SecureFact – Cyber Security News – Week of November 03, 2025

A hacker claimed responsibility for the University of Pennsylvania breach, stating it was far more extensive than initially reported.
The threat actor gained full access to an employee’s PennKey SSO account, allowing access to Penn’s VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system, and SharePoint files.
They exfiltrated data for approximately 1.2 million students, alumni, and donors, including names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details.
The attackers breached Penn’s systems on October 30th and completed data downloads by October 31st, when the compromised employee account was locked.
After losing access, the hacker used Salesforce Marketing Cloud to send offensive mass emails to roughly 700,000 recipients.
The attacker published a 1.7-GB archive containing spreadsheets, donation materials, and other files allegedly taken from Penn’s SharePoint and Box systems.
The hackers stated they were not extorting the university and aimed primarily at obtaining Penn’s donor database.
Penn donors should stay vigilant against targeted phishing or social engineering attempts using the stolen information

American business services giant Conduent confirmed a 2024 data breach impacted over 10.5 million people according to notifications filed with US Attorney General offices.
The company provides digital platforms and services for governments and enterprises, employing 56,000 people across 22 countries with $3.4 billion annual revenue.
Data breach notifications report varying numbers: 10.5 million in Oregon, 4 million in Texas, 76,000 in Washington, with the actual nationwide impact potentially much larger.
Exposed data included names, Social Security Numbers, full dates of birth, health insurance policy or ID numbers, and medical information.

Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed nation-state hackers breached its IT network.
The company has over 3,100 employees in 68 global offices and serves customers including the City of Los Angeles, University of Texas at Austin, U.S. Department of Defense, and major telecom providers.
The breach was detected in September 2025, but evidence indicates attackers first gained access in December 2024.
Ribbon believes it has successfully terminated the unauthorized access by the threat actor.
The company found that attackers had gained access to files belonging to several customers, stored on two laptops outside of Ribbon’s main network.
Three smaller customers were also impacted in this incident according to Reuters reporting.
The breach bears resemblance to widespread telecom breaches linked to China’s Salt Typhoon cyber-espionage group.
Ribbon is working with third-party cybersecurity experts and federal law enforcement to investigate the breach.

A huge leak exposed over 183 million stolen email passwords collected from malware infections, phishing, and old breaches.
About 16.4 million email addresses are newly found in this dataset.
The leak is from infostealer malware that steals credentials from infected devices, not from a direct Gmail breach.
Users should check their accounts on Have I Been Pwned, change any compromised passwords, and enable two-factor authentication (2FA) for better protection.
Strong, unique passwords and updated security software are key to preventing account takeovers from these reused stolen credentials.