Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

There’s a dark joke in cybersecurity: each year ends with an unwelcome holiday surprise—a major security incident. This timing isn’t random. Threat actors target this timing, knowing security teams operate with skeleton crews that impact detection, investigation and response times. It’s a calculated strategy that works reliably, year after year. And now there’s another holiday surprise to add to the list—the recent attack on the U.S. Treasury Department.

Phishing attacks are a huge threat. They prey on human trust and manage to trick even the most tech-savvy users. A successful attack on a company’s customers can weaken it financially, create compliance issues, and cause long-lasting reputational damage. Scammers have stolen over $1 trillion globally in just the past year – a staggering figure that rivals the GDP of some nations.

In December 2024, Cyberhaven fell victim to a sophisticated cyberattack that exploited a phishing campaign targeting its Chrome Web Store account. This breach compromised over 400,000 users by injecting malicious code into its browser extension, exfiltrating sensitive data such as cookies and session tokens. The incident has drawn significant attention due to Cyberhaven's role as a cybersecurity provider and the broader implications for browser extension security.

A new and growing threat has emerged, targeting vulnerable PHP servers with a sophisticated cryptocurrency mining attack. This exploit takes advantage of misconfigured or unpatched PHP servers, allowing malicious actors to gain unauthorized access and deploy mining malware. The campaign focuses on exploiting vulnerabilities in PHP, particularly CVE-2024-4577, which has already been linked to several exploit attempts and continues to affect systems worldwide.

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitech’s latest Ransomware Roundup report. The average ransom demand was more than $3.5 million, and the average ransom paid was $9.5 million. Many of these attacks involved data theft extortion, leading to the breach of nearly 200 million records.

The recent Codefinger ransomware attack has sent shockwaves through the IT community, specifically targeting businesses relying on AWS S3 storage services. This breach highlights the importance of prioritizing security “best practices” to protect even the most reliable platforms.

Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.

In the spring of 2024, the FBI warned U.S citizens of a spear phishing campaign by state-sponsored North Korean threat actors.