Cyber Victor – a leading blog on cyber security

Anthropic said on March 6, 2026 it discovered during a two week period in January 2026 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. It was using the Claude Opus 4.6 AI model. Of these, 14 were classified as high, 7 were classified as moderate, and 1 was rated low in severity. The issues were addressed in Firefox 148, released in late February 2026.

Claude identified a Use After Free vulnerability, which the team validated and reported to Mozilla along with a proposed patch written by Claude. By the end of this effort, Claude scanned nearly 6,000 C++ files and submitted a total of 112 unique reports, including the high- and moderate-severity vulnerabilities mentioned above. Most issues have been fixed in Firefox 148, with the remainder to be fixed in upcoming releases.

Read more about it here.

The French national bank account registry (FICOBA), a state agency which manages a registry of all bank accounts in France, said on February 18, 2026 that it has suffered a cyberattack, allowing hackers to gain information on over 1.2 million bank accounts. A hacker was using stolen credentials belonging to a government official to gain access.

Leaked data included bank account details including RIBs/IBANs, account holder identity, physical address, and in some cases also Taxpayer identification number.

Authorities quickly pulled FICOBA offline, restored access, and are notifying affected users.

Read more about it here.

Popular image sharing website Flickr confirmed it was hit by a cyberattack in which it lost sensitive data on a yet undisclosed number of customers.

In an email notification sent to its customers, Flickr said: “On February 5, 2026, we were alerted to a vulnerability in a system operated by one of our email service providers. This flaw may have allowed unauthorized access to some Flickr member information. We shut down access to the affected system within hours of learning about it.”

The data breached may have exposed full names, usernames, email addresses, IP addresses, general location data, Flickr account types and activity history.

The company immediately took action: They disabled access to the affected system, removed links to the vulnerable endpoint, alerted the third-party provider, requesting a full investigation, and notified the relevant data protection authorities.

Owned by SmugMug, Flickr is a photo sharing platform. It has 112 million registered users and millions of active photographers.

Read more about it here.

The ShinyHunters cyber gang claimed that it stole data from over 14 million Panera Bread accounts, totaling 760 MB in compressed format. According to the actor, the stolen information contains Full names, Email addresses, Phone numbers, Home addresses, Account details, and Personally Identifiable Information (PII). The cyber gang said that the files were leaked because the company didn’t pay an unspecified ransom.

Data breach notification service Have I Been Pwned (HIBP) said that a data breach at Panera Bread affected 5,120,000 accounts, not 14 million accounts as previously reported.

ShinyHunters told BleepingComputer that they gained access to Panera’s systems via a Microsoft Entra single sign-on (SSO) code. The attack was part of a new ShinyHunters voice phishing (vishing) campaign, targeting Single Sign-On (SSO) accounts at Okta, Microsoft, and Google across more than 100 high-profile organizations.

Soon after, the company was hit with two class action lawsuits over data breach.

Panera Bread is a US based bakery-café chain known for its bread, sandwiches, soups, salads, and coffee. Founded in 1987, it employees about 140,000 employees and operates nearly 2,300 locations in the US and Canada.

Read more about it here.

A data breach at American apparel giant Under Armour has leaked the personal information of 72.7 million customers following a ransomware attack. The data breach surfaced in November 2025 after the Everest ransomware gang claimed responsibility for the attack by listing Under Armour on a dark web leak site.

🚨DATA BREACH– Under Armour (underarmour[.]com)

In November 2025, the Everest ransomware group claimed responsibility for a massive cyberattack on Under Armour, exfiltrating ~343 GB of sensitive data. After Under Armour reportedly failed to pay the ransom within the 7-day… pic.twitter.com/bJj6Hc6wSW

— JustaBreach (@justabreach) January 18, 2026

On January 18, 2026, the ransomware gang leaked samples on an underground hacking forum and demanded an unspecified ransom to avoid leaking the entire trove, totaling about 343 GB.

Data breach tracking website Have I Been Pwned (HIBP) confirmed the data breach and assessed that it leaked customers names, email addresses, genders, dates of birth, and geographic locations.

