Welcome to DBD. Cybercrime made global headlines in 2025. Attacks on well-known brands and organizations have raised public awareness of the severity, frequency and impact of cyber attacks. Ransomware attacks are at their highest ever recorded, and 2026 has the potential to be even worse, as cyber criminals continue to extort their victims, with little chance of being brought to justice. On a lighter note, I'd like to take this opportunity to wish you all a very Merry Christmas and all the best for the New Year. Thanks again for all your support. Stay safe. :)
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 22nd December and 28th December 2025.23rd December
South Korea online retailer Coupang faces US securities class action over massive data breach
22nd December
86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush
574 arrests, $3 million recovered in Africa-wide cybercrime crackdown
1,000 computers taken offline in Romanian water management authority hack - ransomware takes Bitlocker-encrypted systems down
Address poisoning scam costs crypto user $50 Million
Alleged RaccoonO365 phishing kit developer apprehended
America’s Cyber Retreat Is Undermining Indo-Pacific Security
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
ARC Community Services Data Breach Exposes Sensitive Information
Arcane Werewolf Hacker Group Added Loki 2.1 Malware Toolkit to their Arsenal
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit
Around 1,000 systems compromised in ransomware attack on Romanian water agency
BlindEagle Hackers Attacking Government Agencies with Powershell Scripts
Brooklyn Man Booked in $16M Crypto Phishing Scam Targeting Coinbase Users
Browser agents don’t always respect your privacy choices
Chiesi USA Data Breach Exposes SSNs & Medical Info
CISA flags ASUS Live Update CVE, but the attack is years old
Coupang Faces Scrutiny After Massive Data Breach
Coupang Inc. Faces U.S. Data Breach Lawsuit
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Cyber spies use fake New Year concert invites to target Russian military
Cybersecurity 2026: Why Protecting Data Matters More Than Stopping Attacks
Dakota Eye Institute Settles Class Action Data Breach Lawsuit for $1 Million
Data Authorities Probe Trade Union Breach
DDoS incident disrupts France’s postal and banking services ahead of Christmas
DIG AI: Uncensored darknet AI assistant at the service of criminals and terrorists
Don't make these airport Wi-Fi and public charging mistakes this holiday
EU Chat Control 2.0 Evolves into Going Dark Initiative – Everything You Need to Know
Eurostar AI chatbot flaws exposed after “painful” disclosure process
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens
FBI: Deepfake campaign spoofing government officials ongoing for longer than thought
FedEx Data Breach Exposes Sensitive Protected Health Information (PHI)
Five ways AI is changing cyber-attacks: deepfakes, smishing and the new threat landscape
France’s national post office hit by suspected cyber-attack
France's postal service hit by suspected cyber-attack days before Christmas
French authorities arrest 22-year-old over cyber attack on the Interior Ministry
French watchdog fines ad firm with €1M over Deezer leak
Frogblight Malware Targets Android Users With Fake Court and Aid Apps
Fyzical Data Breach Impacts 1,801 in Texas
Guilt admitted by former cyber pros over ransomware spree
Guilty plea entered in multinational Nefilim ransomware scheme
Guilty Pleas Highlight Ransomware Risks Within and Beyond the Enterprise
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan
Hackers attack WatchGuard Firebox firewalls: 120K IPs exposed and vulnerable
Hackers Using Phishing Tools to Access M365 Accounts via OAuth Device Code
Hernando County Responds to Data Breach Exposing Personal Information, Offers Free Credit Protection to Impacted Residents
INC ransomware Claims Evercover and Talarico
Insider Threat: Hackers Paying Company Insiders to Bypass Security
Interpol-led action decrypts 6 ransomware strains, arrests hundreds
Isle of Man: Island businesses targeted in phishing campaign
Judge rules that NSO cannot continue to install spyware via WhatsApp pending appeal
Learn more about Ghost Pairing Cyber Attack via WhatsApp
Legitimate Nezha Monitoring Tool Abused as a Powerful RAT, Providing Complete Control Over Compromised Hosts
