Romanian Water Authority Crippled by Ransomware, Apple Patches Exploited Zero-Days, and Nissan Discloses Third-Party Breach

Publication Date: December 22, 2025

Summary

In the 24-hour period ending December 22, 2025, the cybersecurity landscape was dominated by a significant ransomware attack on Romania's national water authority, which disrupted IT systems but spared critical water operations. Concurrently, Apple issued emergency patches for two actively exploited zero-day vulnerabilities in its WebKit engine. Major data breach disclosures also made headlines, with Nissan revealing a third-party breach affecting 21,000 customers, the University of Phoenix confirming a Clop ransomware incident impacting 3.5 million individuals, and AllerVie Health notifying patients of an attack by the Anubis ransomware group. These events highlight ongoing threats to critical infrastructure, the persistent danger of zero-day exploits, and the expanding attack surface through supply chains.

Today New Articles

Romanian Water Authority Crippled by Ransomware, 1,000 Systems Encrypted with BitLocker

On December 20, 2025, Romania's national water authority, Administrația Națională Apele Române, was targeted in a significant ransomware attack. The incident compromised approximately 1,000 IT systems across its headquarters and 10 of 11 regional offices. Atta...

Nissan Breach Exposes 21,000 Customers After Third-Party Red Hat Server Compromise

Nissan Motor Co. announced on December 22, 2025, a data breach affecting approximately 21,000 customers. The incident was a result of a supply chain attack, originating from the compromise of a Red Hat-managed GitLab server. This server was used by a third-par...

Anubis Ransomware Hits AllerVie Health, Exposing Patient SSNs and Driver's Licenses

AllerVie Health, a Texas-based healthcare provider, began notifying patients on December 22, 2025, of a ransomware attack that exposed highly sensitive personal information. The company detected the intrusion on November 2, 2025, with forensic analysis reveali...

New WhatsApp Hijack Method Bypasses 2FA via SIM Swapping Attacks

On December 21, 2025, security researchers highlighted a growing attack method used to hijack WhatsApp accounts that bypasses traditional authentication measures. The technique relies on SIM swapping, where attackers use social engineering to convince a victim...

Data Breaches Trigger Securities Lawsuits Against Tech Companies

A report on December 21, 2025, revealed a growing legal trend where companies face securities class-action lawsuits following data breaches. Two unnamed technology companies are now facing such litigation from investors. The lawsuits allege that the companies...

CEO of Chinese Cybersecurity Firm Cnzxsoft Hit with Spending Ban Amid Debt Crisis

On December 22, 2025, veteran Chinese cybersecurity firm Cnzxsoft (Zhongxin Network Information Security Co., Ltd.) was placed on a Beijing court's list of "dishonest judgment debtors" due to a severe liquidity crisis. As a result, the company's founder and CE...

Article Updates

2025: The Year Cybersecurity 'Crossed the AI Rubicon'

Update:Purdue University has developed a new, challenging benchmark for evaluating deepfake detection models. This standard incorporates advanced generation techniques and subtle manipulations, simulating real-world conditions to push the industry towards more robust...