direct messages to lure senior executives—especially in finance—into fake “board invitation” workflows. Victims are redirected to credential-harvesting pages for enterprise accounts, leading to potential compromise of corporate email and SaaS environments. Coverage dated November 3 frames this as a live, large-scale social engineering operation that exploits trust in professional networks and inadequate MFA enforcement.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available: