Healthcare Sector
Pharma’s Most Underestimated Cyber Risk Isn’t a Breach"Chirag Shah, Global Information Security Officer & DPO at Model N examines how cyber risk in pharma and life sciences is shifting beyond traditional breaches toward data misuse, AI-driven exposure and regulatory pressure. He explains why executives still underestimate silent control failures, how ransomware groups are weaponizing compliance risk, and why proof of security will increasingly require real-time governance, not audits, as cybersecurity and compliance continue to converge."
https://www.helpnetsecurity.com/2026/01/05/chirag-shah-model-n-pharma-cyber-risk/
New Tooling
OpenAEV: Open-Source Adversarial Exposure Validation Platform"OpenAEV is an open source platform designed to plan, run, and review cyber adversary simulation campaigns used by security teams. The project focuses on organizing exercises that blend technical actions with operational and human response elements, all managed through a single system. At the core of OpenAEV is the concept of a scenario. A scenario defines a threat context and turns it into a structured plan made up of events called injects. Scenarios can include background material such as documents, media files, and contextual data that help frame the exercise for participants. Players and assets are defined at this level, linking people and endpoints to the planned activity."
https://www.helpnetsecurity.com/2026/01/05/openaev-open-source-adversarial-exposure-validation-platform/
https://github.com/OpenAEV-Platform/openaev
Vulnerabilities
Claude In Chrome: A Threat Analysis"Claude in Chrome, made available in beta to all paid plan subscribers on Dec 18th, is the new agentic chrome extension by Anthropic. Following the likes of Perplexity's Comet, ChatGPT’s Atlas, and others, Anthropic brought Claude’s capabilities into the browser. It's less a browser extension than a new kind of browser altogether. This paradigm shift demands a corresponding shift in how we think about security. The threat model for an agentic browser includes both familiar as well as novel risks. In this post, we map the attack surface of Claude Chrome where the agent—not the user—is in the driver's seat."
https://labs.zenity.io/p/claude-in-chrome-a-threat-analysis
https://hackread.com/data-exposure-risk-claude-chrome-extension/ WhatsApp Silent Fix Of Device Fingerprinting Privacy Issue Assessment: The Good, The (Not So) Bad, And The (Somewhat) Ugly
"Using our research tool, we discovered that WhatsApp is silently implementing fixes for device fingerprinting privacy vulnerabilities. While the fix remains incomplete, it signals WhatsApp is finally starting to address vulnerabilities that were responsibly disclosed by the security community."
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
https://www.securityweek.com/researcher-spotlights-whatsapp-metadata-leak-as-meta-begins-rolling-out-fixes/
Malware
Dozens Of Global Companies Hacked Via Cloud Credentials From Infostealer Infections & More At Risk"A high-profile threat actor, operating under the moniker “Zestix” (also operating under the alias “Sentap”), has been identified auctioning data exfiltrated from the corporate file-sharing portals of approximately 50 major global enterprises. This report serves as an exhaustive analysis of this campaign, offering direct evidence for key compromises, detailing the breach of ShareFile, OwnCloud, and Nextcloud instances belonging to critical entities across the aviation, robotics, housing, and government infrastructure sectors."
https://www.infostealers.com/article/dozens-of-global-companies-hacked-via-cloud-credentials-from-infostealer-infections-more-at-risk/
https://www.bleepingcomputer.com/news/security/cloud-file-sharing-sites-targeted-for-corporate-data-theft-attacks/ Analyzing PHALT#BLYX: How Fake BSODs And Trusted Build Tools Are Used To Construct a Malware Infection
"Securonix threat researchers have been tracking a stealthy campaign targeting the hospitality sector using click-fix social engineering, fake captcha and fake blue screen of death to trick users into pasting malicious code. It leverages a trusted MSBuid.exe tool to bypass defenses and deploys a stealthy, Russian-linked DCRat payload for full remote access and the ability to drop secondary payloads."
https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection/
https://www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-bsod-screens-to-push-malware/
https://therecord.media/russian-hackers-europe-hospitality-blue-screen How We Prevented Cursor, Windsurf & Google Antigravity From Recommending Malware
"We discovered that the most popular AI IDEs were officially recommending extensions that didn't exist, namespaces anyone could claim and upload malware to. So we claimed them first. Cursor, Windsurf, Google Antigravity, Trae: these are the hottest tools in software development right now. Cursor alone has over a million daily active users and a $9.9 billion valuation. Windsurf hit a million users within months of launch. Google Antigravity launched just weeks ago, backed by the $2.4 billion acquisition of Windsurf's team and technology. They all have something in common: they're all forked from VSCode."
