October 2025 Cybersecurity Round-Up
October 2025 was cybersecurity month in both the EU and the US. As a result of this, a lot of media attention focused on the defensive side of things, including tips and practices aimed at both companies and people to improve cybersecurity knowledge. However, October also saw a slew of cyber attacks, data breaches, and new vulnerabilities. Here’s a round-up of the main news and takeaways.
Notable Cyber Attacks and Incidents October 2025
Volkswagen
Last month, it was Jaguar Land Rover that had to deal with the fallout from a cyber attack. In October, Volkswagen became the latest automotive victim. While Jaguar Land Rover suffered production stoppages, October’s attack on Volkswagen impacted more on the IT side of things.
The company’s French subsidiary, Volkswagen Group France, suffered a data exfiltration ransomware attack at the hands of cybercriminal group Qilin. Apparently, up to 150 gigabytes of data files were stolen. The data included names, addresses, and email addresses of vehicle owners.
Qilin has become quite a prolific ransomware actor this year. Key to its success is using a complex network of “bulletproof” hosting providers that keep it beyond the reach of law enforcement. As a ransomware-as-a-service group, Qilin offers other hackers an 80 percent commission rate of the profit when using its ransomware infrastructure.
F5
F5, one of the backbone providers of internet traffic management and security appliances, confirmed in October that it had suffered a year-long breach attributed to Chinese state-linked actors. Attackers reportedly exfiltrated source code and details of undisclosed vulnerabilities, raising fears that new exploit tools could emerge quickly. The company’s customer base includes over 80% of Fortune 500 firms, making this an event of SolarWinds-level concern.
The risk isn’t just to F5’s own systems but to every business and organisation that integrates its load balancers and traffic-management products. It also underscores how deeply the security industry itself depends on a handful of infrastructure giants whose products quietly underpin global connectivity (similar fears were raised about the Internet when AWS went down earlier in October).
Qantas
The Qantas data breach resurfaced in October, not as a new intrusion, but as a dark-web leak of customer data stolen back in July. After Qantas refused to meet ransom demands, the attackers released troves of personal and travel information, including passport details, frequent flyer numbers, and payment data. Reports suggest the dump spans tens of thousands of records, with much of it now circulating on underground forums.
The delayed leak illustrates the long tail of cyber extortion. Refusing to pay a ransom might be the right moral and strategic choice, but it doesn’t erase the risk. Customers whose data is now permanently in criminal ecosystems may face phishing, account takeovers, and even travel-related scams for years.
This case highlights a rarely discussed dimension of ransomware: even “resolved” incidents can have a second life. Security teams often treat containment as the end of the story, but post-breach exposure monitoring is also a vital capability.
Mango
Spanish fashion giant Mango revealed in mid-October that one of its external marketing-service providers had been compromised, exposing customer contact data including first names, countries, postal codes, email addresses, and phone numbers.
Mango emphasised that its own infrastructure and systems were not breached, and sensitive credentials, financial details, and ID data were reportedly untouched. But the incident still raised uncomfortable questions about how far even well-protected (and highly profitable) brands can extend trust beyond their own perimeter.
For a company generating over €3 billion in revenue, relying on external marketing platforms carries a real trade-off between agility versus sovereignty. The upside here is that Mango’s segmentation worked, and its customer-facing data was siloed from its financial systems.
Gmail
Late in October, reports emerged that 183 million Gmail account credentials were circulating on hacker forums, marking one of the largest email-related data exposures on record. While Google stated that its core systems weren’t breached, investigators linked the data to aggregated credential dumps sourced from multiple breaches and third-party apps connected to Gmail accounts.
In effect, this wasn’t a single attack but the visible outcome of years of credential reuse. Once passwords are leaked elsewhere, automated credential-stuffing tools can unlock enormous secondary access opportunities for hackers.
High-Profile CVEs October 2025
Aside from high-profile cyber attacks, October was also a busy and interesting month in terms of newly disclosed vulnerabilities. In fact, one of the vulnerabilities disclosed received a score of 9.9 for severity, which was apparently the highest ever score.
Wrap-Up
From Volkswagen and F5 to Mango and Qantas, attackers continued to find leverage points in third parties, legacy systems, and the trust companies place in everyday tools. Meanwhile, a new wave of vulnerabilities served as a reminder that even the infrastructure built to secure businesses can be turned against them.
Keeping informed on breaches and CVEs is always useful, but it’s not enough. The only real test of security is how your own environment holds up under pressure. That’s where DieSec’s penetration testing goes deep by simulating real-world attack paths to expose weaknesses before adversaries do, and turning awareness into actionable defense.
