This Week in Cyber with Data Breaches, Privacy Battles, and Policy Shifts

This week brought a wide mix of cybersecurity developments, from new privacy rules and ransomware claims to outages, cyber espionage and regulatory reversals. 

Governments moved in ways that reshaped security across sectors, while researchers warned of children’s privacy over AI toys.

Samsung's Pre-Installed AppCloud Sparks Surveillance Controversy Despite No Evidence

Samsung faces a mounting privacy controversy over AppCloud, a pre-installed application developed by ironSource, acquired by Unity, that reportedly cannot be removed from certain Galaxy A and M series devices. User complaints and rights groups claim the software runs at a system level, raising concerns about data collection and transparency. No conclusive evidence has emerged that it is spyware. 

Cyberattack Cripples French Medical Software, Blocking Access to Patient Records Across France

Weda, a France-based medical software platform has been hit by a cyberattack disrupting 23,000 professionals. The company reports unusual account activity and possible partial data extraction, though no confirmed breach is established. Doctors warn the outage is severe as access to patient records is blocked and sensitive medical data may be at risk.

India Rolls Out New Privacy Rules Giving Users More Control Over Their Data

India’s government has issued the operational rules for the Digital Personal Data Protection Act, 2023. requiring organisations that handle digital personal data to implement stricter user-consent, purpose-limitation and breach-notification obligations. The rules apply to all data fiduciaries including global technology firms, aiming to give Indian users greater control over their data and align with global privacy norms.

Everest Ransomware Claims Data Theft of Sportswear Giant Under Armour

Everest ransomware claims it breached Under Armour and stole 343 GB of company and customer data, though the company has not confirmed the incident. The threat actor alleges it accessed shopping histories, contact details, passport data, and internal product and marketing records.

National Cyber Strategy to Focus on Shaping Adversary Behavior

The US administration is preparing a new national cyber strategy emphasizing six core pillars, including one specifically aimed at “shaping” adversary behavior. Sean Cairncross stated the strategy will have a statement of intent with action items, aiming to send clearer signals to adversaries that malicious cyber behavior carries consequences. It is to deter malicious cyber activity and shift the burden of cyber risk from Americans to adversaries. 

Cloudflare Experiences Widespread Service Outage that Impacts Services Worldwide 

Cloudflare experienced a global service disruption on November 18, beginning at 11:48 UTC and causing widespread 500-level errors across major websites and apps. The company said a file caused a crash in the traffic-handling software, and confirmed there was no evidence of an attack. Cloudflare implemented a fix at 14:42 UTC and declared services operating normally by 17:45 UTC.

2025 Digital Transformation: Governance Gaps in Cloud Migration

A Pathlock research found that most organizations adopting cloud systems in 2025 still lack automated access-governance controls, creating gaps that lead to insider-risk and security failures. Many companies continue using manual processes during digital transformation, delaying user de-provisioning and reusing outdated roles. These oversights widen exposure windows and make cloud migration a major governance challenge rather than a smooth modernization effort.

Europol Traced €47 Million in Crypto in Anti-Piracy Campaign

Europol traced €47 million in crypto linked to illicit IPTV and piracy networks during a global anti-piracy action. Investigators used OSINT and crypto purchases to identify operators behind 69 targeted sites. The operation disrupted 25 IPTV services and launched 44 new investigations in over 15 countries.

Microsoft Update Creates Agentic OS Infostealer Attack Vector

A new Windows 11 update adds an AI agent to the taskbar, creating a data exposure risk. Hudson Rock researchers warn that attackers can hide malicious prompts inside everyday files, triggering the agent to exfiltrate credentials. This marks a shift from infostealers to Agent Hijacking, with system AI becoming the attack vector.

EU Designates ICT Providers for Direct Oversight Under DORA

The EU’s financial regulators have officially named several companies as ‘critical ICT third-party providers’ under the DORA framework. These technology firms cloud, data, or security services are essential to banks and financial institutions. By designating them as critical, the EU can now directly supervise their cyber resilience, demand stronger risk controls, and ensure they can withstand outages or attacks.

Dark Web Job Market Mirrors Legal Employment Trends

Research found that the dark web fully operates as a parallel job market with rising skill requirements and growing participation from young, inexperienced seekers. About 2,000 posts reflected active recruitment for IT and criminal roles. Most applicants searched for any available work, while developers, pentesters and money launderers were in highest demand.

Children’s Advocacy Group Warn Parents Against Buying AI-Powered Toys

Researchers have warned against buying AI-powered toys for children this holiday season, citing privacy risks. AI toys can record sensitive family data, mimic friendship, and expose children to harmful responses. Toys giving sexual or dangerous advice, raise concerns that unregulated AI could disrupt healthy childhood development.

UK Teens Linked to Scattered Spider Plead Not Guilty in TfL Cyberattack and U.S. Network Intrusion

Two British teenagers accused of involvement in the Transport for London cyberattack have pleaded not guilty to multiple serious Computer Misuse Act charges. Prosecutors allege the pair are linked to wider Scattered Spider activity, including attempted breaches of U.S. healthcare networks. One suspect also faces related charges in the United States, adding an international dimension to the case.

SEC Ends Its Lawsuit That Accused SolarWinds of Misleading Investors

The SEC has voluntarily dismissed its 2023 lawsuit that accused SolarWinds and its chief security officer of misleading investors about cybersecurity weaknesses. A federal judge had previously thrown out most claims, ruling the case relied on hindsight and speculation rather than evidence. SolarWinds called the dismissal a vindication and said the outcome may ease concerns among CISOs about the case’s broader implications.

FCC Moves to Reverse Telecom Cybersecurity Measures Adopted After Salt Typhoon Hack

The FCC is preparing to vote on reversing telecom cybersecurity measures adopted in January 2025 after the Salt Typhoon intrusion compromised U.S. communications networks. The move would rescind the earlier ruling that had telecom providers legally obligated under CALEA to fortify their systems. It would also withdraw a proposed requirement for providers to annually certify their cybersecurity risk-management practices with the commission.

ShinyHunters Claims Salesforce Data Theft Via Gainsight, Cites Almost 1,000 Victims

Salesforce has now confirmed that attackers accessed customer data by exploiting OAuth tokens from Gainsight-published apps, rather than any flaw in Salesforce’s core platform. ShinyHunters had earlier claimed responsibility for compromising nearly 1,000 organizations and doing so using stolen access from related campaigns. They also said they used those stolen secrets to access another 285 Salesforce instances. 

What This Week’s Cyber Developments Signal Going Forward

This week was a reminder of how fast the threat landscape is evolving. Governments rewrite rules and new technologies create fresh exposure points. We’ll continue tracking how these developments reshape global cybersecurity in the weeks ahead.