Malicious NPM Package ‘lotusbail’ Steals WhatsApp Data
Malicious npm package steals WhatsApp accounts and messages
Microsoft 365 Accounts Hijacked Through OAuth Device Code Phishing Attacks
Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
MS13-089 Ransomware: Double Extortion Without Encryption
NASA Data Breach: Spanish Teleradiology Data and Source Code Leaked
Nefilim Ransomware Affiliate Pleads Guilty
Nefilim ransomware hacker faces prison after pleading guilty
Nefilim ransomware hacker pleads guilty to computer fraud
Netflix suspension scam targets your inbox
New Flaw in Somalia’s E-Visa System Exposes Travelers’ Passport Data
New MacSync malware dropper evades macOS Gatekeeper checks
New York Home Healthcare Provider Identifies Email Account Breach
NHS England tech provider reveals data breach - DXS International hit by ransomware
Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers
Nissan says thousands of customers exposed in Red Hat breach
NIST issues guidance on securing smart speakers
OAuth Device Code Phishing: New Attack Vector for Account Takeover
Ochsner LSU Health Data Breach Impacts 4,519 Individuals
One Community Health Data Breach Exposes Patient PII & PHI
Outdoor Smart! (Campfire Collective) Data Breach Affects 19,864 People
Phishing Attacks Abuse OAuth Device Code to Gain Access to M365 Accounts
Phishing Attacks Exploit OAuth Device Codes to Breach Microsoft 365 Accounts
Potential data breach at Fairbanks health clinic, officials say
Prince of Persia ran a covert Iranian spy campaign for over a decade
ProBit Global Crypto Exchange Targeted in Alleged Data Breach
Qilin Ransomware Attack Hits Grupo Olé and Cedar Valley Services
Qilin takes responsibility for major Argentinian football club hack
RansomHouse Ransomware Upgraded: Enhanced Encryption Threat
Report finds most schools are underprepared for ransomware and AI-powered cyberattacks
Romanian national water agency hit by BitLocker ransomware attack
Romanian water authority hit by ransomware attack over weekend
Romanian Water Authority Hit by Ransomware; 1,000 Systems Across 10 Regions Compromised
Scripted Sparrow Sends Millions of Business Email Compromise (BEC) Emails Each Month
SIRH Mexico Data Breach: Sensitive Employee Records Leaked
South Korea to require facial recognition for new mobile numbers
South Korea's consumer agency to order SK Telecom to compensate 58 hacking victims
Spotify data breach: 86 million audio files leaked online
Spotify disables accounts after open-source group scrapes 86 million songs from platform
Spotify investigates data breach, after pirate group claims it ‘scraped’ its music library
Spotify’s Music Catalog Leaked in Massive Data Breach
Taminsho Hit by Benzona Ransomware Attack and 80GB Data Exfiltration
Technology and GPS firm Netstar Australia suffers alleged cyber attack
Terport Ransomware Attack: Paraguay Port Operator Breached by Lynx
Think you can beat ransomware? RansomHouse just made it a lot harder
Threat groups steal identities to access Microsoft 365 accounts
Topstep Data Breach Compromises SSNs & Names
U.S. Seizes Crypto Exchange Linked To $70M Ransomware
UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected
UK Children’s Wellbeing Bill Raises Privacy and Encryption Concerns
UK Foreign Office hit by cyber-attack
Ukrainian hacker admits affiliate role in Nefilim ransomware gang
Ukrainian National Pleads Guilty in Nefilim Ransomware Conspiracy
Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US
Ukrainian pleads guilty for role in ransomware attacks targeting U.S., Canadian companies
University of Phoenix Data Breach Affects 3.5 Million
University of Phoenix data breach impacts nearly 3.5 million individuals
University of Sydney data breach impacted over 27,000 staff and students
University of Sydney discloses a data breach impacting 27,000 people
Váhostav Targeted by DragonForce Ransomware Attack
Warning issued as surge in OAuth device code phishing leads to M365 account takeovers
WatchGuard Firebox firewalls under attack (CVE-2025-14733)
“We backed up Spotify:” pirates claim to have scraped 300TB of music
What are passkeys really? The simple explanation - for anyone tired of passwords
Yavne Educational Center Data Breach: Sensitive Student Records Leaked