Have I Been Pwned said the stolen Under Armour dataset included names, email addresses, genders, dates of birth, and customers’ approximate location based on postcode or ZIP code. The data also included purchase information, such as product IDs, prices, quantities, store preferences, and marketing campaign logs. Together, this can be used by cybercriminals for shopping scams and phishing.

Under Armour is now facing a class action lawsuit for its alleged negligent handling of personal information and the November 2025 data breach.

Read more about it here.

Claims administration and risk management giant Sedgwick disclosed a cybersecurity incident at its federal contractor subsidiary, Sedgwick Government Solutions, on January 4, 2026. The company made the disclosure after the TridentLocker ransomware gang publicly claimed responsibility for stealing 3.4 GB of sensitive data.

The list of federal agencies using Sedgwick Government Solutions’ services includes the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Commerce, the United States Citizenship and Immigration Services (USCIS), the United States Coast Guard, the Department of Homeland Security (DHS), the U.S. Department of Labor, the Customs and Border Protection (CBP), the Transportation Security Administration (TSA), the Federal Emergency Management Agency (FEMA), and the U.S. Coast Guard.

Sedgwick responded to the incident by immediately activating its incident response protocols with the support of external cybersecurity experts. The company added that Sedgwick Government Solutions is segmented from the rest of its business, and no wider Sedgwick systems or data were affected.

Sedgwick employs 33,000 employees and serves 10,000 clients across 80 countries, including 59% of the Fortune 500, and its subsidiary serves over 20+ government agency clients.

Read more about it here.

British luxury car maker Jaguar Land Rover has reported devastating preliminary 2025 fourth quarter results as a result of crippling cyberattack.

Wholesale sales in the last quarter of 2025 were 59,200 units, down 43.3% vs. the last quarter of 2024.
Retail sales in the last quarter of 2025 were 79,600 units, down 25.1% vs. the last quarter of 2024.

The September 2, 2025 cyberattack forced the car maker to send staff home and shut down production. In a follow-up statement, the company also confirmed that data had been stolen during the cyberattack, which was later claimed by the Scattered Lapsus$ Hunters cybercrime collective made out of cybercriminal groups.

JLR got £1.5 billion in financial support from the UK government to aid its recovery and help companies in the supply chain as JLR struggled to bring its invoicing system online.

Read more about it here.

La Poste, the French national postal service, confirmed on December 22, 2025 that a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers.

La Poste said in a statement that a distributed denial of service (DDoS) incident made its online services unavailable. The company confirmed that its online services: La Banque Postale online and the mobile app, laposte.fr, Digiposte, La Poste Digital Identity, and the La Poste application were temporarily inaccessible. The postal service said customer data remained secure but deliveries of packages and mail were affected.

The services have been restored since.

Read more about it here.

Cloudflare successfully mitigated the largest DDOS attack ever recorded, at 29.7 Tbps (Tera bits per second) and 14.1 Bpps (billion packets per second). The attack was carried out by the Aisuru botnet, a 1–4 million-device network launching hyper-volumetric attacks regularly above 1 Tbps and 1 Bpps.

The attack used a UDP “carpet bombing” technique that pounded on about 15,000 destination ports per second while randomizing packet attributes, to evade static filtering and legacy scrubbing centers.

“Since the beginning of 2025, Cloudflare has already mitigated 2,867 Aisuru attacks. In the third quarter alone, Cloudflare mitigated 1,304 hyper-volumetric attacks launched by Aisuru. That represents an increase of 54% QoQ”, says the December 3, 2025 Cloudflare report.

Read more about it here.

Asus reported that one of its third party vendor experienced a data breach, which involves its phone camera technology, after a ransomware group claimed to have stolen over 1 TB of data from the company.

On December 2, 2025, the Everest ransomware group added Asus to its Tor data leak site, along with ArcSoft and Qualcomm, and claimed that it stole: “Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files”.

Asus claimed that “this incident has not impacted ASUS products, internal company systems, or user privacy”.

Asus users should still exercise caution: A weak point could become an entry point for further exploitations.

Read more about it here.