Cybersecurity News | Daily Recap [23 Dec 2025]

hendryadrian.com

hendryadrian.com

News:

Cybersecurity News Recap

Major Outages & Attacks

• A suspected DDoS attack disrupted online and branch services at France‘s postal and banking provider La Poste, causing delays ahead of Christmas while customer data was reportedly not compromised – France Outage, La Poste DDoS

Ransomware & Law Enforcement

• An Interpol-led operation dismantled infrastructure, arrested 574 suspects and recovered $3 million tied to ransomware, BEC and extortion globally – Interpol Operation
• A former affiliate pleaded guilty in connection with the Nefilim ransomware campaign as prosecutions continue against operators and affiliates – Nefilim Guilty
• A Romanian national water agency was hit by BitLocker ransomware affecting around 1,000 systems across 10 regions, forcing outages and incident response actions – Romania Ransomware, Water Agency Hit, Romania BitLocker
• 54 suspects were charged in the US over ATM attacks leveraging the Ploutus malware family in a crackdown on cash-out schemes – Ploutus Charges

Malware & Malicious Packages

• The MacSync macOS malware dropper bypasses Gatekeeper and has been distributed via a signed Swift application, raising concerns about macOS supply-chain bypasses – MacSync Malware, MacSync Signed App
• Malicious npm packages masquerading as WhatsApp APIs have been found stealing messages, contacts and login tokens, exposing developer-supply-chain risks – WhatsApp npm, Fake WhatsApp API
• An Iranian-linked APT dubbed the “Prince of Persia” resurfaced with a Telegram-controlled stealth malware campaign targeting strategic victims – Iran APT
• CISA and partners released an update analyzing the BRICKSTORM backdoor, providing indicators and mitigation guidance for defenders – BRICKSTORM Update

Data Breaches & Exposures

• Automaker Nissan reported thousands of customer records exposed following a third-party Red Hat breach impacting its systems and prompting notifications – Nissan Exposure
• The University of Phoenix disclosed a data breach affecting nearly 3.5 million individuals, raising identity and credential risk for students and staff – Phoenix Breach
• Retailer Coupang suffered a breach impacting about 33.7 million users, prompting scrutiny over data protection practices – Coupang Breach
• Spotify disabled accounts after an open-source group scraped roughly 86 million songs from the platform, leading to takedowns and content-access controls – Spotify Scrape

Espionage & Phishing

• Threat actors used fake New Year concert invites as a phishing lure to target the Russian military, illustrating tailored social-engineering against defense targets – Russian Phishing

Policy, Regulation & Privacy

• Italy fined Apple $116 million over App Store tracking and privacy practice violations, emphasizing stronger enforcement of privacy rules – Apple Fine
• South Korea will require facial recognition verification for issuing new mobile numbers, raising privacy and surveillance debates – South Korea ID Rule

Alerts & Advisories

• The Internet Crime Complaint Center (IC3) issued a public service announcement covering current threats and reporting guidance for victims – IC3 PSA
• Security researchers noted that not every CISA-linked alert demands immediate patching, highlighting the example of the ASUS Live Update CVE-2025-59374 advisory and prioritization guidance – ASUS Update

Industry, Funding & Research

• Cybersecurity startup Gambit Cyber closed a seed round of $3.4 million to advance threat-detection capabilities for enterprises – Gambit Funding
• A profile on an OSINT investigator explored how open-source intelligence makes cybersecurity personal and operationally impactful – OSINT Profile
• Guidance on browsing more sustainably with a “green browser” highlights privacy-adjacent environmental choices for users and organizations – Green Browser

Cybersecurity News Recap

Major Outages & Attacks

• A suspected DDoS attack disrupted online and branch services at France‘s postal and banking provider La Poste, causing delays ahead of Christmas while customer data was reportedly not compromised – France Outage, La Poste DDoS

Ransomware & Law Enforcement

• An Interpol-led operation dismantled infrastructure, arrested 574 suspects and recovered $3 million tied to ransomware, BEC and extortion globally – Interpol Operation
• A former affiliate pleaded guilty in connection with the Nefilim ransomware campaign as prosecutions continue against operators and affiliates – Nefilim Guilty
• A Romanian national water agency was hit by BitLocker ransomware affecting around 1,000 systems across 10 regions, forcing outages and incident response actions – Romania Ransomware, Water Agency Hit, Romania BitLocker
• 54 suspects were charged in the US over ATM attacks leveraging the Ploutus malware family in a crackdown on cash-out schemes – Ploutus Charges

Malware & Malicious Packages

• The MacSync macOS malware dropper bypasses Gatekeeper and has been distributed via a signed Swift application, raising concerns about macOS supply-chain bypasses – MacSync Malware, MacSync Signed App
• Malicious npm packages masquerading as WhatsApp APIs have been found stealing messages, contacts and login tokens, exposing developer-supply-chain risks – WhatsApp npm, Fake WhatsApp API
• An Iranian-linked APT dubbed the “Prince of Persia” resurfaced with a Telegram-controlled stealth malware campaign targeting strategic victims – Iran APT
• CISA and partners released an update analyzing the BRICKSTORM backdoor, providing indicators and mitigation guidance for defenders – BRICKSTORM Update

Data Breaches & Exposures

• Automaker Nissan reported thousands of customer records exposed following a third-party Red Hat breach impacting its systems and prompting notifications – Nissan Exposure
• The University of Phoenix disclosed a data breach affecting nearly 3.5 million individuals, raising identity and credential risk for students and staff – Phoenix Breach
• Retailer Coupang suffered a breach impacting about 33.7 million users, prompting scrutiny over data protection practices – Coupang Breach
• Spotify disabled accounts after an open-source group scraped roughly 86 million songs from the platform, leading to takedowns and content-access controls – Spotify Scrape

Espionage & Phishing

• Threat actors used fake New Year concert invites as a phishing lure to target the Russian military, illustrating tailored social-engineering against defense targets – Russian Phishing

Policy, Regulation & Privacy

• Italy fined Apple $116 million over App Store tracking and privacy practice violations, emphasizing stronger enforcement of privacy rules – Apple Fine
• South Korea will require facial recognition verification for issuing new mobile numbers, raising privacy and surveillance debates – South Korea ID Rule

Alerts & Advisories

• The Internet Crime Complaint Center (IC3) issued a public service announcement covering current threats and reporting guidance for victims – IC3 PSA
• Security researchers noted that not every CISA-linked alert demands immediate patching, highlighting the example of the ASUS Live Update CVE-2025-59374 advisory and prioritization guidance – ASUS Update

Industry, Funding & Research

• Cybersecurity startup Gambit Cyber closed a seed round of $3.4 million to advance threat-detection capabilities for enterprises – Gambit Funding
• A profile on an OSINT investigator explored how open-source intelligence makes cybersecurity personal and operationally impactful – OSINT Profile
• Guidance on browsing more sustainably with a “green browser” highlights privacy-adjacent environmental choices for users and organizations – Green Browser

Cybersecurity News | Daily Recap – hendryadrian.com