Exploit: Hacking

Risk to Business: Moderate: The Department of Education in Victoria, Australia, has confirmed a data breach that affected current students and inactive past student accounts across more than 1,700 government schools. On January 14, the department said an unauthorised third party breached a school’s network. A follow-up update on January 21 confirmed that the attacker accessed a Department of Education database containing student information. The exposed data includes student and school names, year levels and department-issued email addresses with encrypted passwords. The department stated that no other student data, such as dates of birth, home addresses, phone numbers or family details, was accessed. At this stage, there is no evidence that the data has been publicly released or shared with third parties. The Office of the Victorian Information Commissioner (OVIC) has launched an investigation into the incident.

United States – The Illinois Department of Human Services – Healthcare

Exploit: Hacking

Risk to Business: Moderate: The Illinois Department of Human Services (IDHS) confirmed a data breach that exposed sensitive records of roughly 700,000 individuals, marking one of the largest public-sector breaches in 2026. According to the agency, the breach exposed two separate sets of records. The first involves personal and program-related data tied to more than 672,000 Medicaid and Medicare Savings Program recipients, including addresses, case numbers, demographic details and medical assistance plan names. A second set of records affected around 32,000 customers of the Division of Rehabilitation Services, exposing names, addresses, case details and referral information spanning multiple years. IDHS said the investigation into the incident is ongoing, and officials are still working to determine how the intrusion occurred and whether additional data may have been accessed.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Ransomware & Malware

Risk to Business: Moderate: LG Energy Solution, a subsidiary of Korean multinational LG, has confirmed that it experienced a ransomware attack. According to the company, the attack targeted one specific overseas facility and did not impact its headquarters or other global sites. LG Energy Solution said the affected location has since returned to normal operations after recovery measures were implemented. The company is continuing security monitoring and conducting an internal investigation as a precaution. Meanwhile, the Akira ransomware gang has added LG Energy Solution to its leak site, claiming it stole 1.7 TB of data. The group claims the cache contains corporate documents, employee information databases and other sensitive files. According to the Federal Bureau of Investigation (FBI), Akira has already amassed more than $244 million in ransomware proceeds to date.

United States – International Game Technology (IGT) – Media, Sports & Entertainment

Exploit: Ransomware & Malware

Risk to Business: Moderate: International Game Technology (IGT), a global leader in digital gaming, sports betting and fintech solutions for casinos and online platforms, confirmed a significant cybersecurity incident on November 17. In a filing with the U.S. Securities and Exchange Commission (SEC) last Tuesday, the company reported experiencing operational disruptions following unauthorised access to its internal IT systems and applications. IGT stated that it immediately activated its incident response (IR) plan and launched an investigation with support from external advisors. While the company did not disclose the nature of the attack, taking systems offline is a common response to ransomware activity. Meanwhile, the Qilin ransomware gang has added IGT to its dark web leak site, claiming it stole 10 GB of data — an estimated 21,600 files. Although the group did not publish sample data, it labeled the archive as “publicated,” suggesting the stolen files may already be circulating online.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Phishing

Risk to Business: Severe: A large-scale phishing campaign is targeting the global hospitality industry, with attackers aiming to gain unauthorized access to hotel booking platforms, including Booking.com. In this campaign, hotel managers are being tricked into visiting ClickFix-style phishing pages that steal their login credentials and install PureRAT ransomware. Attackers use compromised email accounts to send convincing spear-phishing messages that impersonate legitimate booking platforms. Once hotel staff click on these links, they will be redirected to malicious websites that will install ransomware and harvest credentials. Active since April 2025, this operation is part of a growing trend of phishing attacks on hotel booking systems. Threat actors either sell stolen booking platform accounts on cybercrime forums or use them to send fraudulent emails to hotels and guests, thereby committing financial fraud.

United States – The University of Pennsylvania – Education

Exploit: Hacking

Risk to Business: Moderate: The University of Pennsylvania confirmed a massive data breach on November 5, which exposed the personal information of students, alumni, staff and community affiliates. The breach reportedly exposed more than 1.2 million records. The cyber incident came to light on October 31, when several members of the Penn community received emails claiming to be from the university’s Graduate School of Education (GSE). The university later confirmed that certain systems linked to its development and alumni activities had been compromised. The stolen data includes personally identifiable information (PII) — some of which dates back decades — along with banking details. However, the university said that no medical information was involved in the breach. According to Penn, the attack began with a social engineering scam. After learning of the incident, university staff quickly locked down the affected systems but were unable to prevent the fraudulent emails from being sent or the sensitive information from being stolen.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Third-Party Data Breach

Risk to Business: Severe: Clop, the notorious cyber extortion group behind several high-profile breaches, has listed Australian personal protective equipment (PPE) manufacturer Ansell as a victim on its darknet leak site. The claim comes just weeks after Ansell disclosed “unauthorised data access” in an Australian Securities Exchange (ASX) announcement. On October 14, Ansell confirmed the breach stemmed from vulnerabilities in licensed third-party software. The hackers have now allegedly published a 552GB dataset that is said to have been exfiltrated from Ansell’s network, sharing it via the BitTorrent peer-to-peer protocol. The torrent file, made available on November 3, has already been downloaded multiple times. So far, the hackers have not disclosed what data is included in the breach, nor have they shared proof of compromise or any ransom demand.