https://www.koi.ai/blog/how-we-prevented-cursor-windsurf-google-antigravity-from-recommending-malware
https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/ The DocuSign Impersonation Wave With Real-Time Customizable LogoKit
"Phishing remains one of the most significant cyberattack entry points worldwide. According to Group-IB’s High-Tech Crime Trends Report 2025, phishing activity grew by 22% year-on-year — highlighting how heavily attackers still rely on social-engineering to gain initial access. Meanwhile, the FBI’s IC3 recorded 193,407 phishing and spoofing complaints in 2024, the year’s top cyber-crime category, contributing to $16.6 billion in reported losses."
https://www.group-ib.com/blog/docusign-impersonation-logokit/ A Broken System Fueling Botnets
"Synthient continues to track the Kimwolf DDoS and proxy botnet with this report, delivering significant findings on the inner workings, infection chain, and reliance on the residential proxy ecosystem. Kimwolf has been highly active since early August of 2025, with substantial growth over the past four months. The Synthient’s research team assesses with high confidence that the total number of infected devices has surpassed 2 million, primarily targeting Android devices running an exposed Android Debug Bridge (ADB) service via residential proxies. These findings further reveal an expansive network of compromised TV streaming devices used by providers to obtain large pools of IP addresses."
https://synthient.com/blog/a-broken-system-fueling-botnets
https://thehackernews.com/2026/01/kimwolf-android-botnet-infects-over-2.html
https://www.securityweek.com/kimwolf-android-botnet-grows-through-residential-proxy-networks/
https://securityaffairs.com/186559/malware/kimwolf-botnet-leverages-residential-proxies-to-hijack-2m-android-devices.html Russia-Aligned Hackers Abuse Viber To Target Ukrainian Military And Government
"The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025," the 360 Threat Intelligence Center said in a technical report. Also tracked as Hive0156, the hacking group is primarily known for leveraging war-themed lures in phishing emails to deliver Hijack Loader in attacks targeting Ukrainian entities. The malware loader subsequently acts as a pathway for Remcos RAT infections."
https://thehackernews.com/2026/01/russia-aligned-hackers-abuse-viber-to.html
https://securityaffairs.com/186571/apt/russia-linked-apt-uac-0184-uses-viber-to-spy-on-ukrainian-military-in-2025.html Fake WordPress Domain Renewal Phishing Email Stealing Credit Card And 3-D Secure OTP
"I investigated a phishing email impersonating WordPress.com that claims a domain renewal is due soon and urges immediate action to prevent service disruption. The campaign leads victims to a fake WordPress payment portal hosted on attacker infrastructure and performs theft of credit card details and 3-D Secure OTPs, which are exfiltrated to the attacker via Telegram."
https://malwr-analysis.com/2025/12/31/fake-wordpress-domain-renewal-phishing-email-stealing-credit-card-and-3-d-secure-otp/
Breaches/Hacks/Leaks
US Broadband Provider Brightspeed Investigates Breach Claims"Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. Founded in 2022, the U.S. telecommunications and Internet service provider (ISP) serves rural and suburban communities across 20 states. "We take the security of our networks and protection of our customers' and employees' information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event," Brightspeed told BleepingComputer. "As we learn more, we will keep our customers, employees and authorities informed.""
https://www.bleepingcomputer.com/news/security/us-broadband-provider-brightspeed-investigates-breach-claims/
https://www.securityweek.com/brightspeed-investigating-cyberattack/ Ledger Customers Impacted By Third-Party Global-e Data Breach
"Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. In a statement for BleepingComputer, the blockchain company underlines that its network has not been impacted and that the platform's hardware and software systems remain secure. "Some of the data accessed as part of this incident pertained to customers who purchased on Ledger.com using Global-e as a Merchant of Record," the company told BleepingComputer."
https://www.bleepingcomputer.com/news/security/ledger-customers-impacted-by-third-party-global-e-data-breach/ NordVPN Denies Breach Claims, Says Attackers Have "dummy Data"
"NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform. The company's statement comes after a threat actor (using the 1011 handle) claimed on a hacking forum over the weekend that they stole more than 10 databases containing sensitive information like Salesforce API keys and Jira tokens, following a brute-force attack against a NordVPN development server."
