Category: Security & Privacy

U.S. insurance giant Aflac has confirmed a significant data breach, where hackers accessed the personal information of approximately 22.65 million individuals. The stolen data includes sensitive details such as Social Security numbers, identity documents, health information, and more. This incident underscores the ongoing challenges companies face in safeguarding customer data against sophisticated cyber threats.

Aflac stated that the stolen data comprises a range of personal information, including names, dates of birth, addresses, government-issued ID numbers, driver’s license numbers, and medical details. The company also mentioned that the cybercriminals responsible for the breach could be linked to a known cyber-criminal organization, with indications that the insurance industry was a specific target.

With the rise of cybercrime and data breaches, organizations across sectors, including insurance companies, must continuously enhance their cybersecurity measures to protect customer data and maintain trust. The incident serves as a reminder of the critical importance of robust cybersecurity practices and proactive threat detection strategies in today’s digital landscape.

Source: TechCrunch

ServiceNow, the enterprise software company, has agreed to acquire cybersecurity startup Armis for $7.75 billion in cash. This acquisition marks a significant increase in valuation for Armis, which had recently raised $435 million in pre-IPO funding, valuing the company at $6.1 billion.

Armis, led by co-founder and CEO Yevgeny Dibrov, focuses on providing security solutions for critical infrastructure to top-tier clients, including Fortune 500 companies and governments. The company has an impressive $340 million in annual recurring revenue and a growth rate exceeding 50%. This strategic acquisition will enable ServiceNow to bolster its cybersecurity portfolio and enhance its offerings in this crucial domain.

The deal underscores the ongoing trend of consolidation in the tech industry, where established players like ServiceNow are seeking to broaden their capabilities through acquiring innovative startups like Armis. The acquisition is poised to have a significant impact on ServiceNow’s cybersecurity strategy, positioning the company for further growth and expansion in the competitive cybersecurity market.

Source: TechCrunch

The U.S. government has implemented a ban on new foreign-made drone models, citing national security concerns. The Federal Communications Commission (FCC) has added all foreign-produced Unmanned Aircraft Systems (UAS) and critical components to the Covered List, citing potential risks posed by drones in the hands of criminals and hostile actors.

This decision is set to disrupt the dominance of Chinese drone manufacturer DJI in the American market. As DJI is a popular choice among U.S. consumers, the ban will have significant implications for the company and the drone industry as a whole. While existing owners of foreign drone models are not affected, the restriction on new models will reshape the competitive landscape.

In response, DJI expressed disappointment over the FCC’s action and emphasized its commitment to the U.S. market amidst the evolving regulatory environment. As the ban takes effect, the U.S. drone market is poised for transformation, potentially paving the way for domestic drone manufacturers to enhance their presence. The clash between Chinese and American consumer tech products underscores the ongoing tensions in the global tech industry.

Source: TechCrunch

In 2025, cybercriminals stole a record $2.7 billion in cryptocurrency through various hacks and heists, marking the third consecutive year of escalating crypto thefts, as reported by blockchain-monitoring firms. Major incidents included a breach at Dubai-based exchange Bybit, where hackers made off with approximately $1.4 billion in crypto. The FBI and blockchain analysis firms implicated North Korean government hackers in this high-profile theft, underscoring the ongoing threat posed by state-sponsored cybercrime in the crypto space.

This staggering sum of stolen crypto in 2025 surpassed previous records, with notable breaches in 2022 against the Ronin Network and the Poly Network. Chainalysis and TRM Labs estimated the total stolen amount, with Chainalysis also tracing an additional $700,000 taken from individual crypto wallets. The security firm De.Fi, behind the REKT database, echoed these findings, further emphasizing the scale of illicit activities within the crypto ecosystem.

Throughout the year, North Korean hackers remained prominent, amassing over $2 billion in stolen crypto according to industry experts. Their activities, allegedly aimed at funding the country’s nuclear weapons program, demonstrate the complex intersection of cybersecurity, geopolitics, and financial crime in the digital age.

Additional breaches targeted platforms like Cetus, Balancer, and Phemex, highlighting the vulnerabilities present in decentralized exchanges and protocols. As the crypto landscape continues to evolve, these incidents underscore the critical need for robust security measures and heightened vigilance to safeguard digital assets.

Source: TechCrunch

Aflac, a major U.S. insurance company, has confirmed a significant data breach where hackers accessed sensitive personal data of approximately 22.65 million individuals. The stolen information includes Social Security numbers, identity documents, health data, and other personal details. Aflac revealed that the cybercriminals responsible for the breach may have connections to a known cyber-criminal organization targeting the insurance industry.

The stolen data encompasses a range of sensitive information such as customer names, dates of birth, addresses, government-issued ID numbers, driver’s license numbers, and medical and health insurance details. This breach raises concerns about the vulnerability of personal data and the potential risks customers face when such information falls into the wrong hands.

With approximately 50 million customers, Aflac is taking steps to notify those affected by the breach. The company’s acknowledgment of the cyberattack underscores the importance of robust cybersecurity measures for organizations, especially those handling sensitive personal and health information.

