As we head into the final week of 2025, it’s a good time to pause and take stock — not just of what we built this year, but how we supported one another along the way. In cybersecurity, progress rarely comes from big, dramatic moments. It comes from steady problem-solving, shared knowledge, and people willing to stop what they’re doing to help someone else get unstuck. That’s how resilient programs — and strong teams — are actually formed.
This past year reinforced something I see every day: the best security outcomes happen when we stay curious, keep learning, and focus on making things work a little better than they did yesterday. Tools matter, but the people behind them matter more.
🔒 Security Tip of the Week:
As you close out the year, take time to clean up something small but meaningful — outdated accounts, unused integrations, old scripts, forgotten policies. These quiet improvements don’t grab headlines, but they remove friction and risk in ways that compound over time.
From all of us at Pinpoint Security, thank you for the trust you placed in us throughout 2025. We’re grateful to be part of your journey and look forward to building on this momentum together in the year ahead, so let’s grab our tow straps and have a great 2026!
-Chris Ogles, COO
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🏥 Aflac Notifies 22 Million Individuals of Data Breach
Insurance giant Aflac has begun notifying over 22 million people that their personal information was compromised following a cyberattack initially detected in June. While the company contained the incident earlier this year, the investigation recently concluded that sensitive data—including names, Social Security numbers, and medical insurance details—was accessed, prompting this week’s massive notification effort.
Insurance giant Aflac has begun notifying over 22 million people that their personal information was compromised following a cyberattack initially detected in June. While the company contained the incident earlier this year, the investigation recently concluded that sensitive data—including names, Social Security numbers, and medical insurance details—was accessed, prompting this week’s massive notification effort.
📰 Hacker Leaks 2.3 Million Wired Subscriber Records
A threat actor known as “Lovely” has leaked a database containing 2.3 million records belonging to subscribers of the technology magazine Wired. The leaked data includes names, emails, and physical addresses, with the hacker threatening to release an additional 40 million records from Wired’s parent company, Condé Nast, if their security grievances are not addressed.
A threat actor known as “Lovely” has leaked a database containing 2.3 million records belonging to subscribers of the technology magazine Wired. The leaked data includes names, emails, and physical addresses, with the hacker threatening to release an additional 40 million records from Wired’s parent company, Condé Nast, if their security grievances are not addressed.
⚙️ Critical Vulnerability Found in n8n Automation Platform
A critical security flaw (CVE-2025-68613) with a near-maximum severity score of 9.9 has been disclosed in the popular workflow automation tool n8n. The vulnerability allows authenticated attackers to execute arbitrary code on affected instances, potentially leading to full system compromise. Users are urged to update to version 1.120.4 or later immediately.
A critical security flaw (CVE-2025-68613) with a near-maximum severity score of 9.9 has been disclosed in the popular workflow automation tool n8n. The vulnerability allows authenticated attackers to execute arbitrary code on affected instances, potentially leading to full system compromise. Users are urged to update to version 1.120.4 or later immediately.
🐼 Mustang Panda APT Deploys New Kernel-Mode Rootkit
The Chinese state-sponsored espionage group Mustang Panda has been observed using a previously undocumented kernel-mode rootkit to deliver the “TONESHELL” backdoor. This sophisticated technique allows the attackers to bypass security controls and maintain persistent access on compromised government and NGO networks in Southeast Asia.
The Chinese state-sponsored espionage group Mustang Panda has been observed using a previously undocumented kernel-mode rootkit to deliver the “TONESHELL” backdoor. This sophisticated technique allows the attackers to bypass security controls and maintain persistent access on compromised government and NGO networks in Southeast Asia.
💸 Lynx Ransomware Claims Breach of CSA Tax & Advisory
The Lynx ransomware group has claimed responsibility for a cyberattack on the accounting firm CSA Tax & Advisory, allegedly stealing sensitive corporate and client tax data. Security researchers note that Lynx is a rapidly growing “Ransomware-as-a-Service” operation that has already impacted nearly 300 organizations since emerging mid-year.
The Lynx ransomware group has claimed responsibility for a cyberattack on the accounting firm CSA Tax & Advisory, allegedly stealing sensitive corporate and client tax data. Security researchers note that Lynx is a rapidly growing “Ransomware-as-a-Service” operation that has already impacted nearly 300 organizations since emerging mid-year.