United States
The University of Pennsylvania
The University of Pennsylvania confirmed a massive data breach on November 5, which exposed the personal information of students, alumni, staff and community affiliates. The breach reportedly exposed more than 1.2 million records.
The cyber incident came to light on October 31, when several members of the Penn community received emails claiming to be from the university’s Graduate School of Education (GSE). The university later confirmed that certain systems linked to its development and alumni activities had been compromised. The stolen data includes personally identifiable information (PII) — some of which dates back decades — along with banking details. However, the university said that no medical information was involved in the breach.
According to Penn, the attack began with a social engineering scam. After learning of the incident, university staff quickly locked down the affected systems but were unable to prevent the fraudulent emails from being sent or the sensitive information from being stolen.
SourceHow it could affect your business
Reports suggest that the lack of multifactor authentication (MFA) on some accounts may have given the attacker an entry point in this breach. This highlights the importance of enforcing MFA across all user accounts and implementing stricter access controls. These simple but critical measures can greatly reduce the risk of unauthorized access and limit the damage from social engineering attacks.
United States
Oglethorpe
Oglethorpe, a Florida-based network of mental health and addiction recovery treatment providers, disclosed a major data breach that affected more than 92,000 individuals.
The provider, which operates facilities across Florida, Louisiana and Ohio, notified patients that their protected health information (PHI) had been stolen by hackers. According to a filing with the Maine Attorney General’s Office, the cybersecurity incident began on May 15 and was detected on June 6. Following an investigation that concluded on October 23, it was found that sensitive data had been compromised, including names, birth dates, Social Security numbers, driver’s license numbers and medical information.
Oglethorpe now faces mounting legal challenges as patients begin filing lawsuits, citing concerns about identity theft, fraud and the misuse of their personal information.
SourceHow it could affect your business
Healthcare organizations remain prime targets for cybercriminals due to the high value of medical and personal data. This incident highlights the importance of robust data governance measures, including strong encryption, timely threat detection and strict access controls, to safeguard patient information and maintain trust.
North America
Booking.com
A large-scale phishing campaign is targeting the global hospitality industry, with attackers aiming to gain unauthorized access to hotel booking platforms, including Booking.com.
In this campaign, hotel managers are being tricked into visiting ClickFix-style phishing pages that steal their login credentials and install PureRAT ransomware. Attackers use compromised email accounts to send convincing spear-phishing messages that impersonate legitimate booking platforms. Once hotel staff click on these links, they will be redirected to malicious websites that will install ransomware and harvest credentials.
Active since April 2025, this operation is part of a growing trend of phishing attacks on hotel booking systems. Threat actors either sell stolen booking platform accounts on cybercrime forums or use them to send fraudulent emails to hotels and guests, thereby committing financial fraud.
SourceHow it could affect your business
ClickFix is a phishing framework that creates fake login portals to steal credentials and spread malware like ransomware. To prevent such attacks, businesses should train employees to identify phishing attempts, enforce MFA on all accounts and deploy advanced email security tools to detect and block malicious links before they reach users.
North America
Google users
Google’s Trust & Safety team has issued a new scam advisory for all users, revealing alarming statistics: 57% of adults have encountered a scam in the past year, and 23% reported losing money as a result.
The company warned its users about six major scam trends to watch out for: online job scams, negative review extortion schemes, artificial intelligence (AI) product impersonation scams, malicious VPN apps and extensions, fraud recovery scams and seasonal holiday scams. Google also noted that scammers are increasingly using AI tools to scale and enhance their operations, making their schemes harder to detect.
SourceHow it could affect your business
As threat actors utilize AI to launch more sophisticated scams, businesses can use the same technology to strengthen their defenses. Leveraging AI for continuous monitoring, anomaly detection and automated response helps organizations detect threats faster and protect user accounts and sensitive data more effectively.
North America
Monsta FTP
Security researchers have discovered an actively exploited remote code execution (RCE) vulnerability in Monsta FTP, a web-based file transfer protocol (FTP) client used by financial institutions, enterprises and individual users worldwide.
Monsta FTP allows users to upload, download and manage website files directly from a browser. That convenience has made it a popular choice among users as an alternative to installing separate software. Researchers have now identified a critical vulnerability in Monsta FTP, tracked as CVE-2025-34299, that enables attackers to execute arbitrary code on vulnerable servers without authentication.
This RCE lets a hacker trick the system into downloading a file they control and saving it anywhere on the server. That level of access can lead to full server compromise, data theft or ransomware deployment.
SourceHow it could affect your business
Remote code execution on public-facing tools is one of the most dangerous risks an organization can face. Ensure that exposed web applications are patched immediately, restrict web administrator access and monitor servers for unusual file downloads or new services. Regular vulnerability scans and strict deployment controls will cut the window of opportunity for attackers.
United States
Nevada state agencies
A forensic report published by the State of Nevada on November 5 confirmed that the August ransomware attack originated when a state employee mistakenly downloaded a malware-laced tool from a spoofed website.
The August attack was a large-scale incident that affected more than 60 Nevada state agencies, including the Department of Health and Human Services, the Department of Motor Vehicles and the Department of Public Safety. Investigators discovered that the ransomware had infiltrated the network on May 14 and remained undetected for several weeks. The malware installed a backdoor, enabling hackers to utilize the Remote Desktop Protocol to access critical systems and sensitive files.
Nevada officials refused to pay the ransom and were able to recover approximately 90% of the impacted data. However, the recovery process cost the state roughly $1.3 million.
SourceHow it could affect your business
This incident is a clear example of how a single employee mistake can cause massive damage to an organization. Businesses should prioritize regular user awareness training to help employees identify spoofed websites, suspicious downloads and phishing attempts.
