A recent cyberattack on South Korea's largest cryptocurrency exchange, Upbit, resulted in the theft of $30 million. The attack is attributed to North Korea's Lazarus Group.

Google's December security update for Android addresses 107 vulnerabilities, including two high-severity zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572. This update marks the second-highest number of vulnerabilities patched this year.

A vulnerability in Revive Adserver, identified as CVE-2025-55129, has been reported. This vulnerability involves an incomplete list of disallowed inputs, allowing for potential impersonation attacks.

Law enforcement agencies in Switzerland and Germany have successfully dismantled the Cryptomixer cryptocurrency mixing service. This operation, known as "Operation Olympia," resulted in the seizure of €24 million in Bitcoin.

Coupang, a leading South Korean e-commerce platform, has experienced a massive data breach affecting nearly 34 million customers. This incident is one of the largest cybersecurity breaches in South Korea in recent years.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability, CVE-2021-26829, in OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog.

British telco Brsk has confirmed a data breach involving unauthorized access to its customer database, affecting over 230,000 records. The stolen data includes customer names, email and home addresses, phone numbers, and installation details.

The "Contagious Interview" campaign, linked to North Korean threat actors, has expanded with the addition of 197 new malicious npm packages. This campaign targets software developers in the crypto and Web3 sectors.

PostHog experienced a major security incident involving the Shai-Hulud 2.0 npm worm, which compromised its JavaScript SDKs: posthog-node, posthog-js, and posthog-react-native.

A researcher spotted 17,430 verified live secrets in public GitLab repositories, with a secret density 35% higher than in Bitbucket. These secrets include API keys, passwords, and tokens, posing significant security risks to affected organizations.