Category: Uncategorized

Claims administration and risk management giant Sedgwick disclosed a cybersecurity incident at its federal contractor subsidiary, Sedgwick Government Solutions, on January 4, 2026. The company made the disclosure after the TridentLocker ransomware gang publicly claimed responsibility for stealing 3.4 GB of sensitive data.

The list of federal agencies using Sedgwick Government Solutions’ services includes the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Commerce, the United States Citizenship and Immigration Services (USCIS), the United States Coast Guard, the Department of Homeland Security (DHS), the U.S. Department of Labor, the Customs and Border Protection (CBP), the Transportation Security Administration (TSA), the Federal Emergency Management Agency (FEMA), and the U.S. Coast Guard.

Sedgwick responded to the incident by immediately activating its incident response protocols with the support of external cybersecurity experts. The company added that Sedgwick Government Solutions is segmented from the rest of its business, and no wider Sedgwick systems or data were affected.

Sedgwick employs 33,000 employees and serves 10,000 clients across 80 countries, including 59% of the Fortune 500, and its subsidiary serves over 20+ government agency clients.

Read more about it here.

British luxury car maker Jaguar Land Rover has reported devastating preliminary 2025 fourth quarter results as a result of crippling cyberattack.

Wholesale sales in the last quarter of 2025 were 59,200 units, down 43.3% vs. the last quarter of 2024.
Retail sales in the last quarter of 2025 were 79,600 units, down 25.1% vs. the last quarter of 2024.

The September 2, 2025 cyberattack forced the car maker to send staff home and shut down production. In a follow-up statement, the company also confirmed that data had been stolen during the cyberattack, which was later claimed by the Scattered Lapsus$ Hunters cybercrime collective made out of cybercriminal groups.

JLR got £1.5 billion in financial support from the UK government to aid its recovery and help companies in the supply chain as JLR struggled to bring its invoicing system online.

Read more about it here.

La Poste, the French national postal service, confirmed on December 22, 2025 that a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers.

La Poste said in a statement that a distributed denial of service (DDoS) incident made its online services unavailable. The company confirmed that its online services: La Banque Postale online and the mobile app, laposte.fr, Digiposte, La Poste Digital Identity, and the La Poste application were temporarily inaccessible. The postal service said customer data remained secure but deliveries of packages and mail were affected.

The services have been restored since.

Read more about it here.

Cloudflare successfully mitigated the largest DDOS attack ever recorded, at 29.7 Tbps (Tera bits per second) and 14.1 Bpps (billion packets per second). The attack was carried out by the Aisuru botnet, a 1–4 million-device network launching hyper-volumetric attacks regularly above 1 Tbps and 1 Bpps.

The attack used a UDP “carpet bombing” technique that pounded on about 15,000 destination ports per second while randomizing packet attributes, to evade static filtering and legacy scrubbing centers.

“Since the beginning of 2025, Cloudflare has already mitigated 2,867 Aisuru attacks. In the third quarter alone, Cloudflare mitigated 1,304 hyper-volumetric attacks launched by Aisuru. That represents an increase of 54% QoQ”, says the December 3, 2025 Cloudflare report.

Read more about it here.

Asus reported that one of its third party vendor experienced a data breach, which involves its phone camera technology, after a ransomware group claimed to have stolen over 1 TB of data from the company.

On December 2, 2025, the Everest ransomware group added Asus to its Tor data leak site, along with ArcSoft and Qualcomm, and claimed that it stole: “Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files”.

Asus claimed that “this incident has not impacted ASUS products, internal company systems, or user privacy”.

Asus users should still exercise caution: A weak point could become an entry point for further exploitations.

Read more about it here.

CrowdStrike said on November 21, 2025 that an insider shared screenshots of internal systems with hackers, after members of threat groups ShinyHunters, Scattered Spider, and Lapsus$ posted them on Telegram.

ShinyHunters said that they allegedly agreed to pay the insider $25,000 to provide them with access to CrowdStrike’s network. They further claim that they ultimately received SSO authentication cookies from the insider, but by then, the suspected insider had already been detected by CrowdStrike, which had shut down his network access.

The company stresses that no systems were breached and no customer data was exposed.

“We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally,” a CrowdStrike spokesperson told BleepingComputer. “Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies.”

Read more about it here.

Microsoft said on November 17, 2025 that its Azure DDOS Protection successfully mitigated the largest cloud DDOS attack ever recorded, at 15.72 Tbps (Tera bits per second) and 3.64 billion pps (packets per second). The attack involved extremely high-rate UDP floods targeting a specific public IP address, launched from over 500,000 source IPs across various regions. The sudden UDP bursts had minimal source spoofing and used random source ports.

The attack originated from Aisuru botnet. Aisuru is a Turbo Mirai-class IoT botnet that frequently causes record-breaking DDoS attacks by exploiting compromised home routers and cameras/DVRs, mainly in residential ISPs in the United States and other countries.

Read more about it here.

The Canadian Centre for Cyber Security warned on October 29, 2025 that hacktivists have repeatedly breached critical infrastructure systems in the country.

“One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community. Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms. A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time.” says the alert posted by the Canadian Centre for Cyber.

They advised organizations to maintain an up-to-date inventory of internet-accessible Industrial Control Systems (ICS) devices, replace direct exposure with VPNs with two-factor authentication, and apply the Cyber Centre’s Readiness Goals to strengthen cyber defense.

Read more about it here.

More than 261,000 F5 BIG-IP instances connected to the internet could be at risk of cyberattacks following the recent cyberattack suffered by the company, experts have warned. Of these, over 140,000 instances are in North America, over 58,000 are in Europe, and over 47,000 are in Asia.

“In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from certain F5 systems”, reads the company’s statement. “Threat actor exfiltrated files from our BIG-IP product development environment and engineering knowledge management platforms. These files contained some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP.”

The company has taken several steps to remediate the issue:
Rotated credentials and strengthened access controls across our systems.
Deployed improved inventory and patch management automation, as well as additional tooling to better monitor, detect, and respond to threats.
Implemented enhancements to F5’s network security architecture.
Hardened F5’s product development environment, including strengthening security controls and monitoring of all software development platforms.
Released updates for its BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published its 13th annual report on the state of the cybersecurity threat landscape. The report covers the period of July 1, 2024 to June 30, 2025 and is based on 4,875 incidents.

The main points in the report are:

• Intrusion activity remains significant, with ransomware at its core.
• State-aligned threat groups intensified their long-term cyberespionage campaigns against the telecommunications, logistics networks and manufacturing sectors in the EU.
• Hacktivist activity continues to dominate reporting, representing almost 80% of recorded incidents and driven primarily by low-level distributed denial-of-service operations.
• Public administration networks remain the primary focus (38%).
• Phishing remains the dominant intrusion vector (60%) and is evolving through techniques used in largescale campaigns.
• Vulnerability exploitation remains a cornerstone of initial access (21.3%), with widespread campaigns rapidly weaponizing them within days of their disclosure.
• Artificial intelligence has become a defining element of the threat landscape, with AI supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide, with adversaries leveraging jailbroken models, synthetic media and model poisoning techniques to enhance their operational effectiveness.

Read more about it here.