Spotify Scraped, Nissan Breached, and UK Proposes New Cyber Laws

Publication Date: December 23, 2025

Summary

This cybersecurity brief for December 22-23, 2025, covers several major incidents. The hacktivist group Anna's Archive claimed a massive 300TB data scrape from Spotify, intending to release 86 million songs publicly. A supply chain attack on Red Hat led to a data breach at Nissan, exposing the personal information of 21,000 customers. In the US, Baker University disclosed a year-old breach affecting over 53,000 individuals, while the DoJ dismantled a $28 million bank fraud operation. In policy news, the UK introduced a new Cyber Security and Resilience Bill to modernize its laws. Other notable events include a new MacSync malware variant bypassing Apple's security and a ransomware attack on Romania's national water agency that used Microsoft's BitLocker.

Today New Articles

Anna's Archive Scrapes 300TB of Spotify Music Data in "Preservation" Effort

The hacktivist and digital preservation group Anna's Archive has announced it scraped and archived nearly 300 TB of data from the music streaming giant Spotify. The trove includes metadata for 256 million tracks and audio for 86 million songs, which the group...

Baker University Discloses Year-Old Breach Affecting Over 53,000 Individuals

Baker University in Kansas has begun notifying 53,624 individuals about a severe data breach that occurred in December 2024. Attackers maintained access to the university's network for over two weeks, from December 2 to December 19, 2024. The compromised data...

DoJ Dismantles $28M Bank Fraud Ring, Seizes Phishing Database

The U.S. Department of Justice has seized the domain `web3adspanels.org` and its associated backend database, which were central to a massive bank account takeover fraud operation. The criminal scheme used phishing websites to impersonate financial institution...

New MacSync Malware Dropper Bypasses macOS Gatekeeper with Apple Notarization

A new campaign is distributing the MacSync information-stealing malware using a dropper that successfully bypasses Apple's macOS Gatekeeper security feature. The malicious installer is packaged as a disk image for a fake messaging app, and crucially, has been...

Kazakhstan Issues New National Cybersecurity Guidelines Amid Rising Public Awareness

On December 23, 2025, Kazakhstan's Ministry of Digital Development, Innovation and Aerospace Industry (MAIDD) published updated national recommendations for cybersecurity and personal data protection. This initiative aims to strengthen the country's digital de...

Major Blow to African Cybercrime: 574 Arrested, $3M Seized in International Takedown

A large-scale, coordinated international law enforcement operation has dismantled several major cybercrime networks operating across West and Central Africa. The crackdown resulted in the arrest of 574 individuals and the seizure of approximately $3 million. T...