United Kingdom – Ernst & Young – Finance

Exploit: Misconfiguration

Risk to Business: Moderate: A major cloud misconfiguration has exposed a massive amount of data belonging to British multinational professional services firm Ernst & Young (EY). The exposure has become one of the most talked-about topics in cybersecurity circles this week. Cybersecurity researchers discovered 4TB of publicly accessible EY data on Microsoft Azure during a routine network and cloud scan. The file carried a .BAK extension, indicating it was a full SQL Server database backup. The exposed backup likely contained sensitive information such as user data, API keys, credentials, authentication tokens and database schemas. Experts warn that such a large volume of exposed data could have serious consequences. With today’s automated scanning tools, countless threat actors could have easily found and accessed the files.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Hacking

Risk to Business: Severe: Western Sydney University has confirmed a major cyberattack that stole sensitive student data, including tax file numbers, passport details and private health and disability information. On October 23, the university revealed that the breach occurred through its student management system, which is hosted by a third-party provider on a cloud-based platform. Its investigation found that a daisy chain of suppliers had been exploited during the breach, starting at an additional external system, which itself was linked to the third-party cloud platform. The breach of the third- and fourth-party systems allowed hackers to access and exfiltrate data from the student management system. The stolen information includes names, dates of birth, ethnicity, employment and payroll details, bank account numbers, tax file and driver’s license numbers, passport and visa information, and even complaint, health, disability and legal records — making it one of the most severe education-sector breaches in recent months.

North America – Gmail – Technology

Exploit: Hacking

Risk to Business: Moderate: A massive email breach has been uncovered, reportedly compromising more than 183 million email accounts, including millions of Gmail users. Data breach notification service Have I Been Pwned revealed that the stolen emails and passwords were collected through infostealer malware. The breach, which occurred in April, saw cybercriminals quietly gather login details over time. The discovery has raised serious concerns across the tech industry about personal data security and the growing threat of infostealers that harvest sensitive information undetected for sale on the dark web.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Hacking

Risk to Business: Moderate: Vocus, Australia’s fourth-largest telco, announced that 1,600 home internet and mobile customers were affected by a hack targeting its business email and mobile services. On October 17, the company — which owns Dodo and iPrimus — detected suspicious activity in its email system. An investigation revealed unauthorised access to approximately 1,600 email accounts, resulting in SIM swaps on 34 Dodo Mobile accounts. In response, Vocus temporarily suspended certain services to contain the issue and begin recovery efforts. Vocus said it continues to monitor the situation closely and has worked with affected customers to reverse the SIM swaps and restore their services.

Europe – Volkswagen – Manufacturing

Exploit: Hacking

Risk to Business: Moderate: Volkswagen, one of the world’s largest automakers, has reportedly been hit by the ransomware group 8Base. The group publicly claimed in September 2024 that it had breached Volkswagen’s systems. Known for deploying Phobos ransomware and using double-extortion tactics, 8Base claimed to have exfiltrated confidential files on September 23, 2024, threatening to leak them by September 26. Although no data appeared immediately after the deadline, the group later listed the allegedly stolen information on its dark web site, including invoices, accounting records, employee files, contracts, certificates and multiple confidentiality agreements. While Volkswagen maintains that its core IT infrastructure remains unaffected, the limited response has raised questions about the full scope of the incident and whether a third-party system may have been compromised.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Third-Party Data Breach

Risk to Business: Moderate: On October 12, 2025, Qantas Airways confirmed that hackers had released the personal data of more than 5.7 million customers on the dark web. Qantas is among many global companies — including Toyota, Disney, Ikea, Air France and KLM — targeted by the hacker collective Scattered Lapsus$ Hunters. The group reportedly stole nearly 1 billion records in July by targeting customers of cloud technology giant. While the hackers did not breach Salesforce itself, they instead impersonated legitimate Salesforce employees in calls to IT helpdesks of the affected companies to gain access. In Qantas’ case, a call center in the Philippines was reportedly exploited to obtain access. The exposed passenger data includes dates of birth, phone numbers, addresses, emails and frequent flyer numbers. Qantas confirmed that no credit card, financial or passport details were compromised and that frequent flyer accounts remain secure.

