{"id":10372,"date":"2026-01-05T11:32:21","date_gmt":"2026-01-05T08:32:21","guid":{"rendered":"https:\/\/cyberone.bg\/?p=10372"},"modified":"2026-01-05T11:32:21","modified_gmt":"2026-01-05T08:32:21","slug":"weekly-cybersecurity-report-week-01-2026","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-01-2026","title":{"rendered":"Weekly Cybersecurity Report | Week 01, 2026"},"content":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0CyberOne<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n

Weekly Cybersecurity Report | Week 01, 2026<\/h2>\n

Information security updates and events from the past we<\/u><\/strong>ek<\/u><\/strong><\/p>\n

1. Two US banks, VeraBank and Artisans\u2019 Bank, have informed regulators and customers about a data breach that occurred not through the bank\u2019s systems, but following a ransomware attack on a vendor called Marquis Software (a customer communications and data analytics provider).<\/strong><\/a><\/h3>\n

What happened:
\n\u2013 According to the notifications to customers, the attackers stole data that was stored\/managed by Marquis Software.
\n\u2013 Both banks emphasize: There is no indication of a breach of the bank\u2019s systems themselves, this is a \u201cdownstream\u201d event via a vendor.<\/p>\n

Who was affected and what is the extent of the exposure:
\n\u2013 VeraBank: 37,318 victims were reported (the letter does not specify what type of information was stolen).
\n\u2013 Artisans\u2019 Bank: 32,344 people\u2019s names and Social Security numbers (SSN) were reported exposed.<\/p>\n

2. Cyberattack on Apple\u2019s supply chain \u2013 Chinese assembly contractor hit<\/strong><\/a><\/h3>\n

A new report indicates a cyberattack that was carried out in December against a Chinese assembly contractor that works with Apple, as part of the company\u2019s supply chain. The identity of the contractor was not disclosed, but it is one of the entities involved in the production and assembly of Apple products.
\nKey known details:
\n\u2013 The attack targeted the contractor\u2019s systems and not Apple directly.
\n\u2013 According to the report, information related to production lines, work processes or product details may have been revealed.
\n\u2013 It was not stated whether this was an actual information leak or a thwarted access attempt.
\n\u2013 There is no indication at this stage of a production shutdown or disruption to supplies to customers.<\/p>\n

https:\/\/appleinsider.com\/articles\/25\/12\/29\/apple-assembly-partner-victim-of-a-supply-chain-cyberattack?utm_source=rss<\/a><\/p>\n

3. T-Mobile customer phone numbers suspected of being exposed through a marketing interface<\/strong><\/a><\/h3>\n

A post published on LinkedIn by a senior security official raised serious concerns about the privacy of T-Mobile USA customers, after the company\u2019s online interface allegedly displayed a complete list of mobile phone numbers, without the need for identification.
\nWhat was exposed and where:
\n\u2013 A scrolling list of phone numbers was displayed on the promotions.t-mobile.com website interface.
\n\u2013 The user could select a number that did not belong to them for the purpose of \u201cverifying details\u201d or receiving a benefit.
\n\u2013 No login to a customer account was required to view the list.<\/p>\n

The essence of the problem:
\n\u2013 This is allegedly a serious development failure (Insecure Design \/ IDOR-like behavior), and not a classic hack.
\n\u2013 The mere display of other customers\u2019 phone numbers constitutes a disclosure of personal information.
\n\u2013 The disclosure may constitute a violation of privacy regulations and the FCC in the US.<\/p>\n

T-Mobile\u2019s response:
\n\u2013 The company responded to the post and acknowledged the existence of the problem and even asked the reporter to remove the post and contact it by email with the details of the case.
\n\u2013 No official public announcement has been made at this stage about the scope of the disclosure.<\/p>\n

4. The European Space Agency (ESA) has been hacked. According to the official announcement, the attackers penetrated several external servers, apparently not connected to the core network or mission-critical systems. These are infrastructures that support \u201cunclassified\u201d development work and engineering collaborations.<\/strong><\/a><\/h3>\n

According to the attackers, they gained access to Jira and Bitbucket, including source code, tokens and data in the number of hundreds of gigabytes, but as of now there is no official confirmation of this.<\/p>\n

The ESA organization has launched a forensic investigation, blocked access and taken security measures. The identity of the attackers, the attack vector and the true scope of exposure are still unknown
\nEven when it is \u201cjust an external server\u201d, as soon as it touches development, code and knowledge, it becomes a valuable target<\/p>\n

5. Ubisoft reports that the Rainbow Six game servers have been taken down due to a cyber attack.<\/strong><\/a><\/h3>\n

Online reports indicate that attackers managed to hack into the game servers, award players with virtual currencies worth hundreds of millions of dollars and ban other players.
\nAt the same time, the Vx underground X account reports that another group of attackers was involved in the attack when the second group hacked into Ubisoft\u2019s MongoDB server and stole source code and additional information.<\/p>\n

6. Security breach at external vendor exposes data of thousands of Korean Air employees<\/strong><\/a><\/h3>\n

South Korean airline Korean Air has informed its employees of a data security incident, in which the personal data of thousands of employees was exposed following a hack into the systems of an external vendor that provides it with in-flight catering and retail services.
\nThe incident once again illustrates how a supply chain attack can directly impact even large, regulated organizations.<\/p>\n

Incident details
\n\u2013 The attack was carried out against Catering & Duty-Free, an external supplier that spun off from Korean Air in 2020.
\n\u2013 The attackers gained access to the supplier\u2019s ERP system and copied files that were not encrypted.
\n\u2013 The exposed data includes employee names and bank account details.
\n\u2013 According to local media reports, this involved 30,000 data records.<\/p>\n

Company response
\n\u2013 Korean Air reported the incident to South Korean authorities.
\n\u2013 At this stage, there is no indication of data misuse.
\n\u2013 Employees have been instructed to be vigilant for messages, emails or phishing attempts related to finances or banking.<\/p>\n

Attack group connection
\n\u2013 The Clop ransomware group has claimed responsibility for the attack against KC&D.
\n\u2013 The group posted the stolen information on its website, part of a broader wave of attacks that exploited Oracle E-Business Suite systems at dozens of organizations around the world.<\/p>\n

https:\/\/koreajoongangdaily.joins.com\/news\/2025-12-29\/business\/industry\/Data-breach-at-Korean-Air-leaks-30000-employee-records\/2488168<\/a><\/p>\n

The cybersecurity attacks highlighted in this report aren\u2019t just incidents, they\u2019re blueprints of the adversary\u2019s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

As your dedicated cybersecurity services provider,\u00a0CyberOne\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 01, 2026 Information security updates and events from the past week 1. Two US banks, VeraBank and Artisans\u2019 […]<\/p>\n","protected":false},"author":6,"featured_media":8597,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[65],"class_list":["post-10372","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates","tag-weekly-cybersecurity-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=10372"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10372\/revisions"}],"predecessor-version":[{"id":10373,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/10372\/revisions\/10373"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8597"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=10372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=10372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=10372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}