KnowTechie reports: Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side. According to an announcement this
The Record reports: France’s data protection regulator has fined the software company Nexpublica France €1.7 million ($2 million) for poor
By Hunton Andrews Kurth’s Privacy and Cybersecurity Blog: On December 16, 2025, the Federal Trade Commission (“FTC”) announced an enforcement action against
The Record reports: French authorities arrested a 22-year-old on Wednesday as part of an investigation into a hack of the
VitalLaw reports: The Department of Defense would have to add new cybersecurity requirements to its contracts for telecom services when
Miscellaneous News
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to
CSO reports: Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing
Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud. The result was thousands of phishing messages that looked and felt like normal Google notifications. Many slipped past spam filters with ease. At the center of the campaign was Google Cloud Application Integration. This service allows businesses
BleepingComputer reports: A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices. … Hudson Rock says that Zestix operates as an initial access broker (IAB) on underground forums, selling access to high-value corporate cloud platforms. The cybersecurity
KnowTechie reports: Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side. According to an announcement this week from the US Department of Justice, Ryan Goldberg, 40, and Kevin Martin, 36, pleaded guilty to orchestrating a string of ransomware attacks in 2023 that netted them about $1.2 million in Bitcoin. Here’s the part that makes security teams everywhere groan into their coffee: one of the defendants was literally a ransomware negotiator. Martin and an unnamed co-conspirator worked
SecurityWeek provides an update on the Coupang breach: Coupang, the South Korean ecommerce giant listed in the US (NYSE: CPNG), on Monday announced plans to spend 1.685 trillion won (~$1.17 billion) in compensation over a recent data breach. The incident, the company said in early December, was discovered on November 18, and involved unauthorized access to customers’ personal information via overseas servers. Coupang told SecurityWeek that the data breach started on June 24, 2025, and that 33.7 million customer accounts in Korea were affected.
News19 reports: Nearly a quarter of a million residents in South Carolina may have had their data exposed in a breach that occurred months earlier, according to state records. A data breach notice provided to the South Carolina Department of Consumer Affairs (SCDCA) by Prosper Marketplace Inc. on Dec. 11 stated that the company learned on Sept. 1 of unauthorized activity on its systems. The peer-to-peer lending and personal finance company said it publicly reported the incident on its website on Sept.
Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing
BleepingComputer reports: A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely
An article by DataBreaches.net in collaboration with North Country Communications, LLC On December 15, North Country Communications launched as a consultancy dedicated to
The Register reports: The number of successful cyber insurance claims made by UK organizations shot up last year, according to
Insurance Business Magazine reports: A Texas woman has sued Goosehead Insurance Agency over a data breach that exposed sensitive customer
Sarah Hemmersbach or Mitratech Holdings writes: A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or
Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud. The result was thousands of phishing messages that looked and felt like normal Google notifications. Many slipped past spam filters with ease. At the center of the campaign was Google Cloud Application Integration. This service allows businesses
BleepingComputer reports: A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices. … Hudson Rock says that Zestix operates as an initial access broker (IAB) on underground forums, selling access to high-value corporate cloud platforms. The cybersecurity
KnowTechie reports: Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side. According to an announcement this week from the US Department of Justice, Ryan Goldberg, 40, and Kevin Martin, 36, pleaded guilty to orchestrating a string of ransomware attacks in 2023 that netted them about $1.2 million in Bitcoin. Here’s the part that makes security teams everywhere groan into their coffee: one of the defendants was literally a ransomware negotiator. Martin and an unnamed co-conspirator worked
SecurityWeek provides an update on the Coupang breach: Coupang, the South Korean ecommerce giant listed in the US (NYSE: CPNG), on Monday announced plans to spend 1.685 trillion won (~$1.17 billion) in compensation over a recent data breach. The incident, the company said in early December, was discovered on November 18, and involved unauthorized access to customers’ personal information via overseas servers. Coupang told SecurityWeek that the data breach started on June 24, 2025, and that 33.7 million customer accounts in Korea were affected.
KnowTechie reports: Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side. According to an announcement this
The Record reports: France’s data protection regulator has fined the software company Nexpublica France €1.7 million ($2 million) for poor
By Hunton Andrews Kurth’s Privacy and Cybersecurity Blog: On December 16, 2025, the Federal Trade Commission (“FTC”) announced an enforcement action against
The Record reports: French authorities arrested a 22-year-old on Wednesday as part of an investigation into a hack of the
VitalLaw reports: The Department of Defense would have to add new cybersecurity requirements to its contracts for telecom services when
Miscellaneous News
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to
CSO reports: Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing
Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing
BleepingComputer reports: A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely
An article by DataBreaches.net in collaboration with North Country Communications, LLC On December 15, North Country Communications launched as a consultancy dedicated to
The Register reports: The number of successful cyber insurance claims made by UK organizations shot up last year, according to
Insurance Business Magazine reports: A Texas woman has sued Goosehead Insurance Agency over a data breach that exposed sensitive customer
Sarah Hemmersbach or Mitratech Holdings writes: A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or
