In partnership with

THIS WEEK IN CYBER MONDAY 🔒

Dec 22 - Dec 29, 2025 | Top 5 Weekly Highlights

1. 📦 Fake Delivery Sites Explode During Holidays

During December 22-25, fake delivery websites increased by 86%. Attackers created nearly perfect copies of FedEx, DHL, and UPS sites, then sent out mass text messages saying packages were delayed or needed urgent action.

The texts looked real. The websites looked real. And because people were actually expecting deliveries during the holidays, tons of them fell for it and entered their credit card info on fake sites.

What made this worse: the phishing messages were AI-generated, so they were grammatically perfect and contextually accurate. No more obvious spelling errors to tip you off.

Why it matters: AI is making phishing campaigns way more convincing. The old advice of "just check for typos" doesn't work anymore when everything looks and sounds perfect.

Fix: Never click links in delivery texts. Bookmark your shipping company's real website and check there directly. If a message creates urgency ("act now or lose your package!"), that's your red flag.

READ MORE →

🐭🏰Wanna know how Disney manages millions of videos? Click here to find out 👉

Media Leaders on AI: Insights from Disney, ESPN, Forrester Research

The explosion of visual content is almost unbelievable, and creative, marketing, and ad teams are struggling to keep up. Content workflows are slowing down, and teams can't find the right assets quickly enough.

The crucial question is: How can you still win with the influx of content and keep pace with demand?

Find out on Jan 14, 2026, at 10am PT/1pm ET as industry leaders—including Phyllis Davidson, VP Principal Analyst at Forrester Research, and former media executive Oke Okaro as they draw on their deep media research and experience from ESPN, Disney, Reuters, and beyond.

In the webinar, "The Future of Content Workflows: How AI is Powering the Next Wave," you’ll learn:

• The forces reshaping content operations

• Where current systems are falling short

• How leading organizations are using multimodal AI to extend their platforms

• What deeper image and video understanding unlocks for monetization

Get clear insight and actionable perspective from the leaders who built and transformed top media and entertainment organizations.

Register here to get your content workflow strategy right in 2026.

Save your seat

2. 🎄 French Postal Service Gets Hit on Christmas Eve

Pro-Russian hacking group NoName057(16) decided to ruin Christmas for France by taking down their national postal service on December 24.

The attack was a DDoS—basically flooding the system with so much fake traffic that legitimate users couldn't get through. Package tracking went offline. Online payments stopped working. Anyone trying to check if their last-minute gifts would arrive? Out of luck.

The timing wasn't random. Attackers knew exactly when this would cause maximum disruption—right when everyone's checking delivery statuses and making final holiday purchases.

Paris prosecutors opened an investigation, but the damage was already done. This wasn't about stealing data or making money. It was pure disruption with a political message attached.

Why it matters: When state-sponsored groups can take down a country's postal system during the holidays, we're not just talking about hacking anymore. This is what modern geopolitical conflict looks like.

The takeaway: Critical infrastructure is increasingly becoming a political target, not just a criminal one.

READ MORE →

3. 💰 Trust Wallet Browser Extension Steals $7 Million

If you used Trust Wallet's Chrome extension on Christmas Eve, your crypto might be gone.

Security researchers found that version 2.68 of the extension contained malicious code designed to steal wallet recovery phrases—basically your master password to all your crypto. About $7 million was stolen from roughly 1 million users.

Here's what's scary: this was the official extension from the Chrome Web Store. People installed what looked like a legitimate update and got malware instead. The fake extension sent all the stolen data to a server controlled by the attackers.

Trust Wallet says they'll refund everyone affected, but the bigger problem is how this happened in the first place. Browser extensions have access to everything you do online, and when they get compromised, there's no undo button for crypto transactions.

Why it matters: Official app stores aren't automatically safe. Supply chain attacks like this prove that even "trusted" sources can distribute malware.

Fix: If you used Trust Wallet's Chrome extension, move your funds to a new wallet with a new recovery phrase immediately. For serious crypto holdings, use a hardware wallet—browser extensions are too vulnerable.

READ MORE →

3. 🚗 Nissan Data Breach Through GitLab

Nissan confirmed on December 23 that hackers got into their GitLab development system and stole data on 21,000+ customers.

The breach actually happened back in September, but they just disclosed it now. A hacking group called Crimson Collective grabbed 570 GB of data from 28,000 private code repositories. They got customer names, addresses, phone numbers, and vehicle information.

Here's the pattern: attackers are increasingly targeting development environments because they're often less protected than production systems, but they contain the same valuable data. Companies focus all their security on the main website and forget that their dev tools have direct access to customer databases.

Why it matters: Your development environment isn't "less important" just because it's internal. To attackers, it's often an easier way into the same data with weaker defenses.

Takeaway: If you're storing real customer data in dev environments for testing, stop. Use fake synthetic data instead. And secure your development tools with the same intensity as your production systems.

READ MORE →

5. ⚡ 59,000 Servers Hacked in 48 Hours

Operation PCPcat is the fastest-spreading infrastructure attack we've seen this year.

Between December 22-24, attackers exploited vulnerabilities in Next.js and React applications and compromised over 59,000 servers in just two days. They scanned nearly 100,000 IP addresses globally and had a 64.6% success rate. Between 300,000 to 590,000 credential sets were stolen.

The scary part: this attack is self-sustaining. Each infected server automatically scans for new targets every 45 minutes, so the campaign keeps spreading on its own.

The attackers aren't asking for ransom or selling the data. They're building a massive botnet of compromised web servers that can be used for whatever they want—DDoS attacks, crypto mining, or as staging grounds to attack other networks.

Why it matters: Modern web frameworks power millions of websites. When vulnerabilities spread this fast, manual patching can't keep up. By the time most companies even detect the problem, they're already compromised.

Fix: Check if you're running vulnerable versions of Next.js or React immediately. Apply patches for CVE-2025-29927 and CVE-2025-66478 now. Set up automated vulnerability scanning because attacks at this speed require automated defense.

READ MORE →

🎯 The Big Picture

This week showed how attackers are getting faster and smarter about timing and targets.

France's postal service got hit during the busiest 24 hours of the year. Trust Wallet users installed malware from an official app store. Fake delivery sites exploded when everyone was expecting packages. Nissan learned that dev environments are just as valuable to attackers as production. And Operation PCPcat showed that modern attacks can compromise tens of thousands of servers before most security teams even notice.

The pattern: attackers are exploiting trust and timing. They hit when you're distracted, they compromise things you assume are safe, and they move faster than traditional security can respond.

What to do:

✅ Patch immediately. Especially for web frameworks like Next.js and React—these aren't low priority.

✅ Verify everything. Texts, emails, browser extensions—assume they're fake until you confirm otherwise.

✅ Secure dev environments. They have the same access to sensitive data as production systems.

✅ Use hardware wallets for crypto. Browser extensions are too easy to compromise.

✅ Bookmark official sites. Never click links in messages about deliveries or account issues.

Attacks are getting faster. The exploitation windows are shrinking. Stay alert.

Got questions? Found something we missed? Drop feedback in the comments.