Latest Internet & Cybersecurity News
LastPass 2022 Breach Fuels New Crypto Thefts
Blockchain investigators on January 2, 2026, traced high-value cryptocurrency thefts to the 2022 LastPass data breach. Attackers continue exploiting stolen data for ongoing thefts. Businesses are urged to monitor for related activity.
GlassWorm Malware Targets macOS Developers
A new GlassWorm campaign detected January 1, 2026, uses malicious VSCode and OpenVSX extensions to deliver trojanized crypto wallets. It exfiltrates seed phrases and session tokens from development environments. Firms should enforce extension whitelisting and EDR monitoring.
Inotiv Pharma Suffers Ransomware Attack
Pharma research firm Inotiv faced a late December 2025 ransomware attack, stealing data of nearly 10,000 individuals including SSNs. Attackers accessed internal systems for extortion potential. This underscores risks in sensitive R&D sectors.
Over 10,000 Fortinet Firewalls Vulnerable to 2FA Bypass
A January 2, 2026 report shows 10,000+ exposed Fortinet firewalls unpatched against a five-year-old 2FA flaw. Threat actors scan and exploit for network access. Patches available but adoption lags.
Silk Typhoon Targets US Congressional Budget Office
Chinese group Silk Typhoon exfiltrated emails and policy data from US CBO in late December 2025 campaign. Highlights APT focus on government intellectual property. Organizations need anti-phishing defenses.
Trust Wallet Chrome Extension Hacked via Shai-Hulud Attack
Trust Wallet's extension hack stole $8.5M, linked to November 2025 Shai-Hulud supply chain attack with prep since December 8. Second iteration compromised the extension. Users advised to update and monitor wallets.
DarkSpectre Compromises 8.8M Browser Users
Chinese group DarkSpectre ran seven-year malware campaign via Chrome, Edge, Firefox, Opera extensions affecting 8.8M users. Targets across Asia, US, Europe. Immediate extension audits recommended.
Zestix Breaches 50 Orgs Using Stolen Cloud Credentials
Criminal Zestix stole data from 50 enterprises via infostealer-compromised credentials on MFA-less ShareFile, Nextcloud. Victims include utilities, aviation; data sold on dark web. Highlights credential hygiene failures.
Handala Team Hacks Telegram of Israeli Officials
Pro-Iranian Handala group breached Telegram accounts of Naftali Bennett and Tzachi Braverman. Used for potential info ops. Raises risks for high-profile targets on messaging apps.
Mustang Panda Deploys TONESHELL Backdoor with Rootkit
Chinese Mustang Panda used undocumented kernel rootkit to deliver TONESHELL backdoor in mid-2025 Asia attack. Evades detection effectively. Defenders need advanced kernel monitoring.
AI and Quantum Threats to Define 2026 Cybersecurity
Thales predicts AI security as formal discipline with agent-governance layers; quantum-safe migration mandatory. Zero-days weaponized in minutes via AI. Enterprises must invest in API scrutiny and PQC.
Sedgwick Confirms Cyber Incident on Federal Subsidiary
Sedgwick Government Solutions subsidiary hit by cyber incident confirmed January 5, 2026. Affects major federal contractor operations. Details on impact pending investigation.