Top Security Breaches 2025-12-02

Auto-generated 2025-12-02T09:00:23.459346+00:00 (UTC)

1. Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist

   Source: The Hacker News | Published: 2025-11-26T14:31:00+00:00 | Score: 22.869
   

   South Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.
   “This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)

   Original: https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html

2. Retail giant Coupang data breach impacts 33.7 million customers

   Source: BleepingComputer | Published: 2025-12-01T16:29:35+00:00 | Score: 17.417

   South Korea’s largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. […]

   Original: https://www.bleepingcomputer.com/news/security/retail-giant-coupang-suffers-data-breach-impacting-337-million-people/

3. SmartTube YouTube app for Android TV breached to push malicious update

   Source: BleepingComputer | Published: 2025-12-01T18:56:18+00:00 | Score: 15.824

   The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer’s signing keys, leading to a malicious update being pushed to users. […]

   Original: https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/

4. Japanese beer giant Asahi says data breach hit 1.5 million people

   Source: BleepingComputer | Published: 2025-11-29T15:17:23+00:00 | Score: 13.67

   Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. […]

   Original: https://www.bleepingcomputer.com/news/security/japanese-beer-giant-asahi-says-data-breach-hit-15-million-people/

5. Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

   Source: The Hacker News | Published: 2025-11-25T16:49:00+00:00 | Score: 12.698
   

   New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code.
   Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of

   Original: https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html

6. ⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

   Source: The Hacker News | Published: 2025-12-01T12:47:00+00:00 | Score: 12.647
   

   Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us.
   One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and

   Original: https://thehackernews.com/2025/12/weekly-recap-hot-cves-npm-worm-returns.html

7. ⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

   Source: The Hacker News | Published: 2025-11-24T12:32:00+00:00 | Score: 12.344
   

   This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.
   Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI

   Original: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploit-chrome-0.html

8. Racial discrimination claim part of ‘deliberate campaign to discredit’ Mary Kostakidis, court documents allege

   Source: World news | The Guardian | Published: 2025-12-02T08:17:41+00:00 | Score: 12.293
   

   Former SBS newsreader defends sharing two X posts about a speech by the late Hezbollah leader as fair comment on a matter of public interest Get our breaking news email , free app or daily news podcast Racial discrimination proceedings brought by the head of the Zionist Federation of Australia were “part of a deliberate campaign to undermine and discredit” Mary Kostakidis, court documents claim. The former SBS newsreader has been accused by the ZFA of breaching the Racial Discrimination Act by sharing two X posts about a speech by the late Hezbollah secretary general Hassan Nasrallah in January 2024. Continue reading…

   Original: https://www.theguardian.com/media/2025/dec/02/mary-kostakidis-racial-discrimination-claim-court-documents-ntwnfb

End of report.