Executive Summary A critical vulnerability has been identified in the n8n open-source workflow automation platform, tracked as CVE-2025-68613 and assigned a CVSS score of 9.9. This flaw allows authenticated users with workflow creation or editing permissions to execute arbitrary system commands on the underlying server. The impact of this vulnerability is severe, as it can lead to full system compromise, data exfiltration, workflow sabotage, and lateral movement within affec

Executive Summary A Russia-aligned threat actor, tracked as UAC-0184 (also known as Hive0156 ), has been observed orchestrating a sophisticated cyber-espionage campaign targeting Ukrainian military and government entities. This operation leverages the Viber messaging platform as a delivery channel for malicious payloads, marking a significant evolution in adversarial tactics away from traditional email-based phishing. The attackers distribute weaponized ZIP archives contain

Executive Summary On January 5, 2026, Ledger disclosed that a subset of its customers’ personal data was exposed due to a breach at its third-party payment processor, Global-e . The incident was caused by unauthorized access to a Global-e cloud-based information system, facilitated by a misconfigured API key on the Ledger website. The exposed data includes customer names, email addresses, postal addresses, and phone numbers for those who made purchases on Ledger.com using

Executive Summary As of January 5, 2026, a coordinated cybercrime campaign attributed to the Zestix (also known as Sentap ) group has resulted in significant data breaches across multiple sectors by targeting cloud file-sharing platforms. Attackers leveraged credentials stolen via info-stealer malware, such as RedLine , Lumma , and Vidar , to access corporate accounts on platforms including ShareFile , Nextcloud , and OwnCloud . The breaches were not the result of software v

Executive Summary The Kimwolf Android botnet represents a significant escalation in the threat landscape for Android-based devices, having infected over 2 million endpoints globally by exploiting exposed Android Debug Bridge (ADB) interfaces and leveraging residential proxy networks. This campaign, first identified by QiAnXin XLab and corroborated by multiple security research teams, demonstrates a sophisticated blend of large-scale automated exploitation, advanced evasion

Executive Summary The MongoBleed vulnerability, officially tracked as CVE-2025-14847 , represents a critical, actively exploited memory disclosure flaw in the MongoDB Server ’s implementation of zlib-compressed network protocol headers. This vulnerability enables unauthenticated, remote attackers to extract arbitrary fragments of server memory, including highly sensitive data such as database credentials, API keys, cloud provider secrets, and potentially personally identifia

Executive Summary The ClickFix attack represents a significant escalation in social engineering and malware delivery tactics, leveraging highly convincing fake Windows Blue Screen of Death (BSOD) and Windows Update screens to coerce users into executing malicious commands. This campaign, also known as JackFix , is distributed primarily through fake adult websites and malvertising, and is characterized by advanced obfuscation, multi-stage payload delivery, and the simultane

Executive Summary On December 29, 2025, Korean Air disclosed a significant data breach affecting approximately 30,000 employee records, including names and bank account numbers. The breach originated from a cyberattack on KC&D Service , a former in-flight catering subsidiary of Korean Air that was sold to private equity firm Hahn & Company in 2020. According to official statements, no customer data was compromised, and the incident was limited to employee information. Kore

Executive Summary A threat actor using the alias Lovely has publicly leaked a database containing over 2.3 million subscriber records from WIRED , a publication owned by Condé Nast . The leak, first posted on December 20, 2025, includes sensitive personal information such as email addresses, names, physical addresses, phone numbers, and account activity data. The threat actor claims this is only the initial release, with up to 40 million additional records from other Condé N

Executive Summary A newly disclosed critical vulnerability, CVE-2025-14847 (commonly referred to as "MongoBleed"), has been identified in MongoDB . This flaw enables unauthenticated, remote attackers to read uninitialized heap memory from affected MongoDB servers when zlib compression is enabled. The vulnerability is present across a broad spectrum of MongoDB versions and is exploitable over the network, potentially exposing sensitive in-memory data such as credentials, se

