Executive Summary Recent threat intelligence has identified a surge in cyberattacks targeting misconfigured proxy servers to illicitly access paid Large Language Model (LLM) services. Threat actors are leveraging advanced enumeration techniques, server-side request forgery (SSRF), and proxy misconfigurations to hijack access to commercial AI endpoints, including those from OpenAI , Anthropic , Meta , Google , Mistral , Alibaba , and xAI . This campaign, active since late 2025

Executive Summary The Illinois Department of Human Services ( IDHS ) experienced a significant data breach affecting approximately 700,000 individuals, including recipients of Medicaid, the Medicare Savings Program, and customers of the Division of Rehabilitation Services. The breach resulted from incorrect privacy settings on a mapping website used internally for resource allocation, which left sensitive data publicly accessible for extended periods—over three years in some

Executive Summary The Federal Bureau of Investigation (FBI) , in collaboration with CISA and the NSA , has issued a critical advisory regarding a new wave of spear-phishing campaigns orchestrated by the North Korean advanced persistent threat group Kimsuky (also known as APT43 , Velvet Chollima , and TA406 ). These campaigns leverage malicious QR codes—commonly referred to as "quishing"—to bypass traditional email security controls and target high-value individuals in gover

Executive Summary A critical vulnerability has been identified in the n8n open-source workflow automation platform, tracked as CVE-2025-68613 and assigned a CVSS score of 9.9. This flaw allows authenticated users with workflow creation or editing permissions to execute arbitrary system commands on the underlying server. The impact of this vulnerability is severe, as it can lead to full system compromise, data exfiltration, workflow sabotage, and lateral movement within affec

Executive Summary A Russia-aligned threat actor, tracked as UAC-0184 (also known as Hive0156 ), has been observed orchestrating a sophisticated cyber-espionage campaign targeting Ukrainian military and government entities. This operation leverages the Viber messaging platform as a delivery channel for malicious payloads, marking a significant evolution in adversarial tactics away from traditional email-based phishing. The attackers distribute weaponized ZIP archives contain

Executive Summary On January 5, 2026, Ledger disclosed that a subset of its customers’ personal data was exposed due to a breach at its third-party payment processor, Global-e . The incident was caused by unauthorized access to a Global-e cloud-based information system, facilitated by a misconfigured API key on the Ledger website. The exposed data includes customer names, email addresses, postal addresses, and phone numbers for those who made purchases on Ledger.com using

Executive Summary As of January 5, 2026, a coordinated cybercrime campaign attributed to the Zestix (also known as Sentap ) group has resulted in significant data breaches across multiple sectors by targeting cloud file-sharing platforms. Attackers leveraged credentials stolen via info-stealer malware, such as RedLine , Lumma , and Vidar , to access corporate accounts on platforms including ShareFile , Nextcloud , and OwnCloud . The breaches were not the result of software v

Executive Summary The Kimwolf Android botnet represents a significant escalation in the threat landscape for Android-based devices, having infected over 2 million endpoints globally by exploiting exposed Android Debug Bridge (ADB) interfaces and leveraging residential proxy networks. This campaign, first identified by QiAnXin XLab and corroborated by multiple security research teams, demonstrates a sophisticated blend of large-scale automated exploitation, advanced evasion

Executive Summary The MongoBleed vulnerability, officially tracked as CVE-2025-14847 , represents a critical, actively exploited memory disclosure flaw in the MongoDB Server ’s implementation of zlib-compressed network protocol headers. This vulnerability enables unauthenticated, remote attackers to extract arbitrary fragments of server memory, including highly sensitive data such as database credentials, API keys, cloud provider secrets, and potentially personally identifia

Executive Summary The ClickFix attack represents a significant escalation in social engineering and malware delivery tactics, leveraging highly convincing fake Windows Blue Screen of Death (BSOD) and Windows Update screens to coerce users into executing malicious commands. This campaign, also known as JackFix , is distributed primarily through fake adult websites and malvertising, and is characterized by advanced obfuscation, multi-stage payload delivery, and the simultane

