Welcome to DBD. Cybercrime is making headlines globally. Attacks on well-known brands and organizations are raising public awareness of the severity, frequency and impact of cyber attacks. Proving cybercrime is growing at an alarming rate, DBD has recorded more ransomware attacks this year than any other, and we continue to provide visibility of these in our 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 24th November and 30th November 2025.26th November
Account Takeover Scams Surge as FBI Reports Over $262 Million in Losses
AI Cybercriminals Target Black Friday and Cyber Monday
Alliances between ransomware groups tied to recent surge in cybercrime
Amazon Black Friday warning as 300 million shoppers at risk of cyber attack
Android fiction apps expose millions of readers and writers
ASUS Fixes High-Severity MyASUS Vulnerability that Allows Privilege Escalation to SYSTEM-Level Access
ASUS High-Severity Vulnerability Allows Attackers to Gain SYSTEM Privileges via MyASUS Component
Australian-founded company Amcor ‘aware’ of ransomware claims
Black Friday 2025: Why retailers face peak ransomware risk
Civil rights coalition raises concerns over “collapse in enforcement activity” by Information Commissioner’s Office (ICO)
Corporate predators get more than they bargain for when their prey runs SonicWall firewalls
Cyber attack hits London councils triggering ‘emergency’ response plans
Dartmouth College Confirms Data Theft in Oracle Hack
Everest Ransomware Attack Hits Iberia Airlines and National Money Mart
FBI Reports $262M in Account Takeover (ATO) Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
Gamayun APT Exploits MSC EvilTwin Flaw to Deploy Malicious Code
HashJack: A New Attack That Fools AI Browsers With a Simple ‘#’
Logitech Hit by Clop Ransomware Attack, Data Breach Exposed
London councils hit by 'cyber attack' with data potentially compromised
London Councils Hit By Serious Cyber “Incidents”
Manufacturing industry worldwide: Kaspersky reveals $18 billon losses from ransomware attacks
Money Mart breach: Everest ransomware claims 80K files customer, financial data
Navigating Cybersecurity’s Tightrope: Balancing Skills, AI, and Human Resilience
Netmarble reports data breach after hack on PC gaming site
New Malware-as-a-Service ‘Olymp Loader’ Emerges on Hacker Forums With Advanced Anti-Analysis Features
People who fall for this simple scam lose over $50K: beware of bank impersonators
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
SitusAMC Data Breach Under Investigation After Sensitive Information Compromised
Small language models step into the fight against phishing sites
South Africans Warned As Microsoft Phishing Scam Swaps ‘m’ For ‘rn’ In Convincing Attacks
The Rise of Malicious AIs: WormGPT 4 Emerges as a Powerful AI Tool for Cybercrime with Subscriptions Starting at $50
25th November
$6.5 Million settlement reached in Omni Health data breach suit
183 Million Credentials Misreported as a Gmail Breach
$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season
Adda Data Breach: Personal Data Of Over 18 Lakh Users Hacked And Posted Online
Advanced Security Isn't Stopping Ancient Phishing Tactics
AI and Deepfake-Powered Fraud Skyrockets Amid Identity Fraud Stagnation
Aircraft cabin IoT leaves vendor and passenger data exposed
An Integrated Approach To Cybersecurity Key To Reducing Critical Infrastructure Vulnerability
Apache Syncope Passwords at Risk from Newly Disclosed CVE-2025-65998
Apache Syncope Vulnerability Allows Attackers to Access Internal Database Content
Black Friday Frenzy Fuels Over 2 Million Cyberattacks by Threat Actors
Blender Foundation Files Abused by Threat Actors to Deploy StealC V2 Infostealer
Broadcom Targeted in Oracle E-Business Suite Breach, ‘Clop Ransomware’ Group Claims Responsibility
Buncombe County unable to send emergency alerts following cyber attack
Businesses warned of new ransomware cyberthreat
Can We Trust AI with Our Cybersecurity? The Growing Importance of AI Security
Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack
Canon Confirms Subsidiary Breach in the Cl0p Oracle EBS Hack Campaign
CISA Issues Warning on Commercial Spyware Targeting Signal and WhatsApp Users
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
Class action looms over Legal Aid Agency (LAA) cyber attack
ClickFix Attack Hides Malware in Fake Windows Security Update via Steganography
Code beautifiers expose credentials from banks, government, technology organizations
Code Formatting Tools Share Secrets by the Thousands
CodeRED, platform used by Craven County for alerts, hit by cyber-attack
Comcast Fined $1.5M by Federal Communications Commission (FCC) Following 2024 Data Breach at Debt Collector Financial Business and Consumer Solutions (FBCS) that Exposed Customer Information
Comcast to pay $1.5 million US fine after vendor data breach
Copper Steel Fabricators allegedly subjected to data breach
