As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 01, 2026
Information security updates and events from the past week
1. Two US banks, VeraBank and Artisans’ Bank, have informed regulators and customers about a data breach that occurred not through the bank’s systems, but following a ransomware attack on a vendor called Marquis Software (a customer communications and data analytics provider).
What happened:
– According to the notifications to customers, the attackers stole data that was stored/managed by Marquis Software.
– Both banks emphasize: There is no indication of a breach of the bank’s systems themselves, this is a “downstream” event via a vendor.
Who was affected and what is the extent of the exposure:
– VeraBank: 37,318 victims were reported (the letter does not specify what type of information was stolen).
– Artisans’ Bank: 32,344 people’s names and Social Security numbers (SSN) were reported exposed.
2. Cyberattack on Apple’s supply chain – Chinese assembly contractor hit
A new report indicates a cyberattack that was carried out in December against a Chinese assembly contractor that works with Apple, as part of the company’s supply chain. The identity of the contractor was not disclosed, but it is one of the entities involved in the production and assembly of Apple products.
Key known details:
– The attack targeted the contractor’s systems and not Apple directly.
– According to the report, information related to production lines, work processes or product details may have been revealed.
– It was not stated whether this was an actual information leak or a thwarted access attempt.
– There is no indication at this stage of a production shutdown or disruption to supplies to customers.
3. T-Mobile customer phone numbers suspected of being exposed through a marketing interface
A post published on LinkedIn by a senior security official raised serious concerns about the privacy of T-Mobile USA customers, after the company’s online interface allegedly displayed a complete list of mobile phone numbers, without the need for identification.
What was exposed and where:
– A scrolling list of phone numbers was displayed on the promotions.t-mobile.com website interface.
– The user could select a number that did not belong to them for the purpose of “verifying details” or receiving a benefit.
– No login to a customer account was required to view the list.
The essence of the problem:
– This is allegedly a serious development failure (Insecure Design / IDOR-like behavior), and not a classic hack.
– The mere display of other customers’ phone numbers constitutes a disclosure of personal information.
– The disclosure may constitute a violation of privacy regulations and the FCC in the US.
T-Mobile’s response:
– The company responded to the post and acknowledged the existence of the problem and even asked the reporter to remove the post and contact it by email with the details of the case.
– No official public announcement has been made at this stage about the scope of the disclosure.
4. The European Space Agency (ESA) has been hacked. According to the official announcement, the attackers penetrated several external servers, apparently not connected to the core network or mission-critical systems. These are infrastructures that support “unclassified” development work and engineering collaborations.
According to the attackers, they gained access to Jira and Bitbucket, including source code, tokens and data in the number of hundreds of gigabytes, but as of now there is no official confirmation of this.
The ESA organization has launched a forensic investigation, blocked access and taken security measures. The identity of the attackers, the attack vector and the true scope of exposure are still unknown
Even when it is “just an external server”, as soon as it touches development, code and knowledge, it becomes a valuable target
5. Ubisoft reports that the Rainbow Six game servers have been taken down due to a cyber attack.
Online reports indicate that attackers managed to hack into the game servers, award players with virtual currencies worth hundreds of millions of dollars and ban other players.
At the same time, the Vx underground X account reports that another group of attackers was involved in the attack when the second group hacked into Ubisoft’s MongoDB server and stole source code and additional information.
6. Security breach at external vendor exposes data of thousands of Korean Air employees
South Korean airline Korean Air has informed its employees of a data security incident, in which the personal data of thousands of employees was exposed following a hack into the systems of an external vendor that provides it with in-flight catering and retail services.
The incident once again illustrates how a supply chain attack can directly impact even large, regulated organizations.
Incident details
– The attack was carried out against Catering & Duty-Free, an external supplier that spun off from Korean Air in 2020.
– The attackers gained access to the supplier’s ERP system and copied files that were not encrypted.
– The exposed data includes employee names and bank account details.
– According to local media reports, this involved 30,000 data records.
Company response
– Korean Air reported the incident to South Korean authorities.
– At this stage, there is no indication of data misuse.
– Employees have been instructed to be vigilant for messages, emails or phishing attempts related to finances or banking.
Attack group connection
– The Clop ransomware group has claimed responsibility for the attack against KC&D.
– The group posted the stolen information on its website, part of a broader wave of attacks that exploited Oracle E-Business Suite systems at dozens of organizations around the world.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
