Cybersecurity remains a pressing concern as several high-profile data breaches and cyberattacks were reported in early December. Notably, OpenAI suffered a data breach linked to a compromise at third-party analytics provider Mixpanel, which exposed limited information about some of its ChatGPT API clients.
The leaked data includes names, email addresses, approximate locations, operating system details, browser information, referring websites, and organization or user IDs. Fortunately, no sensitive credentials or API keys were compromised in this incident.
Dartmouth College, a private Ivy League institution located in New Hampshire, also experienced a significant data breach. This breach involved the theft of personal information, including names, Social Security numbers, and financial details from its Oracle E-Business Suite servers. The Cl0p extortion gang exploited a zero-day vulnerability as part of a broader campaign that also targeted other institutions, including Harvard University and Envoy Air, with sensitive data now available on dark web and torrent sites.
Widespread Cyberattacks Affect Multiple Organizations
Crisis24, a leader in crisis and risk management, faced a cyberattack affecting its OnSolve CodeRED emergency alert platform. This incident disrupted notification systems nationwide and resulted in the theft of user data, which included names, addresses, email addresses, phone numbers, and clear-text passwords. The INC Ransomware gang claimed responsibility for this attack and has offered the stolen data for sale.
In another breach, SitusAMC, a major American investment advisory provider, confirmed that corporate data linked to client relationships had been compromised. This included accounting records, legal agreements, and potentially customer data. The breach affected an undisclosed number of clients, likely encompassing some of the largest banks and financial institutions in the United States, but details regarding the type and amount of data leaked have yet to be disclosed.
Additionally, the Russian postal operator, Donbas Post, encountered a cyberattack that severely disrupted its corporate network, web platform, and email systems. The attack resulted in the destruction of over 1,000 workstations and several terabytes of data, leading to the suspension of services at postal branches and call centers. The Ukrainian Cyber Alliance has claimed responsibility for this incident.
The French Football Federation (FFF) also reported a data breach that resulted in unauthorized access to administrative management software, leading to the theft of personal and contact information from members of French football clubs.
Emerging Threats and Vulnerabilities
The cybersecurity landscape continues to evolve, with new threats emerging regularly. A newly identified Mirai-based botnet, dubbed ShadowV2, has been exploiting multiple known vulnerabilities in Internet of Things (IoT) devices to launch distributed denial-of-service (DDoS) attacks. This botnet has taken advantage of command injection and other flaws in routers, network-attached storage devices, and digital video recorders across various sectors.
During a scan of 5.6 million public GitLab repositories, security researchers uncovered more than 17,000 exposed credentials, including API keys and passwords linked to over 2,800 domains. Many of these credentials, primarily associated with Google Cloud, MongoDB, Telegram, and OpenAI, remain active. While most were leaked after 2018, some valid keys date back to 2009.
A critical authentication bypass vulnerability (CVE-2025-59366) was also identified in ASUS routers, allowing remote attackers to exploit chained path traversal and OS command injection flaws without requiring user interaction. Successful exploitation could lead to attackers gaining control over vulnerable devices.
Check Point Research conducted an analysis of the Shai-Hulud 2.0 npm supply chain campaign, which compromised over 600 npm packages and 25,000 GitHub repositories. Malicious preinstall scripts have been reported to steal developer credentials and enable propagation across npm and GitHub.
As the digital landscape evolves, Check Point researchers expect to see significant cyber risks emerging by 2026, including advancements in artificial intelligence, quantum computing, and the development of Web 4.0. The organization identified twelve trends that include digital-twin environments, deepfake fraud, and ransomware targeting supply chains.
In response to these ongoing threats, Check Point Threat Emulation provides protection against various vulnerabilities and ransomware strains identified in recent reports. The importance of robust cybersecurity measures has never been more critical as organizations face an increasing array of cyber threats.