Breached Company

Case Closed: Cybersecurity Professionals Plead Guilty to BlackCat Ransomware Conspiracy

Two former incident responders admit to moonlighting as ransomware affiliates, extorting $1.2 million from healthcare companies while working at firms hired to prevent such attacks December 30, 2025 The cybersecurity industry's worst fears have been confirmed. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas—

The Publication That Reports on Breaches Just Got Breached

WIRED Magazine's 2.3 Million Subscriber Records Leaked After Month-Long Vulnerability Disclosure Failure December 30, 2025 - Let's talk about irony. The magazine that's made a career covering data breaches, investigating security failures, and holding companies accountable for protecting user data just exposed 2.

Aflac Data Breach Exposes 22.65 Million in Scattered Spider Insurance Campaign

Published: December 30, 2025 Category: Breach Analysis | Incident Response Sector: Insurance / Healthcare Executive Summary Insurance giant Aflac has confirmed that a June 2025 cyberattack compromised the personal and protected health information of approximately 22.65 million individuals—making it one of the largest healthcare-related data breaches of the year. The

Ireland's Ombudsman Office Hit by Ransomware: Lessons from a Government Agency Breach

A financially-motivated attack disrupts six public bodies and raises fresh questions about Ireland's public sector cybersecurity posture Related Coverage: Ukrainian National Extradited from Ireland: Inside the Conti Ransomware Takedown | Dublin Airport Data Breach Exposes 3.8 Million Passengers The Attack On December 17, 2025, Ireland's Office

MongoBleed: Critical MongoDB Vulnerability Enables Unauthenticated Data Theft (CVE-2025-14847)

Published: December 28, 2025 | Severity: Critical (CVSS 8.7) | Status: Actively Exploited A severe memory leak vulnerability in MongoDB Server has been disclosed, allowing unauthenticated attackers to remotely extract sensitive data from vulnerable instances. Dubbed "MongoBleed" (CVE-2025-14847), the flaw has already been exploited in the wild with over

Two Breaches, One Company: Rainbow Six Siege's $339 Trillion Hack Exposes Years of Helpdesk Corruption at Ubisoft

Executive Summary: Ubisoft faces dual security crises as Rainbow Six Siege remains offline following a devastating December 27, 2025 breach that flooded players with billions in premium currency—while VX-Underground simultaneously reveals that outsourced helpdesk staff have been accepting bribes for panel access since 2021. The combination exposes catastrophic failures

Post-Holiday Ransomware Surge: 15+ New Victims in 48 Hours

As organizations powered down for the holidays, threat actors ramped up operations—Qilin, Akira, The Gentlemen, and emerging groups capitalize on reduced staffing December 28, 2025 While most of the world was unwrapping presents and recovering from holiday festivities, ransomware operators were busy unwrapping something else entirely: corporate networks. Between

When Your Law Firm Becomes Your Liability: The Goldman Sachs-Fried Frank Breach and the Hidden Danger of Professional Services Supply Chains

How a cybersecurity incident at one of Wall Street's most prestigious law firms exposed the uncomfortable truth about third-party risk in the professional services sector Executive Summary On December 19, 2024, Goldman Sachs Group Inc. sent a letter that no financial institution wants to write: informing investors in

France Opens Intelligence Investigation After Pro-Russian Hackers Claim Responsibility for Christmas Postal Service Cyberattack

France's domestic intelligence agency has taken over the investigation into a massive cyberattack that crippled the country's national postal service during the critical Christmas delivery period, after pro-Russian hacktivist group NoName057(16) claimed responsibility for the coordinated campaign targeting French critical infrastructure. DGSI Takes Lead in

DOJ's Epstein Files: When "Redacted" Doesn't Mean Redacted – A Cybersecurity Disaster

The Department of Justice just demonstrated what happens when document security meets government incompetence. In one of the most anticipated document releases in recent memory, the DOJ's December 19th dump of Jeffrey Epstein investigation files contained a security flaw so fundamental it belongs in a first-week InfoSec 101

NHS GP Software Supplier DXS International Hit by DevMan Ransomware Attack

Breaking Analysis: 300GB Data Breach Affects Technology Provider for 2,000 UK GP Practices Executive Summary DXS International, a UK-based healthcare technology provider serving approximately 2,000 GP practices overseeing the care of 17 million patients, has disclosed a ransomware attack that compromised office servers and resulted in the alleged

Denmark Accuses Russia of Cyber-Attacks Targeting Critical Infrastructure and Elections

Danish intelligence reveals coordinated campaign by pro-Russian hacking groups in latest escalation of hybrid warfare tactics Executive Summary Denmark's Defence Intelligence Service (DDIS) publicly attributed two significant cyber-attacks to Russian state-connected actors on December 18, 2025, marking another escalation in Russia's hybrid warfare campaign against Western