Daily Digest

Romanian Water Authority Crippled by Ransomware, Apple Patches Exploited Zero-Days, and Nissan Discloses Third-Party Breach

Romanian Water Authority Crippled by Ransomware, Apple Patches Exploited Zero-Days, and Nissan Discloses Third-Party Breach

December 22, 2025
7 articles (6 new, 1 updated)
21 min read

Summary

In the 24-hour period ending December 22, 2025, the cybersecurity landscape was dominated by a significant ransomware attack on Romania's national water authority, which disrupted IT systems but spared critical water operations. Concurrently, Apple issued emergency patches for two actively exploited zero-day vulnerabilities in its WebKit engine. Major data breach disclosures also made headlines, with Nissan revealing a third-party breach affecting 21,000 customers, the University of Phoenix confirming a Clop ransomware incident impacting 3.5 million individuals, and AllerVie Health notifying patients of an attack by the Anubis ransomware group. These events highlight ongoing threats to critical infrastructure, the persistent danger of zero-day exploits, and the expanding attack surface through supply chains.

Filter by Category

New Articles (6)

Romanian Water Authority Crippled by Ransomware, 1,000 Systems Encrypted with BitLocker

HIGH

Romanian National Water Authority Hit by Ransomware Attack, Critical Infrastructure Operations Unaffected

On December 20, 2025, Romania's national water authority, Administrația Națională Apele Române, was targeted in a significant ransomware attack. The incident compromised approximately 1,000 IT systems across its headquarters and 10 of 11 regional offices. Attackers employed a "living off the land" technique, weaponizing the native Windows BitLocker tool to encrypt systems instead of deploying custom ransomware. While IT services such as email, web servers, and GIS applications were disrupted, the agency confirmed that its Operational Technology (OT) networks controlling physical water infrastructure were not impacted, preventing a disruption to public water services. The Romanian National Cyber Security Directorate (DNSC) is investigating the incident and has reiterated its policy of not negotiating with attackers.

December 22, 2025
6 min read
RansomwareLiving off the LandBitLockerCritical InfrastructureIT/OT Security +1 more
Romanian Water Authority Crippled by Ransomware, 1,000 Systems Encrypted with BitLocker
Cyberattack
Ransomware
Industrial Control Systems

Nissan Breach Exposes 21,000 Customers After Third-Party Red Hat Server Compromise

HIGH

Nissan Discloses Data Breach Affecting 21,000 Customers Following Security Incident at Third-Party Vendor Red Hat

Nissan Motor Co. announced on December 22, 2025, a data breach affecting approximately 21,000 customers. The incident was a result of a supply chain attack, originating from the compromise of a Red Hat-managed GitLab server. This server was used by a third-party contractor developing a customer management system for a Nissan dealership. Red Hat detected the initial unauthorized access on September 26, 2025, and notified Nissan on October 3. The exposed data includes customer names, addresses, phone numbers, and partial email addresses. The extortion group ShinyHunters and a group called 'Crimson Collective' have been linked to the initial attack on Red Hat's infrastructure.

December 22, 2025
5 min read
Data BreachSupply Chain AttackShinyHuntersCrimson CollectiveGitLab +1 more
Nissan Breach Exposes 21,000 Customers After Third-Party Red Hat Server Compromise
Data Breach
Supply Chain Attack
Threat Actor

Anubis Ransomware Hits AllerVie Health, Exposing Patient SSNs and Driver's Licenses

HIGH

AllerVie Health Notifies Patients of Data Breach After Anubis Ransomware Group Attack

AllerVie Health, a Texas-based healthcare provider, began notifying patients on December 22, 2025, of a ransomware attack that exposed highly sensitive personal information. The company detected the intrusion on November 2, 2025, with forensic analysis revealing unauthorized access occurred between October 24 and November 3. The exposed data includes patient names, Social Security numbers, and driver's license numbers. The attack has been linked to the Anubis ransomware group, which allegedly claimed to have stolen data from over 30,000 patients on its dark web leak site. AllerVie is offering complimentary credit monitoring services to affected individuals.

