eurogamer.net
News by Connor Makar Staff Writer
Published on Jan. 6, 202
Final Fantasy 14 is suffering DDOS attacks on its American servers during the release of the latest Savage raid.
Final Fantasy 14 has released its latest Savage-tier raid today, pushing the game's best and brightest to race through this new challenge group content to earn powerful loot and see which region can take it down first. However, for Americans, this is proving difficult due to ongoing DDOS attacks and server outages.
With the release of patch 7.4 last month, players were welcomed back to the game with a bunch of new content to pour over. The Savage difficulty for the Heavyweight raid, which was delayed until after the holiday season, has just come out resulting in the usual rush to see which team can take it down first.
The problem comes from DDOS attacks. American players, obviously present on different servers than like-minded raiders in other regions, are facing a spree of connection issues as the servers are bombarded with digital assaults from nefarious parties. Checking the FF14 server status page, you can see a sizable portion of America servers under strain.
This has resulted in chaos for the race for world first Heavyweight Savage clears, as American teams are scrambling to contend with these extra hurdles. Players looking to temporarily hop to different servers, such as Oceania's Materia server cluster, aren't safe from these attacks either. The only way to dodge such attacks at this time appears to be a full-on server transfer to another region, which would add additional latency to play which top-end players tackling difficult content wouldn't want anyway. A messy situation.
Funnily enough, it appears as though Japanese servers are largely doing just fine during the initial release of Savage Heavyweights so far! This is both good and bad. It's good because these server outages are annoying and the less people experience them the better. It's bad because, from the perspective of competitive raiders looking to race each other to a world first clear, it adds a degree of unfairness to the mix. It takes what should be a joyful moment and sours it.
Unfortunately, this Savage raid release isn't the first time problems like these have hit Final Fantasy 14. In fact, it was only around two weeks ago when the American servers suffered several DDOS attacks. For Western FF14 players, this is a problem in desperate need of addressing, especially now that it's impacted one of the more climactic moments in the Dawntrail expansion's life cycle.
A short post on the Final Fantasy 14 website has acknowledged the problem, and states that it's being looked into. However, given the time sensitive nature of these Savage raid races, it's possible for the most dedicated FF14 players, the damage has been done.
therecord.media
Jonathan Greig
January 2nd, 2026
The claims administration company Sedgwick confirmed that a subsidiary that contracts with a handful of sensitive federal agencies is dealing with a cybersecurity incident.
Claims administration company Sedgwick confirmed that its government-focused subsidiary is dealing with a cybersecurity incident.
On New Year’s Eve, the TridentLocker ransomware gang claimed it attacked Sedgwick Government Solutions and stole 3.4 gigabytes of data.
A Sedgwick spokesperson confirmed the company is currently addressing a security incident at the subsidiary, which provides claims and risk management services to federal agencies like the Department of Homeland Security (DHS), Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and Immigration Services, the Department of Labor, and the Cybersecurity and Infrastructure Security Agency (CISA).
“Following the detection of the incident, we initiated our incident response protocols and engaged external cybersecurity experts through outside counsel to assist with our investigation of the affected isolated file transfer system,” the spokesperson said.
“Importantly, Sedgwick Government Solutions is segmented from the rest of our business, and no wider Sedgwick systems or data were affected. Further, there is no evidence of access to claims management servers nor any impact on Sedgwick Government Solutions ability to continue serving its clients.”
The company has notified law enforcement and is in contact with its customers about the incident.
CISA and DHS did not respond to requests for comment. The company also provides services to municipal agencies in all 50 states as well as the Smithsonian Institution and the Port Authority of New York and New Jersey.
TridentLocker is a new ransomware gang that emerged in November, cybersecurity experts said. The group previously took credit for an attack on the Belgian postal and package delivery service bpost, which confirmed that it recently suffered from a data breach.
The group has listed a total of 12 victims on its leak site since its emergence.
Ransomware gangs have repeatedly targeted federal government contractors like Sedgwick. More than 10 million people had information leaked after the prominent government contractor Conduent was attacked one year ago.
SWI swissinfo.ch
Keystone-SDA
January 8, 2026 - 12:18
Swiss defence minister denounces increasing stream of disinformation from Russia.
Pfister interprets this as an attempt to influence Swiss politics and to unsettle the population.
The fact that Russia wants to influence the West with hybrid conflict management is nothing new – nor is the fact that Switzerland is increasingly affected by this. But rarely has a government minister condemned Russian “conspiracy narratives”, as Pfister called them, so clearly.
“Russia in particular has been increasingly attacking Switzerland with influence operations since 2022,” he said during a speech at a Swiss media industry event.
Russia primarily spreads disinformation and propaganda in Switzerland, claiming, among other things, that Switzerland is no longer neutral, no longer democratic and no longer safe.
Pfister gave a concrete example at the publishers’ meeting. In an influencing activity last May, pro-Russian accounts distributed a video from Geneva taken out of context in a coordinated manner on seven social media platforms and in all official Swiss languages.
“This supposedly showed that Switzerland was sinking into chaos,” said Pfister. The posts were viewed over two million times within a short space of time.
The two well-known Russian disinformation platforms Russia Today and Pravda alone disseminate between 800 and 900 articles per month in Switzerland, Pfister added. If such narratives continue unchecked, a society becomes vulnerable.
Swiss media publishers could play a decisive role in such an environment, Pfister said. “A healthy media system is also part of the Swiss security architecture.”
Especially in times of technological change and geopolitical uncertainty, the media need to fulfil their responsibilities more than ever.
bleepingcomputer.com
By Sergiu Gatlan
January 5, 2026
NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform.
The company's statement comes after a threat actor (using the 1011 handle) claimed on a hacking forum over the weekend that they stole more than 10 databases containing sensitive information like Salesforce API keys and Jira tokens, following a brute-force attack against a NordVPN development server.
"Today i am leaking +10 DB's source codes from a nordvpn development server. This information was acquired by bruteforcing a misconfigured server of Nordypn, which has salesforce and jira information stored. Compromissed information: SalesForce api keys, jira tokens and more," the threat actor said.
However, as NordVPN revealed today, this is actually test data stolen from a temporary test environment deployed months earlier during trial testing a potential vendor for automated testing.
The Lithuanian VPN service added that the test environment had no connection with its own infrastructure and that the stolen data doesn't include sensitive customer or business information.
"The leaked elements, such as the specific API tables and database schemas can only be artifacts of an isolated third-party test environment, containing only dummy data used for functionality checks. While no data in the dump points to NordVPN, we have contacted the vendor for additional information," NordVPN explained.
"Because this was a preliminary test and no contract was ever signed, no real customer data, production source code, or active sensitive credentials were ever uploaded to this environment.
"We ultimately chose a different vendor and did not proceed with the one we tested. The environment in question was never connected to our production systems."
While this was only a false alarm, in 2019, hackers breached the servers of NordVPN and TorGuard, gaining full root access and stealing private keys used to secure their web servers and VPN configurations.
In response to the 2019 incident, NordVPN introduced a bug bounty program and hired outside cybersecurity experts for a "full-scale" third-party security audit.
The company also announced plans to switch to dedicated servers that they own exclusively and to upgrade their entire 5,100-server infrastructure to RAM servers.
