Latest Internet & Cybersecurity News
Autocrypt Launches Automotive-CIS Standard at CES 2026
AUTOCRYPT announced 'Automotive-CIS,' a global benchmark for vehicle cybersecurity infrastructure at CES 2026 in Las Vegas. This integrated standard aims to enhance automotive and AI cybersecurity for international adoption. It presents a new infrastructure model to the technology community.
Threat Actor Zestix Breaches 50 Global Companies via Stolen Cloud Credentials
Hacker 'Zestix' or 'Sentap' accessed cloud platforms like ShareFile, Nextcloud, and OwnCloud of ~50 organizations using infostealer malware credentials such as RedLine and Lumma. Sectors hit include aviation, defense, healthcare, finance, and government, exposing terabytes of data due to lack of MFA. Pickett and Associates lost 139 GB of utility engineering data.
Taiwan Reports 113% Rise in Daily Chinese Cyber Attacks on Critical Infrastructure
Taiwan's NSB noted Chinese cyberattacks on CI up 113% daily since 2023, peaking during political events like President Lai's inauguration anniversary. Groups like BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886 targeted energy, healthcare, communications, and tech sectors using malware and ransomware. Attacks correlated with PLA patrols and included telecom exploits.
GlassWorm Malware Targets macOS Developers via VSCode Extensions
GlassWorm campaign infects macOS with malicious coding extensions to steal passwords, crypto keys, and hijack wallets; over 33,000 downloads despite warnings. VVS Stealer, a Python-based info stealer, extracts Discord creds, browser data, and hijacks sessions for further attacks. Both highlight threats to developers and users.
China-Linked DarkSpectre Steals Zoom Data from 2.2M Users via Browser Extensions
DarkSpectre campaign uses 18 extensions on Chrome, Firefox, Edge to collect meeting data from 28 platforms, affecting 2.2M users; linked to Chinese infrastructure. Data exfiltrated via WebSocket for espionage or sale; actor previously targeted 7.8M users in campaigns like GhostPoster. Focuses on corporate meeting intel.
Persistent Fortinet Vulnerabilities Exploited Despite Patches and Warnings
Unpatched Fortinet devices remain vulnerable, with over 1,300 in the US exposed per Shadowserver; abused in ransomware and by groups like Volt Typhoon. CISA and FBI warnings ignored, highlighting risks from delayed patching in perimeter security. Urgent updates recommended for all admins.
LevelBlue SpiderLabs Reports Active MongoDB Exploits and Malware Trends
Public exploits for MongoDB servers emerged Dec 25, 2025; by Dec 30, 70% of instances vulnerable despite patches, risking 300,000+ servers. December saw high activity from malware families with 16,353 new IOCs; new USM detections for procdump and Azcopy abuse. Includes Shai-Hulud V2 and HoneyMyte APT threats.
Cybercrime Costs Projected to Reach $12.2 Trillion Annually by 2031
Cybersecurity Ventures forecasts global cybercrime costs at $12.2T/year by 2031, up from $10.5T in 2025, driving economic impact. Highlights need for 2026 preparedness amid rising threats. Emphasizes key trends for companies.
Covenant Health Data Breach Affects Nearly 478,000 Patients
Covenant Health updated breach scope post-cybersecurity incident, impacting 478,000 individuals' personal data. Investigation ongoing into the major patient data exposure. Details on attack vector not specified.
Cerenade Announces Cybersecurity Incident Impacting Personal Data
Cerenade reported a cybersecurity incident exposing unknown number of individuals' personal information. Lynch Carpenter investigating claims related to the breach. Focus on potential data compromise effects.
2026 U.S. Cybersecurity Regulations and Predictions Highlighted
New state privacy laws, HIPAA amendments, and cyber incident reporting rules loom for 2026; Trump admin strategy expected early year. Emphasis on audits, minors' privacy, and supply chain security. Increased enforcement anticipated.
Identity Management Emerges as Core Risk Discipline for 2026
Cyber pros must address human/non-human identities, AI agent limits, and anomalous detection amid IAM challenges. Underpins AI governance and resilience; no longer just a platform issue. Visibility and controls critical.