This news cuts across trust, different levels of disruption and cyberattacks at scale. From insiders abusing privileged access, to phishing platforms sold as products, to outages and big cloud deals that affect millions of users, this week's stories show how quickly risk can spread when systems and people fail at the same time.
Let's look at the details.
Microsoft Teams Outage Causes Messaging Delays Worldwide
Microsoft Teams users across multiple regions were hit by an outage that disrupted messaging and other core features. Reports began increasing in the afternoon, with users experiencing delayed messages, failed deliveries, and general performance issues.
Microsoft acknowledged the disruption and confirmed that it was investigating a problem affecting Teams messaging and related services.
Outage tracking platforms recorded thousands of reports within hours. Users in the United States, Europe, Asia, and Australia reported issues, with some noting knock-on effects across other Microsoft 365 services, including Outlook and OneDrive.
Businesses relying on Teams for internal communication reported stalled meetings and slowed workflows in regions where the outage coincided with business hours. Microsoft later communicated that services were gradually recovering, though it did not provide a specific timeline or confirm the root cause.
Cybersecurity Employees Plead Guilty to Running Ransomware Attacks
Two former cybersecurity employees, Ryan Clifford Goldberg and Kevin Tyler Martin, have pleaded guilty to US federal charges after admitting they carried out ransomware attacks while working in the security industry. Court records show the pair conspired to hack organizations and extort ransom payments over several years.
One defendant, Goldberg, previously worked as an incident response manager at the cybersecurity firm Sygnia, while the other, Martin, served as a ransomware negotiator for DigitalMint.
Prosecutors say they used their industry knowledge to compromise company networks and deploy ransomware, collecting large payments in cryptocurrency. In one case, the group received more than $1.2 million from a medical device company.
The two men acknowledged sharing profits with the developers of the ransomware strain they used, linked to the ALPHV/BlackCat operation.
Their former employers, Sygnia and DigitalMint, said the individuals acted without authorization and were terminated once their activities came to light. Both companies stated they are cooperating with the Justice Department as the case moves forward.
Rockrose Development Hit by Data Breach Affecting Over 47,000 People
Rockrose Development, a New York City–based real estate company, has disclosed a data breach that exposed personal information belonging to over 47,000 people. The company says the intrusion happened in early July but was only discovered months later, in November.
Regulatory filings show that 47,392 individuals, who have been notified of the breach, were affected. Rockrose has not shared how the attackers gained access, but it confirmed that sensitive data may have been exposed. Depending on the individual, this could include names, Social Security numbers, government-issued IDs, bank and routing details, health insurance information, medical records, and online account credentials.
After identifying the breach, Rockrose launched an internal investigation and brought in external cybersecurity experts to assess the impact. The company says it has since implemented additional security measures and tightened controls across its systems.
Palo Alto Networks and Google Cloud Expand Partnership with Multibillion-Dollar Deal
Palo Alto Networks and Google Cloud have announced a major expansion of their partnership through a new multibillion-dollar agreement focused on cloud security and artificial intelligence. While neither company disclosed exact figures or timelines, the deal deepens their existing collaboration.
Under the agreement, Palo Alto Networks will move key internal workloads to Google Cloud and use Google’s AI tools, including Vertex AI and Gemini models, to enhance its security copilots. The companies are also integrating Palo Alto’s security platforms more tightly into Google Cloud’s developer ecosystem.
This includes optimized virtual firewalls for Google Cloud environments and expanded use of Prisma Access across Google’s global network to support secure remote access. Both firms say they are also working on pre-validated deployments aimed at reducing the complexity of rolling out third-party security tools in cloud environments.
The deal builds on an existing commercial relationship that has already generated more than $2 billion in sales through the Google Cloud Marketplace. Financial specifics remain undisclosed, which is typical for large enterprise cloud partnerships.
Askul Ransomware Attack Compromises 740,000 Records
After Askul, logistics partner to Muji, suffered a ransomware attack, the company revealed that the attack compromised about 740,000 records.
The attack was detected after hackers started encrypting files on Askul’s systems, but investigations later showed that data had already been stolen before encryption started (learn about Double extortion here).
The RansomHouse ransomware group claimed responsibility and said it had taken more than one terabyte of data from Askul’s network. Portions of the stolen data were leaked online in November and December, suggesting the company refused to pay the ransom demand.
Askul confirmed that the breach affected a wide range of information. This included
- 590,000 records related to business customers
- 132,000 individual consumer service records
- 15,000 records related to business partners (outsourcers, agents, suppliers):
- 2,700 records belonging to employees, and company executives.
Beyond data loss, the attack caused major operational disruptions. Askul’s automated logistics systems were shut down, affecting order processing and shipping for weeks.
According to the company’s incident report, the attackers gained access using an outsourced partner’s administrative account that lacked multi-factor authentication (MFA). Once inside the network, they moved laterally, disabled security controls, deleted backups, and deployed file-encrypting malware.
Fieldtex Data Breach Impacts Over 274,000 Individuals
Fieldtex Products, a US-based company that provides contract sewing services and medical supply fulfillment, disclosed a data breach after unauthorized access was detected within its systems. The incident was discovered in mid-August, although the public disclosure came later in November.
Fieldtex stated that hackers may have accessed a limited amount of protected health information.
While initial reports suggested a lower figure, the company filed four separate breach notifications with the US Department of Health and Human Services between November 20 and December 3, bringing the confirmed total to 274,363 affected individuals.
The compromised information included names, home addresses, dates of birth, insurance member ID numbers, health plan details, and gender.
Companies connected to the healthcare sector remain attractive targets, even if healthcare is not their primary business, as they often handle sensitive data as "business associates" for larger insurance providers.
LKQ Confirms Oracle E-Business Suite Breach
Automotive parts giant LKQ Corporation has confirmed it was also affected by the cyberattack linked to Oracle E-Business Suite.
LKQ disclosed that the personal information of about 9,070 individuals was compromised. According to the company, most of the affected individuals were sole proprietor suppliers. The exposed data included social Security numbers and employer identification numbers.
The company began investigating the incident on October 3 and completed its review on December 1. In its notification to affected individuals, LKQ stated that there was no evidence that the attackers accessed systems beyond the Oracle EBS environment.
This was not LKQ’s first experience with a cyber incident. About a year earlier, the company reported another attack that disrupted operations at one of its Canadian business units.
Nigeria Arrests Suspected Developer of Raccoon0365 Phishing Platform
Nigerian police have arrested three individuals in connection with the Raccoon0365 phishing operation, a platform linked to widespread Microsoft 365 account compromises. The arrests followed intelligence shared by Microsoft through international law enforcement channels, including coordination with the FBI.
Raccoon0365 was used to generate fake Microsoft login pages designed to steal credentials at scale. Microsoft estimates the platform was responsible for at least 5,000 compromised accounts across 94 countries before it was disrupted last year with assistance from Cloudflare.
Microsoft Trains Four Million Nigerians in Digital Skills
Microsoft reported a major milestone in its digital skills partnership with Nigeria. Since 2021, the company has delivered digital training to over four million people. Under its specialized National AI Skills Initiative (AINSI), 350,000 have been trained specifically in AI, with over 43,000 earning globally recognized certifications to date.
The initiative began in 2021 through collaboration with the Nigerian government and local partners. The focus was not just on teaching technology, but on improving employment opportunities. Microsoft structured the programme to reach organizational leaders, developers, and technology users.
Found this helpful? Download our report for December 2025 threat intelligence on Artificial Intelligence.
You can also join our newsletter for security tips straight to your inbox.