FISA

  South Korea's largest online retailer, Coupang, has apologised for a massive data breach potentially involving nearly 34 million local customer accounts. The country's internet authority said that it is investigating the breach and that details from the millions of accounts have likely been exposed. The e-commerce platform is often described as South Korea's equivalent of Amazon.com. The breach marks the latest in a series of data leaks at major firms in the country, including its telecommunications giant, SK Telecom. Coupang told the BBC it became aware of the unauthorised access of personal data of about 4,500 customer accounts on 18 November and immediately reported it to the authorities. But later checks found that some 33.7 million customer accounts - all in South Korea - were likely exposed, said Coupang, adding that the breach is believed to have begun as early as June   through a server based overseas. The exposed data is limited to name, email address, phone numb...

  Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. Ukraine's CERT says in a report that the attacks were likely launched by the Russian threat group known as 'Void Blizzard' and 'Laundry Bear', although there is medium confidence in attribution. Laundry Bear is the same threat group responsible for breaching the Dutch police's internal systems in 2024 and stealing sensitive information about officers. The hackers are known for focusing on NATO member states in attacks aligned with Russian interests that steal files and emails. The attacks observed by CERT-UA begin with instant messages over Signal or WhatsApp telling recipients to visit a website allegedly operated by a charitable foundation, and download a password-protected archive supposedly containing documents of interest. Instead, the archives contain executable PIF files (.docx.pif...

  Millions of Instagram users panicked over sudden password reset emails and claims that 17.5 million user data records had been stolen, while Meta denied any breach allegations. Millions of Instagram users received emails urging them to reset passwords. Many instantly linked the requests to the reported Instagram data breach by Malwarebytes last week. The claims originated from a post on the notorious hacker forum Breach Forums, which advertised a dump titled “INSTAGRAM.COM 17M GLOBAL USERS – 2024 API LEAK.” The seller claimed the dataset contained data on 17.5 million Instagram users, packaged in JSON and TXT files. According to the post, the stolen data included full names, email addresses, phone numbers, and partial location data. However, on Saturday, Meta issued a denial, explaining that the reset emails are related to an issue with a third-party service that allowed users to generate password reset emails. The company claimed that it had fixed the problem, but denied that th...

  The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed  RustyWater . "The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular post-compromise capability expansion," CloudSEK resetter Prajwal Awasthi said in a report published this week. The latest development reflects continued evolution of MuddyWater's tradecraft, which has gradually-but-steadily reduced its reliance on legitimate remote access software as a post-exploitation tool in favor of a diverse custom malware arsenal comprising tools like Phoenix, UDPGangster, BugSleep (aka MuddyRot), and MuddyViper. Also tracked as Mango Sandstorm, Static Kitten, and TA450, the hacking group is assessed to be affiliated with I...

  Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Silent Push said in a report published today. Digital skimming attacks refer to a category of client-side attacks in which bad actors compromise legitimate e-commerce sites and payment portals to inject malicious JavaScript code that's capable of stealthily harvesting credit card information and other personal information when unsuspecting users attempt to make a payment on checkout pages. These attacks are classified under an umbrella term called Magecart, which initially referred to a coalition of cybercriminal groups that targeted e-commerce sites using the Magento software, before diversifying to other products and plat...