Ransomware Attack Exposes 1.2 Million at University of Pennsylvania

On November 29, 2025, a ransomware attack against the University of Pennsylvania compromised the personal data of approximately 1.2 million individuals. The attackers have threatened to leak sensitive information, including names and birth dates, if their demands are not met. This incident is a stark reminder of the ongoing vulnerabilities in educational institutions, which are increasingly targeted due to their often inadequate cybersecurity measures.

In addition to this breach, cybersecurity experts are warning about the active exploitation of critical vulnerabilities, including a remote code execution (RCE) flaw in 7-Zip software (CVE-2025-11001). This vulnerability, which allows attackers to execute arbitrary code through manipulated ZIP archives, poses severe risks, particularly for sectors like healthcare and finance. Organizations are urged to prioritize patching this flaw to mitigate potential threats.

Also In Security Today

London Councils Cyber Incident: A cyber attack on London Councils affected the operational systems of local governments, compromising data integrity for over half a million residents. This incident highlights the vulnerabilities in public sector IT systems. Read more.

Exploitation of 7-Zip Vulnerability: Hackers are actively exploiting CVE-2025-11001, a RCE flaw in 7-Zip that could allow for arbitrary code execution. Organizations are strongly advised to apply patches immediately. Read more.

Emerging Social Engineering Tactics: Reports indicate that attackers are increasingly using social engineering techniques to exploit employees at major companies, underscoring the need for enhanced security training and awareness. Read more.

Supply Chain Vulnerabilities on the Rise: The ongoing threat posed by compromised supply chains and third-party services has become a critical concern for organizations, emphasizing the necessity for improved vigilance in cybersecurity practices. Read more.

Analyst's Take

Today’s news underscores a troubling trend in cybersecurity, with increasing attacks targeting educational institutions and critical infrastructure. The University of Pennsylvania breach exemplifies the risks that come with inadequate defenses in higher education. Additionally, the exploitation of the 7-Zip vulnerability serves as a reminder that organizations must remain proactive in their patch management and vulnerability assessments. Security teams should enhance training around social engineering tactics and reinforce supply chain security to mitigate these evolving threats. The landscape indicates that without robust defensive measures, organizations risk significant reputational and operational damage.