Recently, the threat actors behind the Black Basta ransomware group claimed responsibility for the data breach of Ascension healthcare, which exposed sensitive records for over 5.6 million individuals, including patients and employees. The initial attack occurred back in May, when an employee fell victim to a phishing attack and downloaded a malicious file on the internal Ascension network.

Clop ransomware adds 66 victim companies to their leak site

Following the breach of the Cleo data transfer program, the Clop ransomware group has added 66 victim companies to their dark web leak site, with a 48-hour deadline to respond for negotiations before being fully outed. The breach of Cleo allowed the threat actors to gain network access to the victim companies and compromise a significant amount of data from each one. This is the second major data-transfer attack performed by the Clop ransomware group and is still unclear if it surpasses the magnitude of the MOVEit vulnerability attack from 2023.

Japan Airlines suffers holiday cyberattack

The Thursday before Christmas, officials for Japan Airlines identified some unusual activity on their internal network, which was later confirmed to be a DDoS cyberattack that was causing delays in flights and flooding their network with traffic to cause system crashes. While this incident forced 24 regional flights to receive delays of up to 30 minutes, it has been revealed that no customer or employee information was compromised. Ticket sales for domestic and international flights were also suspended, but fortunately all systems were returned to normal operations within hours.

Cariad data breach exposes electric vehicle data

Towards the end of November, the automotive software firm, Cariad, suffered a significant data breach that compromised customer records and geo-location data for nearly 800,000 electric car owners. Cariad provides software for VW, Audi, Skoda, and Seat, that provides drivers with information on driving habits and vehicle tracking capabilities, if they have registered their vehicle with the online services. Of the 800,000 total customers affected, about 460,000 vehicles were registered and had their geo-location data exposed, with some of those belonging to police and other local law enforcement agencies.

LockBit 4.0 teaser revealed by admin

In the last week, one of the known former admins of the LockBit ransomware group, LockBitSupp, revealed that there was to be a release of LockBit 4.0 at the beginning of February 2025. Alongside the reveal, the domain lockbit4.com was confirmed, as well as 5 TOR sites related to the Ransomware-as-a-Service (RaaS). LockBitSupp has also apparently released the LockBit 4.0 ransom note and some of the program’s source code, which is currently being reverse engineered by security researchers.