Category: Uncategorized

La Poste, the French national postal service, confirmed on December 22, 2025 that a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers.

La Poste said in a statement that a distributed denial of service (DDoS) incident made its online services unavailable. The company confirmed that its online services: La Banque Postale online and the mobile app, laposte.fr, Digiposte, La Poste Digital Identity, and the La Poste application were temporarily inaccessible. The postal service said customer data remained secure but deliveries of packages and mail were affected.

The services have been restored since.

Read more about it here.

Cloudflare successfully mitigated the largest DDOS attack ever recorded, at 29.7 Tbps (Tera bits per second) and 14.1 Bpps (billion packets per second). The attack was carried out by the Aisuru botnet, a 1–4 million-device network launching hyper-volumetric attacks regularly above 1 Tbps and 1 Bpps.

The attack used a UDP “carpet bombing” technique that pounded on about 15,000 destination ports per second while randomizing packet attributes, to evade static filtering and legacy scrubbing centers.

“Since the beginning of 2025, Cloudflare has already mitigated 2,867 Aisuru attacks. In the third quarter alone, Cloudflare mitigated 1,304 hyper-volumetric attacks launched by Aisuru. That represents an increase of 54% QoQ”, says the December 3, 2025 Cloudflare report.

Read more about it here.

Asus reported that one of its third party vendor experienced a data breach, which involves its phone camera technology, after a ransomware group claimed to have stolen over 1 TB of data from the company.

On December 2, 2025, the Everest ransomware group added Asus to its Tor data leak site, along with ArcSoft and Qualcomm, and claimed that it stole: “Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files”.

Asus claimed that “this incident has not impacted ASUS products, internal company systems, or user privacy”.

Asus users should still exercise caution: A weak point could become an entry point for further exploitations.

Read more about it here.

CrowdStrike said on November 21, 2025 that an insider shared screenshots of internal systems with hackers, after members of threat groups ShinyHunters, Scattered Spider, and Lapsus$ posted them on Telegram.

ShinyHunters said that they allegedly agreed to pay the insider $25,000 to provide them with access to CrowdStrike’s network. They further claim that they ultimately received SSO authentication cookies from the insider, but by then, the suspected insider had already been detected by CrowdStrike, which had shut down his network access.

The company stresses that no systems were breached and no customer data was exposed.

“We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally,” a CrowdStrike spokesperson told BleepingComputer. “Our systems were never compromised and customers remained protected throughout. We have turned the case over to relevant law enforcement agencies.”

Read more about it here.

Microsoft said on November 17, 2025 that its Azure DDOS Protection successfully mitigated the largest cloud DDOS attack ever recorded, at 15.72 Tbps (Tera bits per second) and 3.64 billion pps (packets per second). The attack involved extremely high-rate UDP floods targeting a specific public IP address, launched from over 500,000 source IPs across various regions. The sudden UDP bursts had minimal source spoofing and used random source ports.

The attack originated from Aisuru botnet. Aisuru is a Turbo Mirai-class IoT botnet that frequently causes record-breaking DDoS attacks by exploiting compromised home routers and cameras/DVRs, mainly in residential ISPs in the United States and other countries.

Read more about it here.

The Canadian Centre for Cyber Security warned on October 29, 2025 that hacktivists have repeatedly breached critical infrastructure systems in the country.

“One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community. Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms. A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time.” says the alert posted by the Canadian Centre for Cyber.

They advised organizations to maintain an up-to-date inventory of internet-accessible Industrial Control Systems (ICS) devices, replace direct exposure with VPNs with two-factor authentication, and apply the Cyber Centre’s Readiness Goals to strengthen cyber defense.

Read more about it here.

More than 261,000 F5 BIG-IP instances connected to the internet could be at risk of cyberattacks following the recent cyberattack suffered by the company, experts have warned. Of these, over 140,000 instances are in North America, over 58,000 are in Europe, and over 47,000 are in Asia.

“In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from certain F5 systems”, reads the company’s statement. “Threat actor exfiltrated files from our BIG-IP product development environment and engineering knowledge management platforms. These files contained some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP.”

The company has taken several steps to remediate the issue:
Rotated credentials and strengthened access controls across our systems.
Deployed improved inventory and patch management automation, as well as additional tooling to better monitor, detect, and respond to threats.
Implemented enhancements to F5’s network security architecture.
Hardened F5’s product development environment, including strengthening security controls and monitoring of all software development platforms.
Released updates for its BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published its 13th annual report on the state of the cybersecurity threat landscape. The report covers the period of July 1, 2024 to June 30, 2025 and is based on 4,875 incidents.

The main points in the report are:

• Intrusion activity remains significant, with ransomware at its core.
• State-aligned threat groups intensified their long-term cyberespionage campaigns against the telecommunications, logistics networks and manufacturing sectors in the EU.
• Hacktivist activity continues to dominate reporting, representing almost 80% of recorded incidents and driven primarily by low-level distributed denial-of-service operations.
• Public administration networks remain the primary focus (38%).
• Phishing remains the dominant intrusion vector (60%) and is evolving through techniques used in largescale campaigns.
• Vulnerability exploitation remains a cornerstone of initial access (21.3%), with widespread campaigns rapidly weaponizing them within days of their disclosure.
• Artificial intelligence has become a defining element of the threat landscape, with AI supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide, with adversaries leveraging jailbroken models, synthetic media and model poisoning techniques to enhance their operational effectiveness.

Read more about it here.

The UK government is providing a support package of £1.5 billion ($1.75 billion) loan guarantee with Jaguar Land Rover to support its supply chain, following a massive data breach that was disclosed on September 2, 2025.

The UK government explained that its decision is to protect JLR’s supply chain, safeguard jobs, and stabilize the auto sector after the cyberattack severely disrupted operations. Production was halted for over 5 weeks.

The UK government highlighted JLR’s key role as a top exporter, employing 34,000 directly in its UK operations and supporting 120,000 jobs through its large automotive supply chain.

The UK government also committed £2 billion capital and R&D funding for the auto sector to 2030, and an additional £500 million to extend the R&D support for the industry to 2035

The loan from a commercial bank will be paid back over 5 years.

For manufacturing leaders, there is one simple, crucial lesson to take away from the JLR cyber attack: security is a strategic imperative, not a nice-to-have.

Read more about it here.

Luxury giants Gucci, Balenciaga, and Alexander McQueen have suffered a data breach that leaked the personal information of millions of customers.

Paris, France-based company Kering, which owns the luxury brands, disclosed that an attacker breached its systems and accessed limited customer data in June 2025.

Notorious hacking group ShinyHunters has taken responsibility for the data breach, claiming they obtained 7.4 million unique email addresses.

According to databreaches.net, the cybercrime group stole 43 million Gucci data records, and 13 million records from Balenciaga, Brioni, and Alexander McQueen.

The data breach exposed customer names, phone numbers, email addresses, physical addresses, dates of birth, and the total amount each customer spent at Kering-owned stores worldwide. Customer financial information, such as bank account numbers and credit card details, were not leaked.

Still, exposing customers’ total purchases exposes them to targeted phishing attacks.

Read more about it here.