Coupang Data Breach Exposes 33.7M Users; Google Patches Actively Exploited Android Zero-Days

South Korean E-Commerce Giant Coupang Discloses Massive Data Breach Affecting Over Half the Nation's Population

South Korean e-commerce leader Coupang has admitted to a significant data breach exposing the personal information of 33.7 million customers, impacting over half of South Korea's population. The breach, which began in June 2025 and was detected in mid-November, stemmed from authentication vulnerabilities and the potential misuse of an ex-employee's still-active authentication key. Exposed data includes names, emails, phone numbers, and addresses. Coupang has reset user passwords and is working with authorities, including the Korea Internet & Security Agency (KISA), on the investigation.

Data BreachE-commerceAuthenticationAccess ControlInsider Threat +2 more

6 min read

Coupang Breach Exposes 33.7 Million Users in South Korea

Urgent Android Update: Google Patches 107 Flaws, Two Zero-Days Under Active Attack

CRITICAL

Google Releases December 2025 Android Security Update, Addressing Two Actively Exploited Zero-Day Vulnerabilities

Google has issued its December 2025 Android security bulletin, patching a total of 107 vulnerabilities. The update is critical, as it addresses two high-severity zero-days, CVE-2025-48633 (Information Disclosure) and CVE-2025-48572 (Elevation of Privilege), which are under limited, targeted exploitation in the wild. The patch also fixes a critical remote denial-of-service (DoS) flaw, CVE-2025-48631, in the Android Framework. The update covers vulnerabilities in components from Qualcomm, Arm, MediaTek, and others, affecting Android versions 13 through 16. Users are urged to install the update as soon as it becomes available for their devices.

AndroidZero-DayVulnerabilityPatch ManagementMobile Security +3 more

Urgent Android Update: Google Patches 107 Flaws, Two Zero-Days Under Active Attack

APTs Exploit WinRAR Zero-Day to Target Industrial Sector in Q3 2025

Kaspersky Report: WinRAR Zero-Day (CVE-2025-8088) Exploited by RomCom and Paper Werewolf APTs in Attacks on Industrial Organizations

Kaspersky's Q3 2025 threat report for industrial organizations highlights extensive exploitation of a WinRAR zero-day vulnerability, CVE-2025-8088. The flaw was used by multiple threat actors, including the RomCom cybercrime group and the Paper Werewolf (GOFFEE) APT, to deploy backdoors like SnipBot and the Mythic agent against industrial targets. The report also details other significant cyber-espionage campaigns, such as PhantomCore's attacks on Russian critical infrastructure and Cavalry Werewolf's phishing operations against energy and manufacturing sectors, underscoring the persistent threat to industrial control systems (ICS).

APTThreat IntelligenceICSOTWinRAR +4 more

6 min read

APTs Exploit WinRAR Zero-Day to Target Industrial Sector in Q3 2025

FTC Slams EdTech Firm Illuminate Education Over Breach of 10M Students' Data

Illuminate Education Faces FTC Penalties for Security Failures Leading to Breach of 10.1 Million Students' Personal and Health Data

The U.S. Federal Trade Commission (FTC) has taken enforcement action against education technology provider Illuminate Education for a 2021 data breach that exposed the personal and health information of 10.1 million students. The FTC alleged the company failed to implement reasonable security measures, citing the attacker's use of credentials from an employee who had left 3.5 years prior. Under the settlement, Illuminate must implement a comprehensive security program, delete non-essential student data, and undergo third-party assessments, highlighting severe consequences for failing to protect children's data.

FTCData BreachEdTechStudent PrivacyCOPPA +2 more

FTC Slams EdTech Firm Illuminate Education Over Breach of 10M Students' Data

Warning: Public PoC Exploit Released for Critical Zero-Click Outlook RCE Flaw

CRITICAL

Public Proof-of-Concept Exploit for Critical 'MonikerLink' Zero-Click RCE Vulnerability in Microsoft Outlook (CVE-2024-21413) Released

A proof-of-concept (PoC) exploit has been publicly released for CVE-2024-21413, a critical zero-click remote code execution (RCE) vulnerability in Microsoft Outlook nicknamed 'MonikerLink'. The flaw allows an attacker to execute arbitrary code on a victim's machine simply by sending a malicious email, with no user interaction required. The release of the PoC dramatically increases the risk of widespread exploitation. All organizations using affected versions of Outlook are urged to apply the security patches released by Microsoft immediately to prevent compromise.

VulnerabilityRCEZero-ClickMicrosoftOutlook +3 more

Warning: Public PoC Exploit Released for Critical Zero-Click Outlook RCE Flaw

Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site

Qilin Ransomware Group Claims B Dynamic as New Victim in Ongoing Double-Extortion Campaign

The Qilin ransomware group, a prominent ransomware-as-a-service (RaaS) operation, has listed business services company 'B Dynamic' as its latest victim on its dark web data leak site. The December 1, 2025, posting indicates that the company has suffered a network compromise and data exfiltration. By publicizing the breach, the Qilin group is employing its standard double-extortion tactic to pressure the victim into paying a ransom to prevent the public release of stolen data. This incident highlights the persistent threat from established ransomware gangs.

RansomwareQilinRaaSDouble ExtortionDark Web

Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site

Mystery Breach: Major Tech Firm Exposes Millions of Users' Data

CRITICAL

Major Unnamed Technology Company Suffers Massive Data Breach Exposing Millions of Users Globally

A major, but currently unnamed, technology company has reportedly suffered a massive data breach, exposing the personal data of millions of users worldwide. The breach was detected on November 24, 2025, after unusual activity was observed on the company's servers, stemming from an unspecified vulnerability. The company has reportedly shut down the compromised servers, notified authorities, and begun alerting users. This incident is being described as one of the largest in recent years, placing millions at risk of identity theft and phishing attacks.