Cybersecurity Threats Mount as Data Breaches, Ransomware, and Vulnerabilities Target Users and Institutions Worldwide

The past week has seen a surge in cybersecurity threats, with a range of incidents affecting users and institutions worldwide. From a data breach at publishing platform Substack to a ransomware attack on an Italian university, the increasing frequency and sophistication of cyberattacks have raised concerns about the security of sensitive information and the resilience of critical infrastructure. One of the most significant incidents was the data breach at Substack, a popular platform used by academics, journalists, and subject matter experts. According to an email sent to affected users, the breach occurred in October 2025 and resulted in the exposure of user email addresses, phone numbers, and other internal metadata. The company has since fixed the vulnerability and is conducting a full investigation into the incident. Meanwhile, a ransomware gang has been using virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider, to deliver malicious payloads. Researchers at cybersecurity company Sophos observed the tactic while investigating recent 'WantToCry' ransomware incidents and found that the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem's VMmanager. In another incident, Italian university La Sapienza was targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions. The university first disclosed the incident in a social media post, stating that its IT infrastructure "has been the target of a cyberattack." As a precautionary measure, the university shut down its network systems and formed a technical task force to initiate remediation and restoration procedures. The incidents highlight the growing threat of cyberattacks on institutions and individuals, particularly in the education sector. According to a report by cybersecurity company Huntress, attackers are increasingly exploiting legitimate but vulnerable Windows kernel drivers to shut down endpoint security tools. In one recent incident, attackers used an old EnCase forensic driver to terminate Endpoint Detection and Response (EDR) processes from kernel mode. The exploitation of vulnerabilities in legitimate software and infrastructure is a growing concern, as seen in the case of ISPsystem's VMmanager. The company's software is used by hosting providers to manage virtual servers, and the abuse of its VMs by ransomware operators highlights the need for greater vigilance in securing critical infrastructure. In related news, Microsoft has announced plans to shut down Exchange Online EWS in April 2027, after nearly 20 years. The Exchange Web Services (EWS) API has been used by developers to access Exchange mailbox items, and its shutdown is likely to impact organizations that rely on the service. Administrators will need to prepare for the transition by configuring alternative solutions and updating their systems to ensure continued access to critical functionality. As the frequency and sophistication of cyberattacks continue to grow, individuals and institutions must remain vigilant in protecting their sensitive information and critical infrastructure. By staying informed about the latest threats and vulnerabilities, and by taking proactive steps to secure their systems, users can reduce the risk of falling victim to cyberattacks. Sources: * Substack data breach leaks users’ email addresses and phone numbers * Ransomware gang uses ISPsystem VMs for stealthy payload delivery * Microsoft to shut down Exchange Online EWS in April 2027 * Italian university La Sapienza goes offline after cyberattack * Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses