News

The North Korean-linked Lazarus Group (also tracked under aliases like Diamond Sleet or Andariel) has been observed deploying Medusa ransomware in extortion attacks against at least one organization in the Middle East and attempting, unsuccessfully, to breach a U.S. based healthcare entity.

Medusa, a ransomware-as-a-service (RaaS) strain operated by the cybercrime group Spearwing, has been used by affiliates in hundreds of attacks, but this is the first time Lazarus has been tied to it.

Spearwing has claimed responsibility for over 366 attacks to date.

On January 9, 2026, financial technology firm Betterment experienced a data breach after attackers carried out a successful social engineering attack against a third-party platform used for marketing and customer outreach.

Hackers gained unauthorized access to some internal systems and were able to send fraudulent cryptocurrency “promotion” messages — including promises to triple users’ crypto if they sent funds to attacker-controlled wallets.

Breach access was revoked quickly once detected. Betterment confirmed that no customer accounts, passwords or login credentials were accessed.

Windows 11 version 24H2 (after applying cumulative update KB5062553 released July 2025) is causing critical shell-level failures.

Affected components include the Start Menu, Taskbar, File Explorer (explorer.exe), System Settings, and more. On login — especially first-time logons or in non-persistent Virtual Desktop Infrastructure (VDI) environments - users may get empty taskbars, unresponsive Start buttons, crashes of explorer.exe or ShellHost.exe, or even a black screen / unusable desktop UI.

The root cause: a race condition with XAML-based UI dependency packages. After the update, required packages sometimes don’t register in time before the shell attempts to load UI components — resulting in shell startup failures.

On October 25, 2025, delivery service DoorDash identified that an unauthorized third-party gained access to some internal systems after one of its employees fell victim to a social-engineering attack.

The adversary accessed various records containing personally identifiable information (PII) of users (consumers), delivery workers (Dashers), and merchants across several countries. Data exposed includes first & last names, email addresses, phone numbers, and physical addresses.

DoorDash states that no payment card information, banking details, Social Security numbers or other highly sensitive identity documents were accessed.