SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped below the radar.
We offer a beneficial abstract of tales that won’t warrant a complete article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault strategies to vital coverage modifications and trade studies.
Listed below are this week’s tales:
Organizations seeing a whole lot of gen-AI knowledge coverage violations monthly
Netskope has revealed the 2026 version of its Cloud and Menace Report. The report exhibits that gen-AI apps are more and more utilized in organizations, however shadow AI stays a significant problem. Organizations are seeing, on common, 223 gen-AI knowledge coverage violation incidents (customers sending delicate knowledge to AI) monthly. Netskope additionally discovered that 60% of insider menace incidents contain private cloud apps. Commercial. Scroll to proceed studying.
Jaguar Land Rover gross sales crash after cyberattack
Jaguar Land Rover (JLR) reported a big drop in gross sales following the extremely disruptive cyberattack. Whereas the hacker assault precipitated disruptions to manufacturing, which solely returned to regular ranges by mid‑November, gross sales had been additionally hit as a result of different elements, together with US tariffs and the introduction of recent automobiles.
Spy ware firm founder pleads responsible
Bryan Fleming, founding father of the spyware and adware firm pcTattletale, has pleaded responsible in a US courtroom to prices associated to hacking and the sale of surveillance software program for illegal functions, TechCrunch reported. pcTattletale was shut down in 2024 after it was hacked, however authorities had already been investigating the corporate.
Illinois Division of Human Providers knowledge breach
The Illinois Division of Human Providers (IDHS) has disclosed a knowledge breach affecting a complete of 700,000 people. The incident is expounded to a mapping web site that was inadvertently made accessible to the general public. The positioning uncovered the data of 32,000 Division of Rehabilitation Providers (DRS) prospects, together with title, handle, case quantity and standing, referral supply data, and area knowledge. As well as, it uncovered the data of roughly 672,000 Medicaid and Medicare Financial savings Program recipients, together with handle, case quantity, demographic data, and medical help plans. The recipients’ names weren’t uncovered. It’s unclear if anybody accessed the data in the course of the time it was uncovered, between 2021/2022 and 2025.
Suspect arrested for utilizing knowledge stolen in 2019 Desjardins hack
A person wished for allegedly utilizing knowledge stolen in a 2019 hacker assault from Canada’s Desjardins credit score union has been arrested in Spain. The suspect, 40-year-old Juan Pablo Serrano, is predicted to be extradited to Canada, the place he’s accused of shopping for knowledge stolen from Desjardins and utilizing it to commit fraud. Whereas Serrano doesn’t seem to have been concerned within the precise Desjardins hack, authorities did arrest a number of suspects believed to have performed a job within the scheme, together with an insider.
Taiwan says Chinese language cyberattacks intensified
The federal government of Taiwan has revealed a report describing the cyber menace posed by China to its vital infrastructure in 2025. The report says Chinese language state-sponsored menace actors performed 2.6 million intrusion makes an attempt per day, a 6% enhance from the earlier 12 months. The power and emergency/healthcare sectors had been essentially the most focused, however assaults had been additionally aimed on the authorities, communications, transportation, water, finance, industrial, and meals sectors.
China hacked US Home committee emails
The Chinese language menace group often known as Salt Hurricane has hacked into e mail programs utilized by congressional workers on highly effective committees within the US Home of Representatives. The cyberspies focused staffers on committees specializing in China, overseas affairs, intelligence, and armed companies, FT reported (paywalled).
OwnCloud warning in response to credential theft
File sharing platform OwnCloud has issued a warning after safety agency Hudson Rock reported figuring out dozens of main knowledge breaches stemming from credentials stolen by infostealer malware. The assaults have been linked to a single menace actor and have focused a number of main file switch companies along with OwnCloud. The corporate is now urging prospects to allow multi-factor authentication to guard their accounts. OwnCloud famous that its programs haven’t been hacked.
Over 8,000 ransomware assaults reported in 2025
In response to Emsisoft’s ‘State of Ransomware within the US’ report for 2025, cybercrime teams claimed to have focused greater than 8,000 organizations, up from roughly 6,000 within the earlier 12 months. The variety of lively ransomware teams elevated by roughly 30% in comparison with 2024. Essentially the most lively teams had been Qiling, Akira, Cl0p, Play, and Safepay.
Associated: In Different Information: PromptPwnd Assault, macOS Bounty Complaints, Chinese language Hackers Skilled in Cisco Academy
Associated: In Different Information: Docker AI Assault, Google Sues Chinese language Cybercriminals, Coupang Hacked by Worker