Source: TechCrunch

Recent findings by security researcher Anurag Sen have shed light on Uzbekistan’s extensive national license plate scanning system, which was left exposed online without password protection, allowing unrestricted access to the collected data. The system, comprising a network of high-resolution roadside cameras scanning thousands of vehicles daily, aims to identify traffic violations such as running red lights, seatbelt non-usage, and unlicensed night driving.

Sen’s discovery revealed that the surveillance system, operational since mid-2025, was publicly accessible, leading to concerns about privacy and security implications associated with mass vehicle monitoring. This incident parallels the growing trend of license plate surveillance globally, with the United States also expanding its use of such technology.

This revelation underscores the need for robust security measures in surveillance systems to safeguard sensitive data and mitigate potential risks of unauthorized access. As countries continue to implement nationwide monitoring solutions, ensuring data protection and privacy safeguards is paramount.

Source: TechCrunch

France’s national postal and banking services, La Poste, faced a significant disruption due to a suspected distributed denial-of-service (DDoS) attack. The incident temporarily knocked offline the organization’s information systems, rendering online mail, banking services, website, and mobile app inaccessible for customers. However, in-person banking and postal transactions remained possible during this outage.

La Banque Postale, the banking arm of La Poste, also acknowledged the cyberattack, highlighting the temporary unavailability of customer access to the mobile app and online banking platform.

Although a Russian hacktivist group claimed responsibility for the attack, the true perpetrators remain unidentified. This incident adds to a series of recent cybersecurity challenges faced by the French government, including the discovery of remote control software on a passenger ferry and a data breach involving stolen confidential documents from email accounts.

As investigations continue, the connection between these incidents remains unclear, raising concerns about the resilience of critical infrastructure against cyber threats.

Source: TechCrunch

Cisco has disclosed that a group of hackers backed by the Chinese government is exploiting a vulnerability in some of its key products, putting its enterprise customers at risk. While the exact number of compromised customers remains undisclosed by Cisco, security researchers have identified potentially hundreds of vulnerable Cisco customers.

Piotr Kijewski, CEO of the Shadowserver Foundation, a nonprofit that monitors hacking activities, stated that the exposure scale appears to be in the hundreds. The foundation’s ongoing monitoring indicates that the attacks are targeted rather than widespread.

Shadowserver has been actively tracking the systems exposed to the disclosed vulnerability, officially known as CVE-2025-20393. This zero-day vulnerability, discovered before Cisco could release patches, has impacted numerous systems, with India, Thailand, and the United States showing dozens of affected systems.

Cybersecurity firm Censys has also reported a limited number of affected Cisco customers, identifying 220 internet-exposed Cisco email gateways as vulnerable targets.

This event underscores the critical importance of prompt patching and proactive cybersecurity measures for enterprises utilizing Cisco products to mitigate the risk of exploitation by threat actors.

Source: TechCrunch

In 2025, the cybersecurity landscape was marked by a series of high-profile data breaches and cyberattacks that highlighted the ongoing vulnerabilities in both government and corporate systems. This analysis from TechCrunch provides insights into the evolving cybersecurity threats and trends shaping the digital realm.

Throughout the year, various security incidents unfolded, underscoring the need for stronger cybersecurity measures. Notable events included:

• A cyberattack from Chinese hackers targeted the U.S. Treasury, exposing critical security gaps.
• Multiple federal agencies, including the agency responsible for safeguarding U.S. nuclear weapons, fell victim to data breaches.
• Russian hackers infiltrated the U.S. Courts’ filing system, raising concerns about data integrity and confidentiality.
• The largest data breach in U.S. government history occurred due to the actions of DOGE, a department led by Elon Musk under the Trump administration, highlighting the risks associated with non-compliance and inadequate security measures.

As cybersecurity threats continue to escalate in complexity and magnitude, organizations face mounting pressure to fortify their defenses and prioritize data protection. The events of 2025 serve as a stark reminder of the critical importance of robust cybersecurity practices in safeguarding digital assets and maintaining public trust.

Source: TechCrunch

DXS International, a prominent U.K.-based healthcare technology provider for England’s National Health Service (NHS), recently disclosed a concerning cybersecurity incident. The company identified a data breach affecting its office servers on December 14, which was promptly contained with the assistance of NHS and cybersecurity experts. While the breach had minimal impact on the company’s services, the extent and nature of the incident are still under investigation.

Notably, a ransomware group named DevMan claimed responsibility for the breach, boasting about stealing 300 gigabytes of data from DXS International. The company has taken the necessary steps to notify authorities, including the UK’s Information Commissioner’s Office (ICO), about the security breach.

DXS International’s chief operating officer, Steven Bauer, refrained from providing further details, aligning with the company’s public statement. The ICO is actively evaluating the information shared by DXS, emphasizing the importance of understanding the implications of such data breaches on healthcare technology security.

Source: TechCrunch