Palo Alto Networks boss calls AI agents biggest insider threat
This is according to Chief Security Intel Officer Wendi Whitmore, describing them as the new insider threat to companies in 2026. She describes the threat as a double edged sword, because “CISO and security teams find themselves under a lot of pressure to deploy new technology as quickly as possible, and that creates this massive amount of pressure to go through procurement processes, security checks, and understand if the new AI applications are secure enough for the use cases that these organizations have.” She added “One of the risks stems from the superuser problem, which occurs “when the autonomous agents are granted broad permissions, creating a superuser that can chain together access to sensitive applications and resources without security teams’ knowledge or approval. More details from her interview are available in the show notes to this episode.
Hackers claim Resecurity hack, firm says it was a honeypot
Threat actors associated with the “Scattered Lapsus$ Hunters” group claimed to have recently breached the systems of cybersecurity firm Resecurity and stolen internal data. Resecurity, however, says the attackers “only accessed a deliberately deployed honeypot containing fake information used to monitor their activity.” On Saturday, the threat actors “published screenshots on Telegram of the alleged breach, claiming they stole employee data, internal communications, threat intelligence reports, and client information.” However, representatives ShinyHunters have told BleepingComputer that they were not involved in this activity, despite being associated with the Scattered Lapsus$ Hunters group.
Thousands of ColdFusion exploit attempts spotted during Christmas holiday
According to security firm GreyNoise, a coordinated campaign that exploited a dozen Adobe ColdFusion vulnerabilities, resulted in thousands of attack attempts over the Christmas 2025 holiday. The attack appears to be mostly from a single threat actor operating from Japan-based infrastructure, their report said. Most of the activity – amounting to nearly 6,000 requests occurred on Christmas Day.
Covenant Health announces May ransomware attack damage
The healthcare organization based in Andover, Massachusetts, which suffered a ransomware attack last May is now notifying customers that “their personal and health information may have been compromised.” The organization has increased the number of individuals affected from an initial 7,800 to a slightly larger number, 478,000 in December. The Qilin ransomware group has claimed responsibility for the attack.
Huge thanks to our sponsor, Hoxhunt
Sedgwick confirms New Years Eve cyber incident
The claims administration company has confirmed that its government-focused subsidiary is dealing with a cybersecurity incident. Sedgwick “provides claims and risk management services to federal agencies like the DHS, Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and Immigration Services, the Department of Labor, and CISA. The TridentLocker ransomware gang has claimed responsibility. Sedgwick stresses that its Government Solutions arm is segmented from the rest of its our business, and that “no wider Sedgwick systems or data were affected.”
Finland arrests two from ship suspected of cable break
Following up on a story we covered on Friday, Finnish police have now arrested “two crew members of a ship suspected of damaging an undersea telecommunications cable,” and they are interviewing others. The ship, named Fitburg, has a crew of 14, reportedly from Russia, Georgia, Azerbaijan and Kazakhstan. It was seized on December 31 following a rash of cable faults detected in the Baltic Sea. The investigating authorities are currently “conducting crime scene work on the seabed near the damaged cable.”
Cloud email feature abused in multi-stage phishing campaign
Researchers from Check Point have revealed details of a phishing campaign that involves the impersonation of legitimate Google-generated messages by abusing Google Cloud’s Application Integration service to distribute emails. The campaign “takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address.” The campaign takes advantage of Application Integration’s “Send Email” task, which “allows users to send custom email notifications from an integration.”
LockBit takedown hero receives OBE
Gavin Webb, a senior UK security professional with the National Crime Agency, will receive an Order of the British Empire (OBE) in the 2026 New Year Honors List for his role in dismantling the LockBit ransomware gang’s infrastructure. The OBE recognizes extraordinary public service and is among the UK’s highest civilian honors. Webb played a key leadership role in Operation Cronos, a global law enforcement effort that seized critical systems used by LockBit, one of the world’s most notorious ransomware groups. Despite not having a traditional IT background, Webb’s work significantly disrupted cybercriminal operations and strengthened international cybersecurity efforts.