Could You Spot the Fake Microsoft URL? Most People Can’t
Critical Firefox Bug Leaves 180 Million Users Exposed
Critical FluentBit Flaws Enable Remote Compromise of Cloud Environments
Cyber Attack Causes Data Exposure, Loss of Emergency Warnings in Jackson County
Cyber Attack Cripples Three London Councils, Services Down for Days
Cyber attack on Buncombe County emergency alerts system; info leaked
Cyber Attack Targets Carlisle, Pennsylvania, Emergency Platform
Cyberattack on CodeRED System Leads to Potential Data Breach, Weston City Urges Password Changes
Cybercriminals stole $262M by impersonating bank support teams
Cybersecurity in Cryptocurrency Statistics 2025: Smart Data to Stay Protected
Dallas area mental health provider reports data breach impacting 8,600 clients
Dartmouth College confirms data breach after Clop extortion attack
Data Breach at Government Contractor Conduent Sparks Nearly a Dozen Class Action Lawsuits
Delta Dental of Virginia Data Breach Exposes 146,000+ Customers Personal Details
Delta Dental of Virginia Data Breach Exposes Personal Details of 146,000+ Customers
Everest claims Travel Club, Spain’s largest coalition loyalty program
Everest ransomware claims breach at Spain’s national airline Iberia with 596 GB data theft
Everest Ransomware Group Breaches Air Miles EspaƱa Data
Everyone using Amazon in the UK given urgent warning about phishing attacks
Everything You Need to Know About the Oracle Data Breach
Fake “Windows Update” screens fuels new wave of ClickFix attacks
Fianzas Avanza Data Breach Exposes 90,000 Financial Documents
Fine art printing users’ bank accounts exposed, attackers claim
Frisco City Alerts Public to Potential Data Breach of CodeRED Emergency Platform, Urges Password Updates
Georgia court filing organization warns of outages after ransomware allegations
Georgia Superior Court Clerks’ Authority experiencing cybersecurity threat
Germany encourages enabling of 2FA by default for webmail providers
Get ready for 2026, the year of AI-aided ransomware
Hacker Combines Porn and Fake Windows Update Screen for Malware Attack
Hackers target WhatsApp, Signal apps with spyware, compromising personal devices, CISA warns
How Clickfix Pop-ups Are Fuelling Ransomware Attacks
How Does Metadata Help in Digital Forensic Investigations?
How MSSPs are strengthening healthcare defences against cyber threats
INC Ransomware Group Breaches Omega Tool Corp and Southern Lion
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Hacker Combines Porn with Fake Windows Update Screen For Malware Attack
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Hackers pose as bank employees in new "account takeover" attack, FBI warns
Harvard University reveals data breach hitting alumni and donors
HashiCorp Vault Vulnerability Allows Attackers to Authenticate Without Valid Credentials
Iberia Shakes Up Digital Security After Data Breach Exposing Personal Information Of Customers Prompting Urgent Action And Heightened Monitoring Efforts
Is spyware hiding on your phone? The telltale signs to find out (and how to remove it fast)
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
KawaiiGPT - New Black-Hat AI Tool Used by Hackers to Launch Cyberattacks
Locking Your Social Security Number After a Data Breach Can Protect Your Identity. Here's How
London: Residents issued warning after councils suffer ‘cyber attack’
Major Data Breach at Delta Dental of Virginia Hits Over 146,000 Customers’ Info
Major London councils initiate ‘emergency’ plans after being hit by cyber attack
Major London councils launch ‘emergency’ plans after cyber attack hits services
Man Pleads Guilty in Phishing Scam in Santa Ana
Medusa Ransomware Attack Hits Brazilian University USCS and Staffing Firm WR Comercial
Microsoft cracks down on malicious meeting invites
Microsoft Reveals Security Vulnerabilities Linked to New Agentic AI Capability
Microsoft’s Update Health Tools Configuration Vulnerability Lets Attackers Execute Arbitrary Code Remotely
Mounting Cyber-Threats Prompt Calls For Economic Security Bill
Multiple London councils hit by ‘cyber attack’ and initiate ‘emergency plans’
Multiple London councils 'hit by cyber-attacks'
National Cyber Security Centre monitoring London attack as council says 'too early to say who did it'
New FlexibleFerret Malware Chain Targets macOS With Go Backdoor
New NFC Relay Attack Campaign Identified by Cyble Researchers
New Shai-Hulud Worm Spells Trouble For npm Users
Nita Transfert Data Breach Exposes 83k Records Containing PII
No data breach detected after cyberattack forced Jackson County schools to close Tuesday
OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide
Pakistan: Karachi Police Arrest Hacker Targeting Women via Malicious Links
Pakistan: Karachi Police Arrests Hacker for Hacking Over 100 Women’s Social Media Accounts
Patient data breach at Florida hospice. Are you at risk?
