700Credit Under Data Breach: Names, Addresses, and Social Security Numbers Exposed

700Credit Under Data Breach: Names, Addresses, and Social Security Numbers Exposed

At least 5.6 million people had their names, addresses, dates of birth, and Social Security numbers stolen in a data breach at 700Credit. 700Credit is a company that runs credit checks and identity verification services for auto dealerships across the United States. In a statement on its website, the Michigan-based company blamed the October data breach on an unidentified bad actor. According to Michigan’s attorney general, the hacker stole personal data collected from dealers between May and October 2025. The company said it was now sending letters by mail to individuals whose information had been stolen in the data breach, which offers credit monitoring services.

Source: Security Week, Cyber Press, Tech Crunch

SoundCloud Confirms Data Breach 

The SoundCloud data breach, confirmed on December 16, 2025, resulted from unauthorized access traced to anomalous activity in an ancillary service dashboard. The consequence was the successful exfiltration of email addresses and publicly visible profile information but not passwords or financial data. The breached data was from approximately 20% of its user base, millions of accounts, leading to concerns about potential follow-up phishing and social engineering attacks.

Source: Bleeping Computer

French Interior Ministry Under Cyberattack on Email Servers

The French Interior Ministry confirmed a cyberattack on its systems that was detected overnight between Thursday, December 11, and Friday, December 12, 2025. The affected systems were the country’s e-mail servers. The cause is currently under investigation, with officials considering possibilities. Officials are looking from foreign interference such as the suspected APT28 group, to activists attempting to demonstrate vulnerabilities, or cybercrime. The consequence was that a threat actor gained access to some document files, though officials have yet to confirm if any data was successfully stolen. In response, the ministry tightened security protocols and access controls.

Source: Bleeping Computer, SC Media

Over 10,000 Docker Hub Images With Leaking Credentials, Auth Keys

More than 10,000 Docker Hub container images were found leaking sensitive data. The type of data exposed included live credentials to production systems, database credentials, Git repository tokens, CI/CD system keys, and numerous AI model access tokens (over 4,000). The leak’s primary cause was developer carelessness. Secrets were unintentionally stored in images, often using .ENV files or by hardcoding tokens into application and configuration files. This exposes core infrastructure components for over 100 organizations, including major banks and a Fortune 500 company.

Source: Cyber Press

Google Warns React2Shell Exploitation to Spread Malware

Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since the vulnerability was disclosed on December 3, 2025, Google has observed multiple distinct hacker groups abusing the flaw. The attackers range from state-sponsored espionage groups to cybercriminals looking for financial gain.

Source: Cyber Security News

Click here to subscribe our Newsletter