In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails, IDHS Breach Impacts 700k

Posted on by

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

Organizations seeing hundreds of gen-AI data policy violations per month

Netskope has published the 2026 edition of its Cloud and Threat Report. The report shows that gen-AI apps are increasingly used in organizations, but shadow AI remains a major challenge. Organizations are seeing, on average, 223 gen-AI data policy violation incidents (users sending sensitive data to AI) per month. Netskope also found that 60% of insider threat incidents involve personal cloud apps. 

Advertisement. Scroll to continue reading.

Jaguar Land Rover sales crash after cyberattack

Jaguar Land Rover (JLR) reported a significant drop in sales following the highly disruptive cyberattack. While the hacker attack caused disruptions to production, which only returned to normal levels by mid‑November, sales were also hit due to other factors, including US tariffs and the introduction of new cars. 

Spyware company founder pleads guilty

Bryan Fleming, founder of the spyware company pcTattletale, has pleaded guilty in a US court to charges related to hacking and the sale of surveillance software for unlawful purposes, TechCrunch reported. pcTattletale was shut down in 2024 after it was hacked, but authorities had already been investigating the company.

Illinois Department of Human Services data breach

The Illinois Department of Human Services (IDHS) has disclosed a data breach affecting a total of 700,000 individuals. The incident is related to a mapping website that was inadvertently made accessible to the public. The site exposed the information of 32,000 Division of Rehabilitation Services (DRS) customers, including name, address, case number and status, referral source information, and region data. In addition, it exposed the information of roughly 672,000 Medicaid and Medicare Savings Program recipients, including address, case number, demographic information, and medical assistance plans. The recipients’ names were not exposed. It’s unclear if anyone accessed the information during the time it was exposed, between 2021/2022 and 2025. 

Suspect arrested for using data stolen in 2019 Desjardins hack

A man wanted for allegedly using data stolen in a 2019 hacker attack from Canada’s Desjardins credit union has been arrested in Spain. The suspect, 40-year-old Juan Pablo Serrano, is expected to be extradited to Canada, where he is accused of buying data stolen from Desjardins and using it to commit fraud. While Serrano does not appear to have been involved in the actual Desjardins hack, authorities did arrest several suspects believed to have played a role in the scheme, including an insider.  

Taiwan says Chinese cyberattacks intensified

The government of Taiwan has published a report describing the cyber threat posed by China to its critical infrastructure in 2025. The report says Chinese state-sponsored threat actors conducted 2.6 million intrusion attempts per day, a 6% increase from the previous year. The energy and emergency/healthcare sectors were the most targeted, but attacks were also aimed at the government, communications, transportation, water, finance, industrial, and food sectors. 

China hacked US House committee emails

The Chinese threat group known as Salt Typhoon has hacked into email systems used by congressional staff on powerful committees in the US House of Representatives. The cyberspies targeted staffers on committees focusing on China, foreign affairs, intelligence, and armed services, FT reported (paywalled). 

OwnCloud warning in response to credential theft 

File sharing platform OwnCloud has issued a warning after security firm Hudson Rock reported identifying dozens of major data breaches stemming from credentials stolen by infostealer malware. The attacks have been linked to a single threat actor and have targeted several major file transfer services in addition to OwnCloud. The company is now urging customers to enable multi-factor authentication to protect their accounts. OwnCloud noted that its systems have not been hacked. 

Over 8,000 ransomware attacks reported in 2025

According to Emsisoft’s ‘State of Ransomware in the US’ report for 2025, cybercrime groups claimed to have targeted more than 8,000 organizations, up from roughly 6,000 in the previous year. The number of active ransomware groups increased by approximately 30% compared to 2024. The most active groups were Qiling, Akira, Cl0p, Play, and Safepay.

Related: In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy

Related: In Other News: Docker AI Attack, Google Sues Chinese Cybercriminals, Coupang Hacked by Employee