Popular code formatting sites are exposing credentials and other secrets
Qilin ransomware targets 25 Korean finance firms in cyber surge
RansomHouse Group Breaches Swedish Arts Council (KulturrƄdet)
Ransomware attack targets Korean financial sector
Ransomware Attacks Surge During Mergers, IPOs, and Holidays
Ransomware attacks surge in Australia & New Zealand on holidays
Ransomware could cost global manufacturers $18 billion in 2025
Ransomware hackers purchase a bank to forward crypto in Stablecoin to Russia
Retail Finance Giant SitusAMC Data Breach Exposes Accounting Records and Legal Agreements
Retail Finance Giant SitusAMC Suffered Data Breach - Exposes Accounting Records and Legal Agreements
Retail ransomware triples as Black Friday threats escalate
Russian Cyber Attack Targets US Firm Over Sister-City Ties to Ukraine
SecureTeen Data Breach Exposes 1.4 Million User Records
Sha1-Hulud Supply Chain Attack Compromises 800+ npm Packages and Thousands of GitHub Repos
Shai-Hulud supply chain attacks back with a vengeance, impacting 28k GitHub repositories
SitusAMC confirms data breach affecting customer information
SitusAMC Data Breach Hits Big Banks Like JP Morgan, Citi, and Morgan Stanley
SitusAMC Data Breach Under Investigation After Sensitive Information Compromised
Smishing Triad Impersonation Campaigns Expand Globally
Streaming Devices and IoT Security Threats: Android TV Boxes Linked to Botnet Activity
Supply chain sprawl is rewriting security priorities
The breaches everyone gets hit by (and how to stop them)
The Emergence of GPT-4-Powered Ransomware and the Threat to Identity and Access Management (IAM) Systems
The Latest Shai-Hulud Malware is Faster and More Dangerous
Threat Actors Target Black Friday Shoppers Amid Surge of 2 Million+ Attacks
ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
UK Legal Aid Agency data breach spurs potential class action
Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users
Use AI browsers? Be careful. This exploit turns trusted sites into weapons - here's how
Vishing attack compromises Harvard University data
Wall Street Banks' Customer Data Stolen as SitusAMC Suffers From Massive Hacking
Westminster among London councils targeted in cyber attack as staff warned of 'significant' threat
Yarmouth Police warn users of CodeRED Alerts to change passwords after company reports cyber attack
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
24th November
A Phone Call Was All It Took: Harvard’s Latest Data Breach Explained
Aerodrome DEX Hit by DNS Hijack, Users Steered to Phishing Sites on Base
AI Language Models and Their Impact on the Evolution of Autonomous Malware
AI-Powered Obfuscated Malicious Apps That Bypass Antivirus Detection to Deploy Payloads
Akira Ransomware’s Renewed Assault on Construction and Engineering
Amazon, Lidl, Costco, and IKEA sit atop scammers’ Black Friday hit lists
Another major airline hacked, customer data exposed
APT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and Tactics
APT35 Hacker Groups Internal Documents Leak Exposes their Targets and Attack Methods
Auto-ID Solutions Provider Sato Corp Hit by Data Breach Tied to Oracle E-Business Vulnerability
Avosina Data Breach Impacts SomnoSleep Patients
Cache Valley ENT Discloses Data Breach to Multiple State Attorneys General Offices
Carlisle emergency alert provider undergoes cyber attack
CISA Adds Oracle Identity Manager Vulnerability to Known Exploited Vulnerabilities (KEV) Database
CISA Urges Patch of Actively Exploited Flaw in Oracle Identity Manager
