Panera Bread Data Breach Impacts 5.1 Million Customers

Panera Bread Data Breach Affects 5.1 Million

A data breach at Panera Bread has compromised the personal information of approximately 5.1 million customers. According to a report from Have I Been Pwned, the extortion group known as ShinyHunters claimed responsibility for the breach involving more than 14 million accounts. The stolen data reportedly includes contact details and personally identifiable information. Since the initial claim, the hackers have published a 760 MB archive on their dark web platform. Impacted individuals are advised to monitor their financial accounts for suspicious activity and change their login credentials immediately.

Source: Bleeping Computer, Security Affairs

Why Native Cloud Security is “Not Enough”

Native security features provided by cloud service providers often introduce structural vulnerabilities like vendor lock-in and single points of failure. While these integrated tools offer management convenience, they couple security directly to infrastructure, meaning a single service outage can disable both. Decoupling core security controls through third-party solutions such as Penta Security’s WAPPLES, D.AMO, or Cloudbric, allows consistent policies across multi-cloud environments. This strategic separation is essential for mitigating supply chain risks and ensuring compliance in highly regulated industries.

Source: The Register

Aisuru Botnet Sets New Record of DDoS Attack

Aisuru (also known as Kimwolf) botnet set a new world record for the largest publicly disclosed DDoS attack, peaking at 31.4 Tbps and 200 million requests per second. The attack targeted telecommunications and IT organizations in late December 2025. Unlike previous campaigns that relied on routers and typical IoT devices, this campaign utilized a swarm of compromised Android TVs. Despite the unprecedented volume, the attacks were automatically mitigated. This incident shows a broader trend that generated a 121% increase in DDoS activity, with hyper-volumetric attacks becoming increasingly common.

Source: Bleeping Computer

EU Data Breach Notifications Rise as GDPR Changes

Data from DLA Piper and the European Commission revealed that personal data breach notifications in the EU have surged to an average of 443 per day, a 22% increase over the previous year. This marks the first time since the GDPR’s inception in 2018 that daily reports have exceeded 400. Experts attribute this “post-plateau” spike to a combination of heightened geopolitical tensions, sophisticated AI-driven cyberattacks, and a new wave of strict regulations like NIS2 and DORA, which mandate more aggressive reporting. Despite the surge in notifications, annual GDPR fines held steady with Ireland remaining the top enforcer.

Source: The Cyber Express

Polish Energy Grid Under Cyberattack

A coordinated cyberattack targeted approximately 30 energy facilities across Poland, including wind, solar, and combined heat and power sites. Attributed by Dragos to the Russian threat actor Electrum (associated with Sandworm/APT44), the attack involved the use of DynoWiper malware to corrupt the configurations of remote terminal units (RTUs) and network edge devices beyond repair. While the attackers successfully disabled remote monitoring and control systems, they failed to cause a power outage or disrupt actual electricity generation.

Source: The Hacker News

Click here to subscribe our Newsletter