← Cybersecurity Headlines
Cybersecurity Headlines
Coupang recovers laptop in river, Trust Wallet reports 2k+ wallets drained, Sax discloses 2024 data breach
00:06:46
Loading summary
Transcript3 lines
- [00:00]
A
From the CISO series it's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Tuesday, December 30, 2025. I'm Sarah Lane. Coupang Recovers laptop allegedly Thrown into River South Korean e commerce giant Coupang says it recovered a MacBook Air allegedly used by a former employee who leaked customer data after the device was weighted with bricks and thrown into a river in an apparent attempt to destroy evidence. Coupang says forensic analysis shows the employee accessed Data from about 33.7 million accounts and retained information from roughly 3,000 users with no evidence of data being sold. Coupang announced a 1.685 trillion won voucher compensation plan to during its investigation. Trust Wallet reports more than 2,000 wallets drained Trust Wallet says attackers drained about $7 million from 2,596 cryptocurrency wallets after compromising its Chrome browser extension on December 24. The malicious update exfiltrated wallet data and while the attacker accessed that many wallets, Trust Wallet says it's reimbursing affected users and investigating how a leaked Chrome Web Store API key may have allowed the rogue Release. Sachs discloses 2024 data breach US accounting firm Sachs says a cyber attack detected back In August of 2024 exposed personal data tied to around 228,876 people, but the company apparently didn't complete its investigation or begin notifications and until more than a year later. Stolen data may include names, dates of birth, Social Security numbers and government ID details. No ransomware group has claimed responsibility, but Saks is offering a year of credit monitoring Korean Air Shares Supplier Attack Korean Air disclosed a data breach after its in flight catering and Duty Free subsidiary Korean Air Catering and Duty Free or kcnd, which is was hacked, exposing personal data tied to around 30,000 airline employees. The airline says customer data was not affected and that the leaked information appears limited to employee names and account numbers stored on KCND's ERP system. The CLOP Ransomware Group has claimed responsibility for the KCND attack and says it has already leaked the stolen data. Huge thanks to our sponsor Threadlocker. Want real zero trust training? Zero Trust World 2026 delivers hand on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, plus a live CP CISO series episode on March 6th. Get 200 off with ZTW CISO 26@ztw.com Next Publica France find by CNIL France's data protection regulator CNIL Find software company Next public of France 1.7 million euros over cybersecurity failures that led to a data breach. Regulators said the company knew about security weaknesses before a November 2022 incident that let users access third party documents but didn't fix them until after the breach, which violates GDPR rules. CNIL said the fine reflects the sensitivity of the data, the number of people affected and Next Publica's lack of basic security safeguards. Criminals disconnect wired subscribers from their privacy an extortion group called Lovely has begun leaking subscriber data tied to Conde Nast after claiming the publisher ignored warnings about security flaws. The group published 2.3 million wired subscriber email addresses along with names, home addresses, phone numbers and and account metadata, and says it holds more than 40 million additional records across Conde Nast titles. Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced. AFLAC data breach affects millions Aflac said personal data tied to around 22.65 million people was stolen in a June cyber attack on its U.S. systems, including names, addresses, Social Security numbers, government IDs and medical and insurance information. The insurer said the intrusion was part of a broader campaign targeting the insurance industry, did not involve ransomware and has not yet led to known fraud, though affected customers, employees and agents are being offered two years of credit and identity protection. AFLAC Sorry, I had to Romanian energy provider hit by ransomware Romania's largest coal based energy producer, Oltenia Energy Complex, says a ransomware attack over Christmas disrupted its IT systems, encrypting files and knocking erp, email and document management services offline. The Though power generation was apparently not affected, the company is rebuilding systems from backups, assessing whether data was stolen and has reported the incident to national cyber and law enforcement authorities. The attack is attributed to the Gentleman Ransomware Group. If you have thoughts from the news from today or about our show in general, be sure to reach out to us@feedbacksoseries.com we'd really like to hear from you. I am Sarah Lane reporting for the CISO series. Hope you all had a great holiday and we'll talk to you tomorrow.
- [06:30]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.