ClickFix attack uses fake Windows Update screen to push malware
ClickFix attacks get creative with fake Windows update
Cloudeka Allegedly Breached with Source Code and System Files Stolen
CodeRED cyber attack leaves emergency notification system down, exposes user data
Comcast to pay $1.5 million US fine after vendor data breach
Cooper Steel Fabricators Data Breach: 330 GB of Sensitive Project Data Up for Sale
Cox Enterprises Data Breach: Cl0p Exploits Oracle Zero-Day Flaw
Cox Enterprises hit by Oracle data breach - but it won't name who carried out the attack
Crooks breach major US contractor, Amazon data center plans for sale
CrowdStrike Confirms Insider Threat Incident Linked to Scattered Lapsus$ Hunters, Fires Employee Amid Data Leak Claims
CrowdStrike Terminates ‘Suspicious Insider’ Linked to Scattered Lapsus$ Hunters
CrowdStrike’s Insider Betrayal: How One Employee Fueled Hacker Boasts
Customer data from Wall Street banks breached, JPMorgan and Citi affected
Cybercriminals Deploy Infected PyPI Package to Attack Users and Capture Crypto Details
Cybercriminals Use EtherHiding to Spread Malware and Constantly Shift Payloads Online
Cybersecurity threats and data breaches
Delta Dental notifies customers of data breach
Delta Dental of Virginia Data Breach Affects 146,000 Individuals
Delta Dental of Virginia data breach impacts 145,918 customers
Disgruntled IT worker hacks former employer, resets 2,500 passwords
DoorDash breach exposes contact info for customers and workers
DoorDash is sued over recent data breach
Dropping Elephant Hacker Group Attacks Defense Sector Using Python Backdoor via MSBuild Dropper
Email blind spots are back to bite security teams
Ennoble Care Data Breach: Sensitive Information Exposed
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
FBI Warns of Rising Akira Ransomware Threat
Federal Communications Commission (FCC) rolls back ISP cybersecurity rules despite looming threat from China-linked hackers
Federal Communications Commission (FCC) Terminates Telecom Cyber Rules Enacted After Salt Typhoon Exploit
Flaws Expose Risks in Fluent Bit Logging Agent
Fota Wildlife Park endured €176k loss after dealing with costly cyber attack
Geisinger Health and former IT vendor reach $5 million settlement over insider data breach
Google Sues Giant Chinese SMS Phishing Operation That Made Use of US Brand Names
Goshen Health & Hancock Health Settle Pixel Data Breach Lawsuits
Grafana Flags Maximum-Severity SCIM Vulnerability Enabling Privilege Escalation
Hackers knock out systems at Moscow-run postal operator in occupied Ukraine
Hackers Replace ‘m’ with ‘rn’ in Microsoft.com to Steal Login Credentials
Hackers Replace ‘m’ with ‘rn’ in Microsoft.com to Steal Users’ Login Credentials
Harvard Donor, Alumni Information Breached in Phishing Attack
Harvard University data breach hits core community records: How the fallout affects students
Harvard University discloses data breach affecting alumni, donors
Heritage Communities Data Breach Affects PII and PHI
How Cybercriminals are targeting trucking operations
Iberia Airlines Hit by Data Breach Exposing Customer Personal Details
Iberia Airlines Notifies Customers of Supply Chain Data Breach
Iberia breach exposed frequent flyer data, hacker leaks files
Iberia Data Breach Exposes Customer Details via Supplier Vulnerability
Iberia’s Supplier Breach: A Wake-Up Call for Aviation’s Fragile Supply Chain
Increased security and employee productivity: Why are more companies going with passwordless authentication?