Executive Summary On December 29, 2025, Korean Air disclosed a significant data breach affecting approximately 30,000 employee records, including names and bank account numbers. The breach originated from a cyberattack on KC&D Service , a former in-flight catering subsidiary of Korean Air that was sold to private equity firm Hahn & Company in 2020. According to official statements, no customer data was compromised, and the incident was limited to employee information. Kore

Executive Summary A threat actor using the alias Lovely has publicly leaked a database containing over 2.3 million subscriber records from WIRED , a publication owned by Condé Nast . The leak, first posted on December 20, 2025, includes sensitive personal information such as email addresses, names, physical addresses, phone numbers, and account activity data. The threat actor claims this is only the initial release, with up to 40 million additional records from other Condé N

Executive Summary A newly disclosed critical vulnerability, CVE-2025-14847 (commonly referred to as "MongoBleed"), has been identified in MongoDB . This flaw enables unauthenticated, remote attackers to read uninitialized heap memory from affected MongoDB servers when zlib compression is enabled. The vulnerability is present across a broad spectrum of MongoDB versions and is exploitable over the network, potentially exposing sensitive in-memory data such as credentials, se

Executive Summary On December 27, 2025, a major security breach impacted Ubisoft's flagship title, Rainbow Six Siege , resulting in the unauthorized distribution of billions of in-game credits and exclusive items to player accounts, as well as the manipulation of moderation systems, including random bans and unban actions. The incident affected both regular and high-profile accounts across PC and console platforms. Ubisoft responded by acknowledging the breach, intentionall

Executive Summary A critical vulnerability, tracked as CVE-2025-68664 and colloquially named LangGrinch , has been identified in the langchain-core Python package, a foundational library for constructing Large Language Model (LLM)-powered applications. This flaw enables attackers to exploit unsafe serialization and deserialization logic, resulting in the exfiltration of sensitive secrets, prompt injection, and, in certain configurations, arbitrary code execution. The vulner

Executive Summary The 2022 breach of LastPass resulted in the theft of encrypted user vault backups, which contained sensitive credentials including cryptocurrency private keys and seed phrases. Over the subsequent years, attackers exploited weak or unchanged master passwords to decrypt these vaults offline, enabling the theft and laundering of more than $35 million in digital assets as recently as late 2025. Evidence from blockchain intelligence firm TRM Labs indicates tha

Executive Summary On December 24, 2025, a critical security incident affected the Trust Wallet Chrome browser extension, resulting in the theft of approximately $7 million in cryptocurrency assets. The breach was traced to version 2.68 of the extension, which was compromised through the use of a leaked Chrome Web Store API key. This allowed an attacker to bypass Trust Wallet ’s internal release process and distribute a malicious update directly to users via the Chrome Web St

Executive Summary Publication Date: December 22, 2025 On December 22, 2025, a significant cyberattack disrupted the operations of La Poste , France’s national postal service, and its banking subsidiary, La Banque Postale , during the critical Christmas rush. The incident, identified as a distributed denial of service (DDoS) attack, rendered online services inaccessible for more than eight hours, blocking and delaying package deliveries and online payments. While no customer d

Executive Summary The University of Phoenix experienced a significant data breach affecting approximately 3.5 million individuals, including current and former students, staff, faculty, and suppliers. The breach was executed by the Clop ransomware group, which exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application. The initial compromise occurred on August 13, 2025, but was not detected until November 21, 2025, when the attackers publi

Executive Summary Nissan Motor Co., Ltd. has confirmed that approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. were affected by a data breach resulting from a security incident at its third-party vendor, Red Hat . The breach, first detected by Red Hat on September 26, 2025, involved unauthorized access to a self-managed GitLab instance used by Red Hat Consulting . The threat actor, known as the Crimson Collective , exfiltrated sensitive customer data, including