Executive Summary On December 27, 2025, a major security breach impacted Ubisoft's flagship title, Rainbow Six Siege , resulting in the unauthorized distribution of billions of in-game credits and exclusive items to player accounts, as well as the manipulation of moderation systems, including random bans and unban actions. The incident affected both regular and high-profile accounts across PC and console platforms. Ubisoft responded by acknowledging the breach, intentionall

Executive Summary A critical vulnerability, tracked as CVE-2025-68664 and colloquially named LangGrinch , has been identified in the langchain-core Python package, a foundational library for constructing Large Language Model (LLM)-powered applications. This flaw enables attackers to exploit unsafe serialization and deserialization logic, resulting in the exfiltration of sensitive secrets, prompt injection, and, in certain configurations, arbitrary code execution. The vulner

Executive Summary The 2022 breach of LastPass resulted in the theft of encrypted user vault backups, which contained sensitive credentials including cryptocurrency private keys and seed phrases. Over the subsequent years, attackers exploited weak or unchanged master passwords to decrypt these vaults offline, enabling the theft and laundering of more than $35 million in digital assets as recently as late 2025. Evidence from blockchain intelligence firm TRM Labs indicates tha

Executive Summary On December 24, 2025, a critical security incident affected the Trust Wallet Chrome browser extension, resulting in the theft of approximately $7 million in cryptocurrency assets. The breach was traced to version 2.68 of the extension, which was compromised through the use of a leaked Chrome Web Store API key. This allowed an attacker to bypass Trust Wallet ’s internal release process and distribute a malicious update directly to users via the Chrome Web St

Executive Summary Publication Date: December 22, 2025 On December 22, 2025, a significant cyberattack disrupted the operations of La Poste , France’s national postal service, and its banking subsidiary, La Banque Postale , during the critical Christmas rush. The incident, identified as a distributed denial of service (DDoS) attack, rendered online services inaccessible for more than eight hours, blocking and delaying package deliveries and online payments. While no customer d

Executive Summary The University of Phoenix experienced a significant data breach affecting approximately 3.5 million individuals, including current and former students, staff, faculty, and suppliers. The breach was executed by the Clop ransomware group, which exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application. The initial compromise occurred on August 13, 2025, but was not detected until November 21, 2025, when the attackers publi

Executive Summary Nissan Motor Co., Ltd. has confirmed that approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. were affected by a data breach resulting from a security incident at its third-party vendor, Red Hat . The breach, first detected by Red Hat on September 26, 2025, involved unauthorized access to a self-managed GitLab instance used by Red Hat Consulting . The threat actor, known as the Crimson Collective , exfiltrated sensitive customer data, including

Executive Summary Romanian Waters ( Administrația Națională Apele Române ), the national water management authority of Romania, experienced a ransomware attack over the weekend of December 20, 2025. The incident affected approximately 1,000 computer systems across the central authority and 10 of its 11 regional offices, disrupting IT assets such as geographic information systems (GIS), databases, email, web services, Windows workstations, and domain name servers. The attacker

Executive Summary Coupang, South Korea’s leading e-commerce platform, has disclosed a data breach affecting 33.7 million customer accounts, representing nearly two-thirds of the country’s population. This incident, the largest e-commerce security breach in South Korean history, exposed customer names, phone numbers, email addresses, delivery addresses, and order histories. Payment card information, banking data, and login credentials were not compromised. The breach was enabl

Executive Summary In December 2025, the United States Department of Justice announced the indictment of 54 individuals linked to a sophisticated ATM jackpotting campaign leveraging the Ploutus malware. This operation, orchestrated by the Venezuelan transnational criminal organization Tren de Aragua (TdA) , resulted in over $40 million in losses and more than 1,500 confirmed ATM attacks across the United States since 2021. The campaign demonstrates the evolving threat landsca