The Lazarus Group, a North Korean APT, has launched a sophisticated campaign using malicious npm and PyPI packages. This operation, known as 'graphalgo', targets developers through fake recruitment schemes.

Canada Goose is investigating a data leak involving over 600,000 customer records, allegedly stolen by the data extortion group ShinyHunters. The company has stated that there is no evidence of a breach in their systems.

The Muddled Libra group, also known as Scattered Spider, executed a sophisticated attack using a rogue virtual machine within a VMware vSphere environment. This attack exposed critical tactics, techniques, and procedures (TTPs) used by the group.

A malicious campaign involving 30 Chrome extensions, known as AiFrame, has been identified, affecting over 300,000 users. These extensions masquerade as AI assistants to steal credentials, email content, and browsing information.

World Leaks, a notorious cyber-criminal group, has enhanced its attack arsenal with a new malware named 'RustyRocket'. This sophisticated toolset is a critical component of World Leaks' operations.

Odido, a major telecommunications provider in the Netherlands, has experienced a significant data breach affecting 6.2 million customers. The breach exposed various personal data.

The Qilin ransomware gang exfiltrated nearly 1TB of sensitive data from Conpet S.A., including financial records, passport scans, and personal information such as names, postal addresses, personal identification numbers, and bank account numbers.

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2024-43468, CVE-2025-15556, CVE-2025-40536, and CVE-2026-20700. These vulnerabilities are actively exploited and pose significant risks to organizations.

CISA has released two new ICS advisories on December 30, 2025. These advisories address vulnerabilities in WHILL C2 Wheelchairs and AzeoTech DAQFactory, providing critical information on current security issues and exploits.

Apple has addressed a zero-day vulnerability, CVE-2026-20700, in its Dynamic Link Editor (dyld), which was exploited in highly sophisticated attacks targeting specific individuals. This marks the first zero-day fix in 2026.