https://www.bleepingcomputer.com/news/security/nordvpn-denies-breach-claims-says-attackers-have-dummy-data/
https://hackread.com/nordvpn-denies-breach-hacker-salesforce-dev-data/ New Zealand Probes Ransomware Hack Of Health Portal
"The New Zealand government is probing a year-end ransomware hack of private healthcare service provider Manage My Health that impacted thousands of patients. Digital extortion group Kazu has claimed responsibility and threatened to leak the data on Jan. 15 unless it receives a $60,000 ransom. Manage My Health is an online portal used by more than 1.85 million New Zealanders for booking medical appointments and accessing health records and prescriptions. Kazu has claimed that it stole 4.15 terabytes of data, which is over 700 files."
https://www.bankinfosecurity.com/new-zealand-probes-ransomware-hack-health-portal-a-30444
https://www.infosecurity-magazine.com/news/new-zealand-orders-review-manage/
https://www.theregister.com/2026/01/05/nz_managemyhealth_breach_review/ Researcher Wipes White Supremacist Dating Sites, Leaks Data On Okstupid[.]lol
"A self-described security researcher operating under the pseudonym Martha Root has breached and exposed thousands of user profiles from a WordPress hosted white supremacist dating website, WhiteDate and two associated platforms, WhiteChild and WhiteDeal. The incident was discussed during the 39th Chaos Communication Congress (CCC) in Hamburg in late December 2025, and has since drawn both praise and controversy across cybersecurity and political circles."
https://hackread.com/white-supremacist-dating-sites-wiped-okstupid-lol/ Cyberattack Forces British High School To Close
"A cyberattack has forced a British high school to remain closed following the Christmas holidays. Higham Lane School in Nuneaton, a town in central England, has told its roughly 1,500 students they won’t be able to attend classes until at least Wednesday due to the incident. In an email to parents and carers, the school said the cyberattack “has taken down the school IT system,” leaving staff without access “to any digital services including telephones / emails / servers and the school’s management system.”"
https://therecord.media/cyberattack-british-high-school-closes
General News
The Enduring Attack Surface Of VPNs"One way to look at the novel coronavirus pandemic: A societal experiment in how an oft-overlooked yet essential element of secure networking would stand up to an exploding user base. Unsurprisingly, the rapid uptake of virtual private networks by companies suddenly managing a remote workforce came with significant security costs. Researchers from the Blekinge Institute of Technology in Sweden in a 2025 paper counted a 238% surge in VPN targeted attacks between 2020 and 2022, peak years of coronavirus lockdowns. The study is a meta-analysis of 81 reports from sources including Google and BrightTALK."
https://www.bankinfosecurity.com/enduring-attack-surface-vpns-a-30446 AI Security Risks Are Also Cultural And Developmental
"Security teams spend much of their time tracking vulnerabilities, abuse patterns, and system failures. A new study argues that many AI risks sit deeper than technical flaws. Cultural assumptions, uneven development, and data gaps shape how AI systems behave, where they fail, and who absorbs the harm. The research was produced by a large international group of scholars from universities, ethics institutes, and policy bodies, including Ludwig Maximilian University of Munich, the Technical University of Munich, and the African Union. It examines AI through international human rights law, with direct relevance to security leaders responsible for AI deployment across regions and populations."
https://www.helpnetsecurity.com/2026/01/05/ai-security-governance-risks-research/
https://arxiv.org/pdf/2512.15786 8 Cybersecurity Predictions For 2026: Barracuda Leaders Share Their Insights
"As we head into 2026, cybersecurity is changing faster than ever — thanks to big leaps in artificial intelligence, increasingly complex regulatory requirements and mounting pressure on critical infrastructure. To help organizations navigate these changes, three Barracuda executives share their top predictions for the coming year, offering valuable insights on the operational challenges, compliance risks and strategic priorities shaping the future of security."
https://blog.barracuda.com/2026/01/05/cybersecurity-predictions-2026-barracuda-leaders Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act
"Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump's First Step Act. According to the Federal Bureau of Prisons' inmate locator, Lichtenstein is scheduled for release on February 9, 2026. "I remain committed to making a positive impact in cybersecurity as soon as I can," Lichtenstein added. "To the supporters, thank you for everything. To the haters, I look forward to proving you wrong.""
https://thehackernews.com/2026/01/bitfinex-hack-convict-ilya-lichtenstein.html
https://www.infosecurity-magazine.com/news/lichtenstein-released-bitfinex/
อ้างอิง
Electronic Transactions Development Agency (ETDA) fa6dd0c2-aeda-4d54-85af-57f0f2e6616e-image.png