Coupang Data Breach Exposes 33.7M Users; Google Patches Actively Exploited Android Zero-Days
Summary
This cybersecurity brief for December 1, 2025, covers several critical incidents. The most prominent is a massive data breach at South Korean e-commerce giant Coupang, affecting 33.7 million users due to an authentication vulnerability. Concurrently, Google released an urgent Android update patching 107 flaws, including two zero-days under active exploitation. Other major events include the release of a proof-of-concept for a critical zero-click Outlook RCE, ongoing supply chain attacks from the Shai-Hulud 2.0 worm, and new intelligence on APT groups like Tomiris and those targeting industrial sectors.
Today New Articles
Coupang Breach Exposes 33.7 Million Users in South Korea
South Korean e-commerce leader Coupang has admitted to a significant data breach exposing the personal information of 33.7 million customers, impacting over half of South Korea's population. The breach, which began in June 2025 and was detected in mid-November...
Urgent Android Update: Google Patches 107 Flaws, Two Zero-Days Under Active Attack
Google has issued its December 2025 Android security bulletin, patching a total of 107 vulnerabilities. The update is critical, as it addresses two high-severity zero-days, CVE-2025-48633 (Information Disclosure) and CVE-2025-48572 (Elevation of Privilege), wh...
APTs Exploit WinRAR Zero-Day to Target Industrial Sector in Q3 2025
Kaspersky's Q3 2025 threat report for industrial organizations highlights extensive exploitation of a WinRAR zero-day vulnerability, CVE-2025-8088. The flaw was used by multiple threat actors, including the RomCom cybercrime group and the Paper Werewolf (GOFFE...
FTC Slams EdTech Firm Illuminate Education Over Breach of 10M Students' Data
The U.S. Federal Trade Commission (FTC) has taken enforcement action against education technology provider Illuminate Education for a 2021 data breach that exposed the personal and health information of 10.1 million students. The FTC alleged the company failed...
Warning: Public PoC Exploit Released for Critical Zero-Click Outlook RCE Flaw
A proof-of-concept (PoC) exploit has been publicly released for CVE-2024-21413, a critical zero-click remote code execution (RCE) vulnerability in Microsoft Outlook nicknamed 'MonikerLink'. The flaw allows an attacker to execute arbitrary code on a victim's ma...
Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site
The Qilin ransomware group, a prominent ransomware-as-a-service (RaaS) operation, has listed business services company 'B Dynamic' as its latest victim on its dark web data leak site. The December 1, 2025, posting indicates that the company has suffered a netw...
Mystery Breach: Major Tech Firm Exposes Millions of Users' Data
A major, but currently unnamed, technology company has reportedly suffered a massive data breach, exposing the personal data of millions of users worldwide. The breach was detected on November 24, 2025, after unusual activity was observed on the company's serv...