There’s a moment at the start of every good drive or long hike where you pause, take a breath, and mentally map the terrain ahead. Not because you expect trouble, but because preparation makes the rest of the journey smoother. Cybersecurity works the same way — the organizations that do best aren’t the ones chasing shiny tools; they’re the ones quietly, consistently doing the fundamentals and verifying their assumptions along the way.
This week, let’s ground ourselves in the basics that actually move the needle.
🔒 Security Tip of the Week:
Take one control you think is “fine” — patching cadence, MFA configuration, email protections, whatever comes to mind — and verify it with fresh eyes. Trust the process, but don’t trust it blindly. Even mature programs benefit from a periodic reality check.
Here’s to a week of clarity, good decisions, and a few well-chosen improvements that make everything run a little smoother, and of course, if you need any assistance with your Security program, contact Pinpoint Security today to learn how we can help!
– Jon Rogers, Pinpoint Security Consultant
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🚨 Critical Zero-Days Patched in Microsoft’s December Update
Microsoft’s December 2025 Patch Tuesday addressed 57 vulnerabilities, including two zero-day flaws actively exploited in the wild. The most severe, CVE-2025-62221, is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver that allows attackers to gain SYSTEM privileges. The second, CVE-2025-54100, affects PowerShell and could allow remote code execution if a user is tricked into running a malicious script.
🐶 Petco Confirms Data Breach Exposing Customer Financials
Petco has disclosed a significant data breach after a misconfigured third-party application inadvertently left sensitive customer files accessible online. The exposed data includes names, Social Security numbers, driver’s license numbers, and credit/debit card information. While the company has secured the files, the breach has prompted state-level filings and offers of identity theft monitoring for affected individuals.
Petco has disclosed a significant data breach after a misconfigured third-party application inadvertently left sensitive customer files accessible online. The exposed data includes names, Social Security numbers, driver’s license numbers, and credit/debit card information. While the company has secured the files, the breach has prompted state-level filings and offers of identity theft monitoring for affected individuals.
🚗 Massive Auto Financing Leak Hits 5.8 Million Americans
A major data breach involving the credit compliance firm 700Credit has exposed the sensitive financing information of nearly 5.8 million U.S. car owners. The leaked database contained Social Security numbers, loan details, and vehicle identification numbers (VINs). Security researchers warn that this data could be weaponized for targeted phishing and identity fraud against recent car buyers.
A major data breach involving the credit compliance firm 700Credit has exposed the sensitive financing information of nearly 5.8 million U.S. car owners. The leaked database contained Social Security numbers, loan details, and vehicle identification numbers (VINs). Security researchers warn that this data could be weaponized for targeted phishing and identity fraud against recent car buyers.
🎩 New “Gentlemen” Ransomware Group Surges Globally
A rapidly emerging ransomware group calling itself “Gentlemen” has launched a wave of attacks targeting healthcare and manufacturing sectors across 17 countries. Security researchers report that the group uses sophisticated evasion tactics and a double-extortion model, stealing data before encrypting systems. The group’s activity has spiked significantly in the last week, marking them as a top threat actor to watch.
A rapidly emerging ransomware group calling itself “Gentlemen” has launched a wave of attacks targeting healthcare and manufacturing sectors across 17 countries. Security researchers report that the group uses sophisticated evasion tactics and a double-extortion model, stealing data before encrypting systems. The group’s activity has spiked significantly in the last week, marking them as a top threat actor to watch.
🍏 Apple Patches WebKit Zero-Days Exploited in Spyware Attacks
Apple has released urgent security updates for iOS and iPadOS to fix two critical zero-day vulnerabilities in the WebKit browser engine. These flaws were discovered being actively exploited in the wild to deploy spyware on targeted devices. The vulnerabilities allowed attackers to execute arbitrary code simply by processing malicious web content, affecting iPhone and iPad users globally.
Apple has released urgent security updates for iOS and iPadOS to fix two critical zero-day vulnerabilities in the WebKit browser engine. These flaws were discovered being actively exploited in the wild to deploy spyware on targeted devices. The vulnerabilities allowed attackers to execute arbitrary code simply by processing malicious web content, affecting iPhone and iPad users globally.
📉 CISA and MITRE Release 2025 Top 25 Software Weaknesses
The Cybersecurity and Infrastructure Security Agency (CISA) and MITRE have published the 2025 Common Weakness Enumeration (CWE) Top 25 list. This annual report highlights the most dangerous software errors that lead to serious vulnerabilities. Topping the list this year are Cross-Site Scripting (XSS), SQL Injection, and memory safety issues, urging developers to prioritize these specific areas in their code audits.
The Cybersecurity and Infrastructure Security Agency (CISA) and MITRE have published the 2025 Common Weakness Enumeration (CWE) Top 25 list. This annual report highlights the most dangerous software errors that lead to serious vulnerabilities. Topping the list this year are Cross-Site Scripting (XSS), SQL Injection, and memory safety issues, urging developers to prioritize these specific areas in their code audits.
📦 Japanese Retail Giant Askul Suffers 700,000-Record Breach
E-commerce and logistics major Askul Corporation confirmed that a ransomware attack by the “RansomHouse” group compromised over 700,000 records. The breach impacts both business and consumer data, causing significant shipping delays and operational disruptions. The attackers claimed to have stolen 1TB of data after gaining access through compromised credentials and disabling security systems.
E-commerce and logistics major Askul Corporation confirmed that a ransomware attack by the “RansomHouse” group compromised over 700,000 records. The breach impacts both business and consumer data, causing significant shipping delays and operational disruptions. The attackers claimed to have stolen 1TB of data after gaining access through compromised credentials and disabling security systems.