Information Security News – 1/5/2026

The 10 Biggest Cyber Stories of 2025: A Year of Record-Breaking Attacks

Article Link: https://www.probablypwned.com/article/top-10-cyber-stories-2025-year-in-review

• ProbablyPwned outlines ten cyber incidents that defined 2025, from a $1.5 billion cryptocurrency theft to global espionage campaigns targeting government and telecom systems.
• The article shows threat actors combining social engineering, vendor compromise, credential theft, and zero-day exploitation to gain broad, sustained access.
• The consequences were widespread, affecting financial markets, national security, education systems, healthcare providers, and millions of individuals worldwide.
• The report emphasizes third-party exposure, human manipulation, and delayed detection repeatedly amplified damage across sectors.

The Evolution of Information Security: From Compliance to Resilience

Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/12/26/the-evolution-of-information-security-from-compliance-to-resilience/

• The Forbes article explains how information security shifted from audit-focused work into a business function tied to continuity and competitiveness.
• It outlines a progression from compliance programs to risk-based decision making, and then to a focus on operating through disruption rather than stopping every incident.
• The piece notes that attackers now move faster through social manipulation, insider misuse, and advanced tooling, shrinking the time teams have to react.
• The author concludes that leaders now measure readiness by recovery speed, data restoration, and tolerated downtime rather than the absence of breaches.

Why Visibility Alone Fails and Context Wins in 2026

Article Link: https://securityboulevard.com/2025/12/why-visibility-alone-fails-and-context-wins-in-2026/

• The article argues that years of chasing dashboards, logs, and alerts produced awareness without helping teams decide what actually deserves attention.
• It explains how piling telemetry onto people increased workload and confusion, leaving teams reacting to noise instead of managing exposure that affects operations.
• The author shows how separating identity, assets, threats, and business impact kept defenders from seeing which paths truly lead to damage.
• The piece concludes that success in 2026 depends on connecting data into clear priorities that reduce exposure continuously rather than watching everything all the time.

Cybersecurity Pros Admit to Moonlighting as Ransomware Scum

Article Link: https://www.theregister.com/2025/12/31/alphv_ransomware_affiliates_plead_guilty/

• Two U.S.-based security professionals, Ryan Clifford Goldberg and Kevin Tyler Martin, admitted to secretly running ransomware attacks while holding legitimate industry roles.
• Court filings show the pair joined the ALPHV BlackCat operation, agreeing to share 20 percent of extortion payments in exchange for access to its tooling.
• The Justice Department said the men used their professional training to target U.S.-based victims and disrupt commercial activity.
• A federal judge will sentence both in March, with each facing potential prison terms of up to 20 years.

European Space Agency Confirms Breach After Hacker Offers to Sell Data

Article Link: https://www.securityweek.com/european-space-agency-confirms-breach-after-hacker-offers-to-sell-data/

• The European Space Agency confirmed that a breach affected a small number of external science servers after a hacker attempted to sell stolen data online.
• ESA stated that the impacted systems sit outside its main corporate network and support unclassified engineering collaboration with the scientific community.
• A threat actor using the alias “888” claimed responsibility, offering 200 gigabytes of data allegedly taken on December 18, including private Bitbucket files, source code, tokens, credentials, and internal documents.
• The agency said a forensic review is underway, affected devices are being secured, and partners have been notified while the investigation continues.

Hackers are Targeting U.S. Farms and Food Companies. Lawmakers Say It’s Time to Act

Article Link: https://www.wpr.org/news/hackers-targeting-us-farms-food-companies-cyber-security

• The article reports a sharp rise in digital attacks against U.S. farms and food producers as agriculture becomes more technology dependent.
• Research from Check Point shows agriculture experienced the largest global year over year increase in attacks at 101 percent, with a 38 percent rise in the United States.
• Recent incidents disrupted grocery supply chains and online ordering systems, while smaller farmers faced quieter fraud and extortion that rarely reaches headlines.
• Lawmakers and universities are backing new research centers, grants, and training programs to reduce risk across farming, production, and distribution.
• Check Point Research: https://blog.checkpoint.com/research/global-cyber-threats-august-2025-agriculture-hit-hard/

Aflac Data Breach Exposes 22M People in Major Cyber Breach

Article Link: https://www.techrepublic.com/article/news-aflac-breach-22m-affected/

• Aflac confirmed a data breach affecting more than 22 million people after suspicious activity was detected across a limited number of U.S. systems in June 2025.
• The company traced the intrusion to an advanced criminal group and determined that personal and medical records were taken during the incident.
• Stolen information included names, addresses, dates of birth, Social Security numbers, government identification details, and health insurance data belonging to customers, employees, agents, and beneficiaries.
• Aflac reset affected account passwords, began notifying impacted individuals, offered two years of identity and medical fraud protection, and now faces a class action lawsuit filed in federal court.

Disney Will Pay $10 million to Settle Children’s Data Privacy Lawsuit

Article Link: https://www.bleepingcomputer.com/news/security/disney-will-pay-10m-to-settle-claims-of-childrens-privacy-violations-on-youtube/

• Disney agreed to a $10 million civil penalty to resolve allegations that children’s data was collected through mislabeled YouTube videos.
• The U.S. Department of Justice said Disney failed to properly mark kid-directed content as “Made for Kids,” allowing personal data collection and targeted advertising.
• The complaint followed a referral from the Federal Trade Commission and cited more than 300 videos that were incorrectly labelled even after warnings from YouTube.
• The settlement requires Disney to notify parents before collecting children’s information and correctly designate kid-focused videos to prevent unlawful data use.

Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach

Article Link: https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/

• A hacker using the alias “Lovely” released data tied to more than 2.3 million Wired.com accounts, claiming the records were taken from systems linked to Condé Nast.
• The leak was posted on December 20, 2025, and included names, email addresses, user IDs, timestamps, and session details, but no payment or password data.
• The attacker alleged the data came from direct access to Wired’s account systems or a shared identity platform and threatened additional disclosures affecting over 40 million accounts across multiple brands.
• As of publication, Condé Nast had not confirmed the breach, while independent review indicated the Wired data samples appear legitimate. This remains an active situation still unfolding.