🔥 Major Breaches & Incidents — Airlines, banks, universities, and space agencies all make the list

🧨 Emerging Threats & Vulnerabilities — Firewalls, browsers, and JavaScript frameworks under fire

🕵️ Privacy Watch — Regulators keep swinging, phishers keep phishing

🛰️ APTs & State Sponsored Attacks — Espionage groups stay busy through the holidays

🤖 AI in Cyber — LLMs, extensions, and supply-chain risks collide

✈️ Korean Air Data Compromised in Oracle E Business Suite Hack
Attackers tied to the Cl0p ransomware group exploited an Oracle E Business Suite vulnerability to steal personal and banking data tied to roughly 30,000 Korean Air employees. The breach is part of a wider Oracle focused supply chain campaign that keeps racking up new victims , long after patches were available.

👉 Key takeaway: Supply chain vulnerabilities don’t stay contained , downstream victims feel the blast radius.

🏦 U.S. Banks Report Customer Data Exposure After Marquis Software Ransomware Attack
Multiple banks confirmed customer data exposure tied to a ransomware attack at Marquis Software that occurred months earlier. The delayed disclosures highlight how third party breaches can quietly resurface long after the initial incident fades from view.

👉 Key takeaway: Vendor risk doesn’t end when the breach headlines fade.

🚀 European Space Agency Confirms Cyberattack on External Servers
ESA disclosed that attackers accessed external science collaboration servers used by researchers and partners. While mission critical systems were spared, the incident reinforces how attractive research environments remain to attackers.

👉 Key takeaway: Research and academic infrastructure remains a soft target.

🍎 Apple Patches Two Actively Exploited WebKit Zero Days
Apple pushed emergency updates for iOS, macOS, and Safari after confirming two WebKit vulnerabilities were under active exploitation. The fixes arrived amid evidence of targeted attacks , making fast patching non optional.

👉 Key takeaway: Browser engines continue to be prime real world attack surfaces.

🧱 WatchGuard Firebox Firewall Flaws Actively Exploited
Researchers warned that attackers are actively exploiting unpatched WatchGuard Firebox firewall vulnerabilities to gain network access. The flaws once again put edge devices squarely in attackers’ crosshairs.

👉 Key takeaway: Edge devices remain high value targets.

🕸️ RondoDox Botnet Exploits React2Shell Flaw in Next.js Apps
A botnet campaign is abusing a flaw in a popular JavaScript framework to compromise exposed Next.js servers at scale. The activity highlights how modern web stacks can quickly turn into mass exploitation opportunities.

👉 Key takeaway: Modern web stacks widen the attack surface.

🎣 Google Themed Phishing Campaign Targets Thousands of Organizations
A large scale phishing operation abused Google branding and infrastructure to deliver highly convincing credential harvesting emails to more than 3,000 organizations. Leveraging trusted platforms helped the campaign evade detection and boost success rates.

👉 Key takeaway: Trusted brands make phishing far more effective.

⚖️ Italy Fines Apple €98.6M Over App Tracking Transparency Practices
Italy’s antitrust authority fined Apple €98.6M, alleging it imposed stricter consent requirements on third party apps than on its own services. Regulators argue the imbalance distorted competition under the guise of privacy.

👉 Key takeaway: Privacy enforcement is increasingly colliding with platform power.

🐼 Chinese APT Mustang Panda Uses Kernel Mode Rootkit in Espionage Campaign
Researchers observed the group using signed drivers to load stealthy malware as part of an espionage campaign. The technique significantly raises the bar for detection and complicates traditional endpoint defenses.

👉 Key takeaway: Nation state tooling keeps getting harder to spot.

🌐 China Linked Evasive Panda Uses DNS Poisoning to Deliver MgBot
A China aligned threat group leveraged DNS poisoning techniques to quietly deliver the MgBot backdoor to targeted victims. The campaign shows that old school tactics still work when paired with careful targeting.

👉 Key takeaway: Old techniques are still effective when well executed.

🧠 Malicious Chrome Extensions Steal ChatGPT and LLM Conversations
Researchers uncovered malicious browser extensions siphoning off conversations from ChatGPT and other AI tools. The activity exposes how easily sensitive prompts and responses can leak through compromised extensions.

👉 Key takeaway: AI usage expands the browser threat model.

🔗 Critical LangChain Vulnerability Exposes Secrets via Serialization Injection
A high severity vulnerability in LangChain Core could allow attackers to access secrets or manipulate AI workflows through unsafe serialization. The issue underscores how fast moving AI ecosystems can introduce new supply chain risk.

👉 Key takeaway: AI frameworks are now part of the software supply chain.

🏭 NIST Launches AI Centers Focused on Manufacturing and Critical Infrastructure
NIST announced new initiatives focused on safely integrating AI into manufacturing and critical infrastructure environments. Cybersecurity is positioned as a core requirement , not an afterthought , as adoption accelerates.

👉 Key takeaway: Governments are racing to keep AI adoption from outpacing security.