Here is the most recent Cybersecurity news for the past week:
🏥 Aflac Notifies 22 Million Individuals of Data Breach
Insurance giant Aflac has begun notifying over 22 million people that their personal information was compromised following a cyberattack initially detected in June. While the company contained the incident earlier this year, the investigation recently concluded that sensitive data—including names, Social Security numbers, and medical insurance details—was accessed, prompting this week’s massive notification effort.
https://www.securityweek.com/22-million-affected-by-aflac-data-breach
📰 Hacker Leaks 2.3 Million Wired Subscriber Records
A threat actor known as “Lovely” has leaked a database containing 2.3 million records belonging to subscribers of the technology magazine Wired. The leaked data includes names, emails, and physical addresses, with the hacker threatening to release an additional 40 million records from Wired’s parent company, Condé Nast, if their security grievances are not addressed.
⚙️ Critical Vulnerability Found in n8n Automation Platform
A critical security flaw (CVE-2025-68613) with a near-maximum severity score of 9.9 has been disclosed in the popular workflow automation tool n8n. The vulnerability allows authenticated attackers to execute arbitrary code on affected instances, potentially leading to full system compromise. Users are urged to update to version 1.120.4 or later immediately.
https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
🐼 Mustang Panda APT Deploys New Kernel-Mode Rootkit
The Chinese state-sponsored espionage group Mustang Panda has been observed using a previously undocumented kernel-mode rootkit to deliver the “TONESHELL” backdoor. This sophisticated technique allows the attackers to bypass security controls and maintain persistent access on compromised government and NGO networks in Southeast Asia.
https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html
💸 Lynx Ransomware Claims Breach of CSA Tax & Advisory
The Lynx ransomware group has claimed responsibility for a cyberattack on the accounting firm CSA Tax & Advisory, allegedly stealing sensitive corporate and client tax data. Security researchers note that Lynx is a rapidly growing “Ransomware-as-a-Service” operation that has already impacted nearly 300 organizations since emerging mid-year.
https://www.scworld.com/brief/csa-tax-advisory-hack-claimed-by-lynx-ransomware