December 22, 2025
6 min read
RansomwareAnubisData BreachHealthcareHIPAA +1 more
Anubis Ransomware Hits AllerVie Health, Exposing Patient SSNs and Driver's Licenses
Ransomware
Data Breach
Threat Actor

New WhatsApp Hijack Method Bypasses 2FA via SIM Swapping Attacks

HIGH

Security Researchers Warn of SIM Swapping Technique Used by APT37 to Hijack WhatsApp Accounts

On December 21, 2025, security researchers highlighted a growing attack method used to hijack WhatsApp accounts that bypasses traditional authentication measures. The technique relies on SIM swapping, where attackers use social engineering to convince a victim's mobile carrier to transfer their phone number to a SIM card controlled by the attacker. Once they control the number, they can install WhatsApp and receive the SMS verification code to take over the account, locking the legitimate user out. This method circumvents the need to crack passwords or bypass on-device security. The North Korea-linked threat group APT37 has reportedly been observed using this technique.

December 22, 2025
5 min read
SIM SwappingWhatsAppAccount TakeoverSocial EngineeringAPT37 +1 more
New WhatsApp Hijack Method Bypasses 2FA via SIM Swapping Attacks
Phishing
Threat Actor
Mobile Security

Data Breaches Trigger Securities Lawsuits Against Tech Companies

INFORMATIONAL

Two Technology Companies Hit with Securities Class-Action Lawsuits Over Alleged Failure to Disclose Cyber Risks

A report on December 21, 2025, revealed a growing legal trend where companies face securities class-action lawsuits following data breaches. Two unnamed technology companies are now facing such litigation from investors. The lawsuits allege that the companies made misleading statements or failed to disclose known cybersecurity weaknesses in their public filings, which artificially inflated their stock prices. When the data breaches were eventually announced, the subsequent drop in stock value caused financial harm to investors, who are now suing to recover their losses. This highlights the increasing pressure from regulators and shareholders for transparent and accurate cybersecurity risk disclosures.

December 22, 2025
4 min read
Securities LawsuitClass ActionData BreachComplianceSEC +1 more
Data Breaches Trigger Securities Lawsuits Against Tech Companies
Policy and Compliance
Regulatory
Data Breach

CEO of Chinese Cybersecurity Firm Cnzxsoft Hit with Spending Ban Amid Debt Crisis

INFORMATIONAL

Chinese Cybersecurity Firm Cnzxsoft and CEO Face Court Sanctions Over Severe Debt Issues

On December 22, 2025, veteran Chinese cybersecurity firm Cnzxsoft (Zhongxin Network Information Security Co., Ltd.) was placed on a Beijing court's list of "dishonest judgment debtors" due to a severe liquidity crisis. As a result, the company's founder and CEO, Zhou Xiandong, was issued a Restricted Consumption Order, which bars him from high-cost personal spending such as luxury travel. Cnzxsoft, a firm with major state-owned clients like CCTV and China Mobile, is facing profound financial distress, highlighting systemic cash flow problems within China's IT sector, where long payment cycles from government contracts are common.

December 22, 2025
3 min read
ChinaBusiness RiskFinanceCybersecurity Industry
CEO of Chinese Cybersecurity Firm Cnzxsoft Hit with Spending Ban Amid Debt Crisis
Other
Policy and Compliance

Updated Articles (1)

2025: The Year Cybersecurity 'Crossed the AI Rubicon'

INFORMATIONAL

Analysis: 2025 Marks a Paradigm Shift as AI Redefines Cyberattacks and Defense

Update:

Purdue University has developed a new, challenging benchmark for evaluating deepfake detection models. This standard incorporates advanced generation techniques and subtle manipulations, simulating real-world conditions to push the industry towards more robust, enterprise-grade solutions. This initiative directly addresses the growing threat of hyper-realistic AI-generated deepfakes, providing a critical tool for improving AI-powered defenses against disinformation, fraud, and harassment, as previously highlighted in the article regarding the 'AI Rubicon' in cybersecurity.

December 14, 2025
Updated: December 22, 2025
4 min read
AIartificial intelligencegenerative AILLMthreat landscape +2 more
2025: The Year Cybersecurity 'Crossed the AI Rubicon'
Threat Intelligence
Other

📢 Share This Publication

Help others stay informed about cybersecurity threats