Latest Internet & Cybersecurity News
Massive ColdFusion Exploitation Campaign Hits During Christmas 2025 Holiday
GreyNoise observed thousands of attack attempts targeting over a dozen Adobe ColdFusion vulnerabilities, peaking on December 25, 2025, from Japan-based infrastructure (CTG Server Limited). A single actor generated 98% of traffic, exploiting 10+ CVEs from 2023-2024 using JNDI/LDAP injection and ProjectDiscovery Interactsh for verification, mainly hitting US, Spain, and India servers.
This campaign is part of a larger operation with over 2.5 million requests scanning 767 CVEs across 47 technologies.
2026 Cybersecurity Predictions: AI Will Accelerate Attacks and Lower Costs
Tenable forecasts that in 2026, AI will increase cyber attack volume and reduce launch costs, supercharging traditional attacks rather than creating new vectors. Defensive strategies must shift to proactive prevention and basic cyber hygiene to counter AI-fueled speed advantages of adversaries.
CISOs will build custom in-house AI tools to combat burnout and inefficient workflows.
Non-Human Identities to Become Top Cloud Breach Vector in 2026
Machine identities (NHIs) like service accounts and tokens, outnumbering humans massively, will be the primary cloud breach vector due to over-permissions and sprawl. CISOs must prioritize IAM governance, permissions cleanup, and automated remediation to manage this stealthy attack surface.
Experts warn NHIs enable silent lateral movement by attackers or agentic AI.
Sedgwick Confirms Cyber Incident Impacting Federal Contractor Subsidiary
Claims administration firm Sedgwick confirmed a cyber incident affecting its major federal contractor subsidiary on January 2, 2026. The breach involves sensitive data handling for government-related claims processing.
Details on the attack vector and data exposed remain limited in initial disclosures.
Korean Air Data Breach Exposes 30,000 Employees' Personal Information
Korean Air confirmed a cyberattack on external supplier KC&D exposed names, phone numbers, and bank details of about 30,000 employees. No fraud reported yet from the compromised data.
The incident highlights supply chain vulnerabilities in aviation services.
DarkSpectre: Chinese Group Infects 8.8M Users via Malicious Browser Extensions
Chinese threat actor DarkSpectre ran campaigns like ShadyPanda, GhostPoster, and Zoom Stealer over seven years, infecting over 8.8 million users for espionage, fraud, and intelligence theft. Extensions enabled surveillance, malware loading via images, and corporate data stealing from video platforms.
The operations ran parallel for maximum impact on global targets.
Play Ransomware Gang Claims Attack on Texas Pete Hot Sauce Maker
Ransomware group Play, third-most active in 2025, claimed an attack on Garner Foods, producer of Texas Pete hot sauce. The incident underscores ongoing ransomware threats to food manufacturing supply chains.
Play follows Qilin and Cl0p as top ransomware actors per Cybernews tracking.
HoneyMyte Rootkit Targets Government and Research Systems in Asia, Africa
HoneyMyte rootkit enables stealth attacks on high-value targets in government and research sectors across Asia and Africa. The malware facilitates persistent access and data exfiltration.
Linked to advanced persistent threats exploiting regional vulnerabilities.
Iranian-Linked Phishing via WhatsApp Targets Defense Personnel
Attackers impersonate organizations via WhatsApp with shortened links to steal credentials or deploy malware, linked to Iranian intelligence aiming at defense networks. Infrastructure hosted in Germany, Netherlands, and Italy supports the campaigns.
Pretexts involve conferences and events to lure high-value targets.
27 Malicious npm Packages Used for Phishing and Credential Theft
Cybercriminals deployed 27 malicious npm packages as phishing infrastructure to steal login credentials via unusual CDN requests. Victims face financial losses; defenses include dependency verification, phishing-resistant MFA, and monitoring suspicious events.
The packages exploit developer trust in open-source ecosystems.
Cyberattack on Chinese Supplier Risks Apple's Trade Secrets
A cyberattack on a Chinese supplier endangers Apple's trade secrets, highlighting supply chain risks in tech manufacturing. The incident involves potential IP theft from key vendors.
Global firms urged to bolster third-party security audits.
Two Cybersecurity Employees Plead Guilty to Ransomware Attacks
Former cybersecurity professionals admitted to conducting ransomware operations, betraying industry trust. The case reveals insider threats within security firms.
Sentencing pending, with implications for vetting in the sector.