Cybersecurity Roundup: Major Breaches, Ransomware, and Critical Vulnerabilities (Week of December 29) The past week saw a surge in cyberattacks targeting critical infrastructure, financial services, and high-profile organizations, alongside the disclosure of severe vulnerabilities in widely used software. Major Breaches and Attacks Romania’s national water management authority, Romanian Waters, fell victim to a ransomware attack encrypting nearly 1,000 systems across its national and regional offices. While operational technology controlling water infrastructure remained unaffected, the incident disrupted geographic information systems, databases, email, and web servers. No data leakage was reported. France’s postal service, La Poste, experienced a cyberattack disrupting online parcel tracking, mail distribution, and banking services for La Banque Postale customers. The pro-Russian hacktivist group NoName057(16) claimed responsibility, though no evidence of data compromise emerged. Insurance giant Aflac confirmed a June data breach exposing sensitive files—including insurance claims, health data, and Social Security numbers—of 22.7 million U.S. individuals. The attack was attributed to the Scattered Spider threat group. Nissan disclosed a breach affecting 21,000 customers after unauthorized access to Red Hat data servers exposed personal details (names, addresses, emails, and sales data). The Crimson Collective claimed the initial breach, with ShinyHunters later leaking samples of the stolen data. Trust Wallet, a non-custodial cryptocurrency wallet, reported a compromised Chrome extension update (version 2.68.0) that exfiltrated seed phrases to a malicious domain, resulting in at least $7 million in losses. Ubisoft’s Rainbow Six Siege suffered an attack where threat actors manipulated internal systems to distribute $13.33 million in in-game currency, unlock restricted cosmetics, and bypass bans. Baker University confirmed a breach exposing sensitive data—including Social Security numbers, financial details, and medical records—of 53,624 students, alumni, and staff. Critical Vulnerabilities A high-severity flaw (CVE-2025-14847, "MongoBleed") in MongoDB Server (versions 4.0–8.2.3) allows unauthenticated attackers to exploit a zlib implementation flaw, potentially accessing uninitialized heap memory and executing arbitrary code. A critical serialization injection vulnerability (CVE-2025-68664, CVSS 9.3) in LangChain Core enables attackers to extract secrets, inject prompts, or execute arbitrary code via unescaped user-controlled dictionaries. A buffer overflow vulnerability (CVE-2025-68615, CVSS 9.8) in Net-SNMP’s snmptrapd daemon permits remote code execution or service crashes via specially crafted packets. Patches are available in versions 5.9.5 and 5.10.pre2. Threat Intelligence A phishing campaign abused Google Cloud Application Integration to send 9,000 spoofed Google notification emails, redirecting victims to a Microsoft-themed credential-harvesting site. Targets included manufacturing, technology, and finance sectors across the U.S., Asia-Pacific, and Europe. Researchers uncovered a two-year Evasive Panda campaign using DNS poisoning to deliver MgBot malware via fake updaters. The attack employed multi-stage shellcode, hybrid encryption, and DLL sideloading, with persistence achieved through signed system processes and hardcoded C2 servers.

French mobile phone network La Poste suffered a ransomware attack that crippled its administrative and management services. LockBit ransomware took responsibility for the attack by adding its name to the list of victims. The attackers affected the website of the company and accessed the customer data from the employee account, however, the service was not much affected. .