Recently, Volvo Group and a major luxury brand had their customer data exposed. 

A well-known venture capital firm fell victim to a ransomware attack. And payments from the long-running Facebook Cambridge Analytica settlement are finally reaching users.

Meanwhile, CISA issued a new warning about a known vulnerability that is now being exploited by new malware targeting businesses.

Here’s a closer look at these and more developments.

Volvo Group Discloses Data Breach After Ransomware Attack on HR Supplier

Volvo Group North America has confirmed a data breach following a ransomware attack on its third-party HR software supplier, Miljdata.

The incident began on August 20, 2025, when Miljdata was first attacked. The breach was discovered on August 23, and by September 2, the company determined that Volvo employee and associate data had been compromised. Volvo was informed the same day and publicly disclosed the breach on September 25, 2025.

Exposed details include names and Social Security numbers of personnel. Volvo has emphasized that its internal systems were not compromised.

To mitigate harm, affected individuals are being offered 18 months of complimentary Allstate Identity Protection Pro, covering credit monitoring, dark web scans, and identity restoration services.

What’s the Implication of this?

This incident highlights the supply chain risk companies face when third-party vendors are attacked. Criminals can misuse exposed Social Security numbers for identity theft or fraud, potentially affecting victims long after the breach.

What You Can Do

• Enroll in the free Allstate Identity Protection service offered by Volvo.
• Be vigilant for signs of identity theft, including suspicious financial activity.
• Review your credit reports regularly and place a fraud alert if needed.

Tiffany & Co. Warns Customers of Data Breach

Luxury jeweler Tiffany & Co. confirmed a cyberattack that exposed customer data. More than 2,500 people mainly in the U.S. and Canada were affected after attackers accessed the company's database in May 2025. 

Exposed details include names, addresses, phone numbers, emails, and gift card numbers with PINs. However, the company says it has seen no signs of misuse so far.

The Office of the Privacy Commissioner of Canada is looking into the incident to make sure Tiffany is taking measures to protect the personal information of Canadians.

What’s the Implication of this?

Criminals can use the exposed gift card numbers to drain balances or resell them. The other personal data could be used for phishing attempts or identity theft.

What You Can Do

• Check the balance on any Tiffany & Co. gift cards you have.
• Be cautious of unexpected emails or messages claiming to be from Tiffany.
• Monitor your accounts and credit reports for suspicious activity.

Insight Partners Confirms Ransomware Attack

Venture capital firm Insight Partners has disclosed a data breach following a ransomware attack that affected thousands of staff and limited partners. 

The breach, which was discovered in January 2025, resulted in the theft of sensitive data, including banking and tax information.

The attackers initially gained access to the firm's network in October 2024 through a "sophisticated social engineering attack."

What’s the Implication of this?

A breach at a financial institution can expose highly sensitive information that could lead to financial fraud or identity theft for both individuals and businesses.

What You Can Do

• If you are a current or former employee or limited partner of Insight Partners, look out for a notification letter from the company and follow their advice.
• Take advantage of any complimentary credit or identity monitoring services offered.

Facebook Cambridge Analytica Settlement Payments Are Rolling Out

After a long legal battle, payments from the $725 million Facebook settlement are beginning to be sent to eligible users. 

The settlement resolves a lawsuit over the Cambridge Analytica scandal, in which the personal data of millions of Facebook users was improperly shared with a political consulting firm.

The average payment is around $29 per person. According to the settlement site, payments are being distributed to those who reside in the U.S. that used Facebook between 2007 and 2022 and successfully filed a claim before the August 2023 deadline.

What’s the Implication of this?

While a settlement payment may offer some compensation, the event itself serves as a reminder of the importance of protecting your digital privacy and being aware of how your personal data is used by large companies.

What You Can Do

• Check for an email notification if you believe you are eligible to receive a payment.
• Review your privacy settings on social media platforms to limit how your data is shared with third parties.
• Be careful about which apps and services you link to your accounts.

CISA Warns of New Malware Strains Exploiting Ivanti Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about two new malware strains that are actively exploiting security flaws in Ivanti Endpoint Manager Mobile (EPMM).

The vulnerabilities allow attackers to run arbitrary code on a server without needing to authenticate, giving them full control over the compromised system.

What’s the Implication of this?

Organizations that use Ivanti EPMM and have not yet patched the vulnerabilities are at risk of being exploited by these new malware strains, which could lead to data loss or system compromise.

What You Can Do

• If your organization uses Ivanti EPMM, ensure that your systems are patched and up-to-date.
• Review CISA's official guidance on these vulnerabilities for specific indicators of compromise (IOCs) to check for any signs of an intrusion.
• Always check for security updates for all important software you use for your business and apply them.

BadIIS Malware Campaign Spreads via SEO Poisoning

Cybersecurity researchers from Palo Alto Networks Unit 42 have discovered an ongoing campaign dubbed Operation Rewrite, where attackers are using a malicious IIS module called BadIIS to manipulate search engine results and redirect users to scam websites.

The activity, believed to be carried out by a Chinese-speaking threat actor, primarily targets East and Southeast Asia, with a strong focus on Vietnam. Attackers inject keywords into legitimate websites with good domain reputations, causing them to rank higher on search results. Unsuspecting users who click these poisoned results are then redirected to gambling, porn, or scam sites.

Beyond redirection, BadIIS implants were also found planting web shells on compromised servers, enabling persistent access, exfiltration of source code, and further malware deployment.

What’s the Implication of this?

BadIIS demonstrates how attackers abuse SEO to funnel victims toward malicious destinations. More concerning, the malware can establish long-term control over compromised servers, opening doors to data theft, persistent backdoors, and large-scale supply chain risks.

What You Can Do

• Website administrators should audit IIS servers for suspicious modules or scripts.
• Use threat detection and monitoring tools to spot unauthorized modifications to web traffic.
• Regularly patch and update servers to close off known vulnerabilities.

Critical Flaws in Wondershare RepairIt Expose User Data

Cybersecurity researchers at Trend Micro have disclosed two major security flaws in Wondershare RepairIt, an AI-powered data repair and photo editing tool. The vulnerabilities could expose private user data and even allow attackers to tamper with AI models, creating serious supply chain risks.

The flaws, tracked as CVE-2025-10643 (CVSS 9.1) and CVE-2025-10644 (CVSS 9.4), stem from authentication bypass issues linked to overly permissive storage tokens embedded directly in the app’s code. This weakness gave attackers potential read/write access to sensitive cloud storage.

Exposed data included unencrypted user images, videos, software binaries, container images, AI models, and even company source code—making it possible for attackers to manipulate AI models or inject malicious code into software updates.

Trend Micro says it responsibly disclosed the flaws in April 2025 but has yet to receive a response from Wondershare.

What’s the Implication of this?

Attackers could modify RepairIt’s AI models or executables, enabling malicious payloads to spread through legitimate updates. Beyond exposing private user data, this creates supply chain attack risks that could affect downstream customers, cause intellectual property theft, regulatory penalties, and erode user trust.

What You Can Do

If you use Wondershare RepairIt, 

• Restrict interaction with the product until official patches are released.
• Be cautious of any unusual updates or behavior from the software.
• Monitor your accounts and devices for signs of unauthorized access.

Ready to protect your business from the next cyber threat? 

Join our newsletter for timely tips and expert insights delivered straight to your inbox. 

You can also have access to easy-to-use resources like our podcasts, webinars, and cyber awareness training to help you stay ahead of attackers.