United States – SonicWall – Technology

Exploit: Hacking

Risk to Business: Moderate: SonicWall’s disclosure last month of a data breach on its cloud backup service appears to be far more serious than initially believed. On October 8, following a full investigation conducted with Google’s Mandiant, SonicWall announced that an unauthorised party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service. This is a significant escalation from the company’s earlier assessment on September 17, when it believed only 5% of its firewall install base was affected. Meanwhile, SonicWall reaffirmed that the exposed files contain encrypted credentials and configuration data. The company urges all customers to log in and review their devices immediately. It has also started notifying partners and users directly and released tools to help assess and remediate affected systems.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Ransomware & Malware

Risk to Business: Moderate: Asahi Group Holdings, Ltd., one of Japan’s largest beverage companies, has confirmed that it was the victim of a ransomware attack. The company shared the update on October 3, about a week after disclosing the cyberattack, which forced it to suspend some domestic operations. During its ongoing investigation, Asahi discovered a potential unauthorised transfer of data from its systems. The company has not yet determined the nature or scope of the compromised information, nor has it disclosed whether the attackers issued a ransom demand.

United States – Cisco – Technology

Exploit: Third-Party Data Breach

Risk to Business: Moderate: Cybersecurity agencies worldwide, including CISA and the U.K. National Cybersecurity Center (NCSC), warned of an “advanced threat actor” actively targeting devices running Cisco’s Adaptive Security Appliances (ASA) firewall software. According to the agencies, the “widespread” campaign exploits zero-day vulnerabilities in Cisco devices, allowing attackers to run malicious code and deploy malware. Impacted equipment includes certain Cisco ASA 5500-X Series devices, which act as firewalls protecting corporate networks from intrusions. In a statement, Cisco analysts said they have “high confidence” the campaign is tied to ArcaneDoor — a state-sponsored threat actor the vendor first identified in 2024. In an emergency directive issued last Thursday, CISA ordered government cyber teams to locate all affected devices within just over one day, scan them for malicious activity and apply the security updates designed to patch the vulnerabilities.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Misconfiguration

Risk to Business: Moderate: The New South Wales Ministry of Health (NSW Health) confirmed an accidental leak of confidential documents belonging to nearly 600 medical staff members. The exposed data reportedly included personal details of current and former senior medical officers and other staff members. Due to an undisclosed misconfiguration on the South Eastern Sydney and Illawarra Shoalhaven local health districts’ websites, sensitive documents such as passports, driver’s licences, Medicare cards, professional credentials, registrations and work histories were accessible online. All exposed documents have since been removed from the websites, and a full investigation is underway. NSW Health has stated that forensic analysis is being conducted to determine the extent of the incident.

United States – US HealthConnect – Heathcare

Exploit: Third-Party Data Breach

Risk to Business: Moderate: Earlier this month, US HealthConnect, a provider of continuing medical education and promotional education to healthcare providers, disclosed a cybersecurity incident to the Texas Attorney General. The report indicated that an unauthorised third party may have accessed sensitive personal and protected health information. On January 25, 2025, the company identified suspicious activity within its computer network and brought in third-party cybersecurity specialists to investigate. The inquiry confirmed that an unauthorised actor had gained access to its systems and may have obtained certain data, including names and Social Security numbers. In response, US HealthConnect enhanced its security policies and procedures, adding further administrative and technical safeguards to defend against similar threats. The organisation is also offering affected individuals up to 24 months of complimentary credit monitoring and identity theft protection services.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Exploit: Hacking

Risk to Business: Moderate: Jaguar Land Rover (JLR) has suspended production at multiple sites following a cyberattack that infiltrated its internal IT systems, with disruptions expected to last into October. Thousands of workers at JLR’s Halewood, Solihull and Wolverhampton. U.K. plants have been told to stay home until the issue is resolved, though they will continue to be paid. Similar pauses affect JLR operations in Slovakia, Brazil and India. While dealerships and garages remain open, suppliers including WHS Plastics, Evtec, OPmobility and SurTec have also been impacted. A Telegram channel linked to hacking groups Scattered Spider, Lapsus$ and ShinyHunters has posted screenshots of what appear to be JLR’s internal systems. Scattered Spider, previously tied to attacks on M&S, Co-op and Harrods, is suspected of involvement.

United States – Salesloft Drift – Technology 

Exploit: Hacking

Risk to Business: Moderate: Cloudflare, Zscaler and Palo Alto Networks confirmed this week that they were affected by a hacking campaign exploiting integrations with Salesloft Drift, an AI platform connected to Salesforce systems. The campaign, attributed to threat actor UNC6395, ran between August 8 -18 and may have impacted more than 700 companies. Salesloft said attackers used stolen credentials to exfiltrate customer data via its Drift chatbot tool, acquired last year. While Salesforce disconnected Salesloft as a precaution, the company said it has seen no evidence of malicious activity within the platform itself.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.