SecurityWeek’s cybersecurity information roundup gives a concise compilation of noteworthy tales that may have slipped underneath the radar.
We offer a helpful abstract of tales that will not warrant a complete article, however are nonetheless vital for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault strategies to vital coverage adjustments and trade reviews.
Listed here are this week’s tales:
Organizations seeing a whole bunch of gen-AI knowledge coverage violations per thirty days
Netskope has printed the 2026 version of its Cloud and Menace Report. The report reveals that gen-AI apps are more and more utilized in organizations, however shadow AI stays a significant problem. Organizations are seeing, on common, 223 gen-AI knowledge coverage violation incidents (customers sending delicate knowledge to AI) per thirty days. Netskope additionally discovered that 60% of insider menace incidents contain private cloud apps.
Jaguar Land Rover gross sales crash after cyberattack
Jaguar Land Rover (JLR) reported a big drop in gross sales following the extremely disruptive cyberattack. Whereas the hacker assault induced disruptions to manufacturing, which solely returned to regular ranges by mid‑November, gross sales had been additionally hit as a result of different elements, together with US tariffs and the introduction of latest automobiles.
Adware firm founder pleads responsible
Bryan Fleming, founding father of the adware firm pcTattletale, has pleaded responsible in a US court docket to prices associated to hacking and the sale of surveillance software program for illegal functions, TechCrunch reported. pcTattletale was shut down in 2024 after it was hacked, however authorities had already been investigating the corporate.
Illinois Division of Human Companies knowledge breach
The Illinois Division of Human Companies (IDHS) has disclosed a knowledge breach affecting a complete of 700,000 people. The incident is said to a mapping web site that was inadvertently made accessible to the general public. The location uncovered the knowledge of 32,000 Division of Rehabilitation Companies (DRS) clients, together with title, tackle, case quantity and standing, referral supply info, and area knowledge. As well as, it uncovered the knowledge of roughly 672,000 Medicaid and Medicare Financial savings Program recipients, together with tackle, case quantity, demographic info, and medical help plans. The recipients’ names weren’t uncovered. It’s unclear if anybody accessed the knowledge through the time it was uncovered, between 2021/2022 and 2025.
Suspect arrested for utilizing knowledge stolen in 2019 Desjardins hack
A person wished for allegedly utilizing knowledge stolen in a 2019 hacker assault from Canada’s Desjardins credit score union has been arrested in Spain. The suspect, 40-year-old Juan Pablo Serrano, is anticipated to be extradited to Canada, the place he’s accused of shopping for knowledge stolen from Desjardins and utilizing it to commit fraud. Whereas Serrano doesn’t seem to have been concerned within the precise Desjardins hack, authorities did arrest a number of suspects believed to have performed a task within the scheme, together with an insider.
Taiwan says Chinese language cyberattacks intensified
The federal government of Taiwan has printed a report describing the cyber menace posed by China to its vital infrastructure in 2025. The report says Chinese language state-sponsored menace actors carried out 2.6 million intrusion makes an attempt per day, a 6% enhance from the earlier yr. The power and emergency/healthcare sectors had been essentially the most focused, however assaults had been additionally aimed on the authorities, communications, transportation, water, finance, industrial, and meals sectors.
China hacked US Home committee emails
The Chinese language menace group referred to as Salt Hurricane has hacked into e mail programs utilized by congressional workers on highly effective committees within the US Home of Representatives. The cyberspies focused staffers on committees specializing in China, international affairs, intelligence, and armed companies, FT reported (paywalled).
OwnCloud warning in response to credential theft
File sharing platform OwnCloud has issued a warning after safety agency Hudson Rock reported figuring out dozens of main knowledge breaches stemming from credentials stolen by infostealer malware. The assaults have been linked to a single menace actor and have focused a number of main file switch companies along with OwnCloud. The corporate is now urging clients to allow multi-factor authentication to guard their accounts. OwnCloud famous that its programs haven’t been hacked.
Over 8,000 ransomware assaults reported in 2025
Based on Emsisoft’s ‘State of Ransomware within the US’ report for 2025, cybercrime teams claimed to have focused greater than 8,000 organizations, up from roughly 6,000 within the earlier yr. The variety of lively ransomware teams elevated by roughly 30% in comparison with 2024. Essentially the most lively teams had been Qiling, Akira, Cl0p, Play, and Safepay.
