Major Incidents or Breaches

  • Coupang, a major South Korean e-commerce platform, suffered a data breach compromising the personal information (names, addresses, email addresses, and phone numbers) of 33.7 million users over a five-month period.
  • The University of Pennsylvania confirmed a data breach after attackers stole documents containing personal information from Oracle E-Business Suite servers in August.
  • Korean authorities arrested four individuals for hacking over 120,000 IP cameras and selling intimate footage to a foreign adult site.
  • The Shai-Hulud 2.0 npm malware attack exposed up to 400,000 developer secrets after infecting hundreds of npm packages and publishing stolen data in 30,000 GitHub repositories.
  • Five Chrome and Edge browser extensions, with over 4 million installs, turned malicious after years of benign operation, acting as spyware and tracking users.
  • Microsoft Defender XDR portal experienced a prolonged outage, disrupting access to security alerts and threat hunting capabilities for over 10 hours.
  • OpenAI’s ChatGPT service suffered a global outage, with users unable to access conversations.
  • Yearn Finance’s yETH pool on Ethereum was exploited for approximately $9 million via a critical vulnerability.

Newly Discovered Vulnerabilities

  • Google’s December 2025 Android security update patched 107 vulnerabilities, including two zero-days (CVE-2023-40088 and CVE-2023-40089) actively exploited in targeted attacks.
  • A vulnerability in OpenAI’s Codex CLI (CVE-2025-61260) could allow command execution, potentially facilitating attacks on developers using the coding agent.
  • Microsoft released KB5070311 for Windows 11, addressing File Explorer freezes and search issues, but also introduced a bug causing bright white flashes in dark mode.
  • Malicious npm package eslint-plugin-unicorn-ts was discovered using hidden prompts and scripts to evade AI-driven security scanners.
  • Chrome and Edge extensions were caught creating backdoors, profiling users, and reading cookie data to generate unique identifiers.
  • The Raptor framework, an open-source AI tool, was demonstrated to generate both vulnerability exploits and patches using agentic workflows.

Notable Threat Actor Activity

  • North Korean threat actors (DPRK/Lazarus) were observed luring engineers to rent their identities for fraudulent IT work and distributing over 197 malicious npm packages since October 10, targeting software developers.
  • The GlassWorm supply chain campaign resurfaced, infiltrating Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions impersonating popular developer tools.
  • Iran-linked MuddyWater group deployed a new backdoor, MuddyViper, in targeted attacks against Israeli sectors, including academia, engineering, government, manufacturing, technology, transportation, and utilities. The new Fooder loader and memory-only tactics indicate a shift to more stealthy espionage operations.
  • An ongoing phishing campaign is spoofing top brands via fake Calendly invites to hijack Google Workspace and Facebook business accounts.
  • Researchers reported that cybercrime has shifted to a full subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and RATs now offered as “crime-as-a-service”.

Trends, Tools, or Tactics of Interest

  • Kaspersky Security Bulletin 2025 highlighted a significant increase in AI-driven biometric attacks, with 1 in 5 biometric attacks now leveraging AI-generated deepfakes.
  • Researchers demonstrated that presenting prompts to AI models in poetic form increased jailbreak success rates from 8% to 43%.
  • Attackers are leveraging supply chain attacks via malicious npm and Visual Studio extensions targeting developers.
  • Crime-as-a-service offerings continue to proliferate, making advanced cybercrime tools and infrastructure more accessible.
  • Tools like SecAlerts are emerging to streamline vulnerability management amid increasing software sprawl.
  • The Raptor AI framework exemplifies the dual-use nature of generative AI in both offensive and defensive security contexts.

Regulatory or Policy Developments

  • India’s Department of Telecommunications mandated that messaging apps may only be used with active SIM cards linked to user identities, aiming to reduce fraud and misuse.
  • The US FTC reached a settlement with Illuminate Education, requiring deletion of unnecessary student data and improved security practices following allegations of inadequate data protection.
  • New York enacted a law requiring retailers to disclose if consumer data influences the pricing of basic goods.