Cyber Briefing: 2026.01.05
India-targeted espionage, IoT botnets, credential abuse, disputed breaches, crypto wallet hacks, massive healthcare exposure, cyber M&A, and arrests dominated.
👉 What’s happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Transparent Tribe Targets India RATs
The threat actor Transparent Tribe is executing a new cyber espionage campaign targeting Indian government and academic sectors using a sophisticated remote access trojan. This malware utilizes deceptive shortcut files and environment-aware persistence techniques to maintain long-term control over compromised systems while evading various antivirus programs.
2. RondoDox Botnet Hijacks IoT Systems
Security researchers have identified a long-running nine-month operation that exploits a critical remote code execution vulnerability to recruit web servers and IoT devices into the RondoDox botnet. The campaign currently leverages the React2Shell flaw to deploy malware, including cryptocurrency miners and a persistent botnet loader that aggressively eliminates competing threats on infected systems.
3. Infostealers Hijack Business Infrastructure
A self-sustaining cybercrime cycle has emerged where stolen login credentials allow attackers to hijack legitimate business websites to spread malware. Research shows these compromised sites then host sophisticated social engineering attacks that trick new victims into infecting their own systems.
For more alerts click here!
💥 Cyber Incidents
4. Hackers Claim Resecurity Breach
Threat actors calling themselves Scattered Lapsus$ Hunters claim to have breached the cybersecurity firm Resecurity and stolen sensitive employee and client data. Resecurity denies a legitimate breach occurred, stating that the attackers only accessed a honeypot system containing fake information designed to monitor their activities.
5. Trust Wallet Chrome Hack Drains Funds
Trust Wallet recently confirmed that a supply chain attack known as Shai-Hulud led to an $8.5 million hack of its Google Chrome extension in late 2025. By exploiting exposed GitHub secrets to bypass standard security reviews, attackers pushed a malicious update that stole seed phrases from over 2,500 users.
6. Covenant Health Data Breach Impacts
Covenant Health has significantly increased its estimate of individuals impacted by a 2024 data breach to approximately 500,000 people. Although the organization originally identified fewer than 8,000 affected parties, subsequent forensic analysis revealed that the scope of the incident was far more extensive than initially reported.
For more incidents click here!
📢 Cyber News
7. Cybersecurity Deals Exceed One Billion
The cybersecurity sector experienced a major shift in 2025 as consolidation reached record levels with over 420 merger and acquisition deals. High-value transactions dominated the year, resulting in a total disclosed market value exceeding 84 billion dollars.
8. Finland Arrests Crew Over Cable Damage
Finnish authorities have detained the fourteen-member crew of the cargo ship Fitburg following the suspected intentional destruction of an undersea telecommunications cable between Finland and Estonia. The vessel was intercepted while dragging its anchor across the seabed, leading to a criminal investigation into potential sabotage amid growing concerns over hybrid warfare in the Baltic region.
9. Cognizant Faces Lawsuits After Breach
Cognizant Technology Solutions is facing several class-action lawsuits after a major data breach occurred at its healthcare claims subsidiary, TriZetto Provider Solutions. Legal filings claim the company failed to safeguard sensitive consumer data and waited too long to inform the public about the security failure.
For more news click here!
📈Cyber Stocks
On Monday, 5th January, cybersecurity stocks generally traded lower as broader market volatility and profit-taking influenced defensive tech names. Despite continued enterprise demand for cloud, identity and perimeter security, risk-off sentiment and rotation into other sectors limited upside across most pure-play security equities.
Rapid7 closed at 14.27 dollars and declined, with profit-taking and market caution outweighing steady enterprise investment in vulnerability management and detection-response services.
CyberArk Software closed at 435.32 dollars and eased, as broader market headwinds influenced performance despite sustained demand for privileged access management and identity security.
Tenable Holdings closed at 22.73 dollars and dipped, with broader tech weakness offsetting ongoing enterprise focus on vulnerability scanning and risk prioritisation.
Fortinet closed at 77.88 dollars and slipped, as broader tech sector volatility and rotation influenced downside despite ongoing interest in zero-trust and network-security solutions.
Zscaler closed at 220.57 dollars and dipped, with light selling pressure limiting gains even though enterprise adoption of cloud-delivered security and zero-trust architectures continued.
💡 Cyber Tip
🌐 RondoDox Botnet Hijacks IoT and Web Servers
A long running campaign has been exploiting critical web flaws to pull servers and IoT devices into the RondoDox botnet. Attackers use unauthenticated remote code execution to deploy crypto miners and a persistent loader that actively removes rival malware to maintain exclusive control of infected systems.
🔐 What You Should Do
Patch vulnerable web frameworks and servers immediately
Restrict internet exposure of admin panels and application endpoints
Segment IoT devices away from critical networks
Monitor for unusual CPU spikes or unknown background processes
Deploy WAF and network controls to block exploit attempts
⚠️ Why This Matters
Botnets like RondoDox do not just steal resources. They create long term footholds, enable further attacks, and can turn vulnerable infrastructure into part of a global criminal operation if left unpatched.
📚 Cyber Book
Cybersecurity Bible by Shawn Walker
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2025CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium
Interesting to see Zscaler dip even with continued enterprise adoption of thier zero-trust platform. I've noticed this pattern with a lot of security stocks lately where the fundamentals look solid but the market's more focused on profit-taking and rotation plays. The shift toward cloud-delivered security isn't slowing down at all though, and that addressable market keeps expanding. I'd actaully view this as a potential accumulation zone if the broader market stabilizes. The enterprise spend on SASE and identity management solutions isn't going anywhere.