Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Coinbase confirms insider breach linked to leaked support tool screenshots

This analysis examines the report from BleepingComputer regarding a security breach at Coinbase involving the unauthorized access of customer data via internal support tools.

The article details a security incident where a Coinbase contractor improperly accessed the sensitive information of approximately 30 customers. This breach came to light after a hacking group known as “Scattered LAPSUS$ Hunters” posted screenshots on Telegram that appeared to show an internal support panel. These screenshots revealed high-level account details, including cryptocurrency balances, one showing over $300,000, along with personally identifiable information (PII) such as names, dates of birth, and phone numbers. While Coinbase confirmed the contractor’s involvement and subsequent termination, the incident highlights a persistent vulnerability: the exploitation of human access points within a platform’s support infrastructure.

A significant portion of the analysis focuses on the evolving tactics of cybercriminals who target Business Process Outsourcing (BPO) firms. Rather than attempting to bypass Coinbase’s primary technical defenses, threat actors targeted the support staff who possess legitimate credentials to view customer data. This “insider-as-a-service” model, where contractors are either bribed or compromised to provide screenshots and data, allows attackers to bypass traditional security perimeters. The report underscores that even a single compromised individual can provide enough information for hackers to facilitate targeted social engineering attacks or account takeovers, posing a disproportionate risk relative to the number of users initially affected.

Finally, the article serves as a cautionary tale for the broader cryptocurrency and financial sectors regarding third-party risk management. Although Coinbase took swift action by firing the individual, notifying the affected users, and offering identity theft protection, the breach mirrors a much larger previous incident involving contractors in India. This repetition suggests that technical safeguards like Multi-Factor Authentication (MFA) and encryption are insufficient if the “human firewall” is breached. The analysis concludes that for major exchanges, the greatest security challenge may no longer be the strength of their code, but the difficulty of monitoring and securing the vast network of global support personnel who hold the keys to user accounts.

Projects

• TryHackMe – Security Principles – Complete
• TryHackMe -Training Impact on Teams – In Progress

Videos

Articles

• Notepad++ update feature hijacked by Chinese state hackers for months – Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.
• Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology
• Russian hackers exploit recently patched Microsoft Office bug in attacks – Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.
• Hackers Leak 5.1 Million Panera Bread Records – ShinyHunters has claimed the theft of 14 million records from the US bakery-cafe chain’s systems.
• Coinbase confirms insider breach linked to leaked support tool screenshots – Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December.
• Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries – Palo Alto Networks has not attributed the APT activity to any specific country, but evidence points to China.
• Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says – Italy has foiled a series of cyberattacks targeting some of its foreign ministry offices, including one in Washington.
• Data breach at govtech giant Conduent balloons, affecting millions more Americans – A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States.
• Man pleads guilty to hacking nearly 600 women’s Snapchat accounts – An Illinois man pleaded guilty to hacking nearly 600 women’s Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion.
• Flickr discloses potential data breach exposing users’ names, emails – Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity.