Resources

What HappenedManage My Health, a widely used New Zealand patient portal, said an unauthorized party accessed a portion of its platform and may have viewed health documents linked to roughly 6% to 7% of its registered user base. The company has put the potential impact at 108,000 to 126,000 people out of about 1.8 million…

What HappenedGoogle said in mid-December 2025 that it will shut down Dark Web Report, which alerted users when their personal data appeared in breach dumps and dark web markets. Launched in March 2023 and expanded to all Google accounts in July 2024, it scanned for emails, names, phone numbers, and SSNs and sent alerts recommending…

What HappenedIn late December 2025, a database with 2.3+ million records tied to WIRED subscribers surfaced on underground forums. A threat actor called Lovely posted it on Breach Stars on Dec 20, claiming they exploited weaknesses in Condé Nast’s account systems, then reposted it elsewhere. Researchers said the files appear to come from an internal…

What HappenedIn late December 2025, Spotify confirmed it was investigating unauthorized scraping of its music library after a pirate activist group, Anna’s Archive, claimed it had backed up a massive portion of Spotify’s catalog. The group said it released metadata for hundreds of millions of tracks and intended to distribute tens of millions of audio…

What Actually HappenedIn December 2025, Nissan Motor Co. Ltd. confirmed that personal data for about 21,000 customers tied to a former Fukuoka dealership in Japan was copied from a Red Hat Consulting server used to build a customer management system. Attackers accessed Red Hat’s self-managed GitLab earlier in autumn, and Red Hat notified Nissan on…

What Happened700Credit LLC, a Michigan based provider of credit reports and identity verification services for auto dealerships, disclosed in late 2025 that attackers accessed its dealership web application and copied sensitive consumer data tied to dealership customers. Public breach reporting and state level disclosures put the total impacted population at about 5.8 million people nationwide,…

What HappenedSoundCloud confirmed a security incident that exposed the email addresses of roughly 20% of users after an attacker accessed an “ancillary service dashboard.” SoundCloud said only emails and public profile details were exposed, with no evidence of password or financial data access. The incident coincided with service disruptions and later DDoS activity.Timeline: From First…

Background and TimelineDuring the 2025 holiday break, users of Trust Wallet’s Chrome extension began reporting that their crypto wallets were suddenly drained shortly after interacting with the extension. Trust Wallet later confirmed a security incident affecting only Chrome extension version 2.68, and multiple sources reported losses reaching roughly $7 million.On December 24, 2025, Trust Wallet’s…

Imagine trying to secure a house by installing the most expensive smart locks on the front door, while leaving the back window unlatched and the basement door wide open. You’ve spent the money, but are you actually safer?A cybersecurity gap assessment is essentially a “home security audit” for your digital estate. It looks past the…