Although Christmas brought joy as usual, a few headlines dimmed the holiday spirit. France, South Africa, Nissan, WhatsApp developers, and Apple experienced cyberattacks, breaches and sanctions.
We bring you the latest cyber news:
Christmas is “Cancelled” as Cyberattack Shuts Down France’s Postal Service
France had a rough start to Christmas week after a cyberattack shut down the national postal service, La Poste. The disruption began only three days before Christmas, when a DDoS attack knocked key systems offline.
Customers could still drop letters in the mail, but parcel tracking, online payments, and several internal services stopped working. With millions rushing to send gifts and cards, frustration spread quickly across post offices.
At La Banque Postale, digital banking services were also affected. Users couldn’t approve payments through the app, so the bank switched to text message verification while technicians worked to restore access. La Poste stated that customer data remained safe, although deliveries were slowed significantly.
South Africa’s Credit Regulator Hit in Holiday Cyberattack Linked to Dragonforce
On December 24, 2025, South Africa’s National Credit Regulator suffered a cyberattack linked to the hacking group Dragonforce. The agency oversees the country’s credit industry and stores large amounts of personal and financial data, which makes it an appealing target for extortion.
The first signs of trouble appeared on December 12, when the NCR warned stakeholders about system disruptions. Things intensified on Christmas Eve after Dragonforce publicly claimed to have stolen data from the regulator. The group is known for using ransomware to pressure victims and leaking information if demands are ignored.
Investigations are ongoing to determine how much data was accessed. For now, the NCR has brought in forensic experts and informed the Information Regulator. People who may be affected have been advised to watch out for phishing messages and consider signing up for protective registration with fraud prevention services.
The attack adds to growing worries about cybercriminals targeting South Africa’s financial systems during the 2025 holiday period.
Nissan's Customer Data Exposed After Cyberattack Hits Red Hat
Nissan has confirmed that the personal details of thousands of customers were exposed after a cyberattack linked to Red Hat’s systems.
The breach was traced to a self-managed GitLab server used by Red Hat Consulting and hackers reportedly gained access in late September, stealing files containing code samples, internal messages, and project materials.
A group known as Crimson Collective has claimed responsibility. They claimed to have taken about 570 gigabytes of data from thousands of private repositories and suggested some of it could be used to access Red Hat customers’ systems.
Nissan confirmed that 21,000 customers from Nissan Fukuoka Sales were affected.
The exposed information includes names, addresses, phone numbers, partial email addresses, and sales-related records. Nissan noted that credit card details were not stored in the affected files. Red Hat contacted Nissan about the breach on October 3, roughly a week after the attack.
Nissan has informed authorities and begun reaching out to affected customers. Investigations are ongoing as Nissan works to assess the impact and guide customers on protective steps.
WhatsApp Developers Targeted Through Fake NPM Package “Lotusbail”
A malicious NPM package named Lotusbail was recently discovered stealing credentials and private data.
Masquerading as a functional WhatsApp Web API tool, it sat in the public repository for six months, amassing over 56,000 downloads. Its danger lies in being a fork of Baileys, a popular legitimate library; by offering real functionality, it easily avoids suspicion from developers.
Koi Security, which uncovered the threat, found that Lotusbail operates by wrapping the legitimate WebSocket client. This proxy-like setup ensures every message, along with authentication tokens, chat history, and media, is harvested and encrypted via a custom RSA implementation before being sent to attackers.
To make matters worse, the malware hijacks the device-pairing process. When a developer authenticates, the attacker’s device is silently linked alongside theirs, granting long-term backdoor access.
Uninstalling it alone is not enough, as users must unlink all connected WhatsApp devices to secure their accounts. Researchers say the package is part of a wider campaign built to evade analysis and security tools.
Italy Fines Apple $116 Million Over App Tracking Transparency
Apple is facing a major penalty in Italy after the country’s antitrust regulator ruled that one of its privacy tools limits competition within the App Store. The authority announced a fine of 98.6 million euros, roughly 116 million dollars. Apple stated that it plans to challenge the decision.
At the center of the issue is Apple’s App Tracking Transparency, known as ATT. The feature, introduced in 2021, requires apps to ask users for permission before tracking their data for targeted advertising. Many users welcomed the extra control, but advertising platforms and smaller developers noted that it made their business harder because personalized ads became less effective.
Italian regulators did not fault the privacy goal itself. Their concern is that third-party developers must request consent twice under European privacy requirements, while Apple’s own system does not face the same hurdle. The agency argued that this creates an uneven situation and makes it more difficult for developers who depend on advertising to earn revenue.
However, Apple believes that privacy should not be compromised and that ATT was built to give users control over how apps track them across the web. Apple added that the rules apply to every developer, including Apple, and communicated that the feature has been accepted by users and privacy groups.
The appeal process will move forward, and the outcome may shape discussions around privacy rights and competition in digital markets.
…
That's all for today’s roundup.
If you found this helpful, you can download our December 2025 Threat Intelligence Report on Artificial Intelligence.
You can also join our newsletter to get security updates delivered straight to your inbox.