India: Central Bureau of Investigation (CBI) Arrests Fugitive Cybercrime Kingpin, Busts Fifth Illegal Call Center Targeting US Nationals
Intrusion at real estate finance business sparks concern for big banks
Italy’s Rail Operator Impacted as Almaviva Suffers Significant Data Exposure
JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach
Kaspersky research confirms $18 billion loss from ransomware attacks
Korean police report 38% drop in voice phishing after integrated task force launch
Leak of APT35 Internal Documents Reveals Their Targets and Attack Methods
Logitech Discloses Zero-Day Exploit Data Breach to the Securities and Exchange Commission (SEC)
Logistics Giant WEL Companies Confirms Major Data Security Incident
Major Banks Hit by Vendor Cyber-attack
Majority of ransomware attacks occur over holidays and weekends
Malicious Blender model files deliver StealC infostealing malware
Mall Logistics Source Code Leaked Data Breach
Matrix Push C2 abuses browser notifications to deliver phishing and malware
More organizations allegedly compromised by Clop ransomware gang
Nasajon Data Breach Results in Alleged Source Code Leak
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
New RadzaRat Spyware Poses as File Manager to Hijack Android Devices
New Shai-Hulud Attack Hits Nearly 500 npm Packages with 100+ Million Downloads
NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Lets Attackers Inject Malicious Code
Over 18 lakh users of Adda.io platform exposed in alleged data breach
Pair Accused of Transport for London (TfL) Cyberattack Deny Computer Misuse Charges
Philadelphia care provider Intercommunity Action notifies 2,680 people after breach exposed sensitive data
Pixtura Data Breach Exposes 158k Records Including IBANs and IDs
ProAgro Seguros Data Breach Exposes Insurance Policy Documents
Proof-of-Concept (PoC) Released for W3 Total Cache RCE Vulnerability Exposing 1+ Million Websites
Python Backdoor Delivered via MSBuild Dropper Used by Elephant Hacker Group in Defense Sector Attacks
Ransomware attacks peak during holidays & major business events
Ransomware Attacks Spike on Holidays and During Corporate Upheaval
Ransomware attacks surge on holidays and during major corporate upheavals, global study finds
Ransomware attacks targeted at weekends and holidays
Ransomware Gangs Shift Focus to the Cloud
Ransomware Spikes During Holidays and Weekends
Real-estate finance services giant SitusAMC breach exposes client data
Risk & Insurance Education Alliance Data Breach: Names & SSNs Exposed
Russian-linked Malware Campaign Hides in Blender 3D Files
Salesforce Confirms Wider Impact in Ongoing Gainsight Security Incident
Salesforce Data Breach: ShinyHunters Hack Gainsight Integration
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Singapore sees surge in ransomware attacks during holidays
SitusAMC Cyber Breach Sparks Fallout for JPMorgan, Citi, and Morgan Stanley
SitusAMC Cyberattack Exposes Major Bank Client Data, Possibly from JPMorgan Chase, Citi, and Morgan Stanley
SitusAMC Data Breach Affects Client Corporate Data
SitusAMC Data Breach Exposes Major Banks and Mortgage Lenders
Software companies must be held liable for British economic security, say MPs
South Korea: National Police Agency's Integrated Unit Cuts Phishing Reports by 38%
Spanish Airline Iberia Notifies Customers of Data Breach
Summit Hotel Properties Data Breach: SSNs & Names Exposed
Targeted Holiday Phishing Scams Spike with Fake Dolce & Gabbana and Pandora Storefronts and Cryptocurrency Schemes
Tenda N300 Vulnerabilities Allow Attackers to Execute Arbitrary Commands as Root
The Gentlemen Ransomware Group Hits Multiple Companies in Vietnam and Singapore
The privacy tension driving the medical data shift nobody wants to talk about
The Rise of Autonomous Cyber Operations: GTG-1002, the AI Attack that Showed Traditional Detect-and-Respond Playbooks Are Obsolete
UK privacy regulator has seen ‘collapse in enforcement activity,’ rights coalition says
Unauthorized Access to Employee Communications by ToddyCat APT in Targeted Firms
US banks scramble to assess data theft after hackers breach financial tech firm
vLLM Vulnerability Enables Remote Code Execution Through Malicious Payloads
VPN credential theft emerges as top ransomware entry point
What happens when vulnerability scores fall apart?
Wireshark 4.6.1 Fixes Vulnerabilities Allowing Attackers to Crash Wireshark
X’s 2025 Data Breach Exposes Billions of User Records and Emails
Zapier’s NPM Account Compromised, Multiple Packages Infected with Malware
