Daily Digest

Spotify Scraped, Nissan Breached, and UK Proposes New Cyber Laws

Spotify Scraped, Nissan Breached, and UK Proposes New Cyber Laws

December 23, 2025
6 articles (6 new)
18 min read

Summary

This cybersecurity brief for December 22-23, 2025, covers several major incidents. The hacktivist group Anna's Archive claimed a massive 300TB data scrape from Spotify, intending to release 86 million songs publicly. A supply chain attack on Red Hat led to a data breach at Nissan, exposing the personal information of 21,000 customers. In the US, Baker University disclosed a year-old breach affecting over 53,000 individuals, while the DoJ dismantled a $28 million bank fraud operation. In policy news, the UK introduced a new Cyber Security and Resilience Bill to modernize its laws. Other notable events include a new MacSync malware variant bypassing Apple's security and a ransomware attack on Romania's national water agency that used Microsoft's BitLocker.

Filter by Category

New Articles (6)

Anna's Archive Scrapes 300TB of Spotify Music Data in "Preservation" Effort

HIGH

Hacktivist Group 'Anna's Archive' Claims Massive Scrape of Spotify's Music Library for Public Release

The hacktivist and digital preservation group Anna's Archive has announced it scraped and archived nearly 300 TB of data from the music streaming giant Spotify. The trove includes metadata for 256 million tracks and audio for 86 million songs, which the group plans to release via torrents. Spotify clarified this was not a system breach but a large-scale violation of its terms of service by third-party accounts created to systematically exfiltrate content. The company confirmed that no private user data like passwords or payment details were compromised and that the abusive accounts have been disabled.

December 23, 2025
6 min read
data scrapinghacktivismcopyright infringementdigital rights managementDRM +2 more
Anna's Archive Scrapes 300TB of Spotify Music Data in "Preservation" Effort
Cyberattack
Data Breach
Threat Actor

Baker University Discloses Year-Old Breach Affecting Over 53,000 Individuals

CRITICAL

Baker University Notifies 53,624 Individuals of 2024 Data Breach Exposing SSNs, Health, and Financial Data

Baker University in Kansas has begun notifying 53,624 individuals about a severe data breach that occurred in December 2024. Attackers maintained access to the university's network for over two weeks, from December 2 to December 19, 2024. The compromised data is highly sensitive, including names, Social Security numbers, student IDs, financial account information, and private health data. The university detected the breach following a network outage but is only now, a full year later, informing the victims.

December 23, 2025
5 min read
university breachidentity theftsocial security numberhealth dataPII +2 more
Baker University Discloses Year-Old Breach Affecting Over 53,000 Individuals
Data Breach
Incident Response
Other

DoJ Dismantles $28M Bank Fraud Ring, Seizes Phishing Database

HIGH

U.S. Department of Justice Seizes Database in Takedown of $28 Million Bank Account Takeover Scheme

The U.S. Department of Justice has seized the domain `web3adspanels.org` and its associated backend database, which were central to a massive bank account takeover fraud operation. The criminal scheme used phishing websites to impersonate financial institutions and harvest victim credentials, leading to attempted losses of approximately $28 million and actual losses of $14.6 million. The action follows an FBI warning about this type of fraud and was coordinated with law enforcement in Estonia and Georgia.

December 23, 2025
4 min read
account takeoverATOphishinglaw enforcementDOJ +1 more
DoJ Dismantles $28M Bank Fraud Ring, Seizes Phishing Database
Cyberattack
Phishing
Incident Response

New MacSync Malware Dropper Bypasses macOS Gatekeeper with Apple Notarization

HIGH

New MacSync Info-Stealer Variant Evades macOS Gatekeeper Using Notarized Installer

A new campaign is distributing the MacSync information-stealing malware using a dropper that successfully bypasses Apple's macOS Gatekeeper security feature. The malicious installer is packaged as a disk image for a fake messaging app, and crucially, has been both digitally signed and notarized by Apple. This abuse of Apple's own security vetting process allows the malware to appear as a trusted application, tricking users into running it and compromising their systems to exfiltrate sensitive information.

December 23, 2025
4 min read
macOS malwareGatekeepernotarizationcode signinginfo-stealer +2 more
New MacSync Malware Dropper Bypasses macOS Gatekeeper with Apple Notarization
Malware
Cyberattack
Mobile Security

Kazakhstan Issues New National Cybersecurity Guidelines Amid Rising Public Awareness

INFORMATIONAL

Kazakhstan's Ministry of Digital Development Releases Updated Cybersecurity Recommendations

On December 23, 2025, Kazakhstan's Ministry of Digital Development, Innovation and Aerospace Industry (MAIDD) published updated national recommendations for cybersecurity and personal data protection. This initiative aims to strengthen the country's digital defenses and comes as a recent study reveals that public awareness of cyber threats has surged to 86% in 2025, up from 62.9% in 2018. The new guidelines emphasize key practices like encryption and the use of antivirus software.

December 23, 2025
3 min read
Kazakhstannational securitycyber hygienedata protectionpublic awareness +1 more
Kazakhstan Issues New National Cybersecurity Guidelines Amid Rising Public Awareness
Policy and Compliance
Regulatory

Major Blow to African Cybercrime: 574 Arrested, $3M Seized in International Takedown

HIGH

International Operation Dismantles Cybercrime Rings in Africa, Leading to 574 Arrests

A large-scale, coordinated international law enforcement operation has dismantled several major cybercrime networks operating across West and Central Africa. The crackdown resulted in the arrest of 574 individuals and the seizure of approximately $3 million. The operation targeted criminal syndicates involved in a range of illicit activities, including Business Email Compromise (BEC) scams, ransomware attacks, and other forms of online fraud. Arrests were made in Senegal, Ghana, Benin, and Cameroon.

December 23, 2025
4 min read
BECbusiness email compromiseransomwarelaw enforcementtakedown +2 more
Major Blow to African Cybercrime: 574 Arrested, $3M Seized in International Takedown
Threat Actor
Incident Response
Phishing

📢 Share This Publication

Help others stay informed about cybersecurity threats