Daily Digest

Critical Flaws, Ransomware Breaches, and Supply Chain Attacks Dominate Early 2026

Critical Flaws, Ransomware Breaches, and Supply Chain Attacks Dominate Early 2026

January 2, 2026
3 articles (3 new)
10 min read

Summary

The cybersecurity landscape for January 2, 2026, is marked by a series of high-impact incidents, including multiple critical vulnerabilities with CVSS scores of 9.8 and 10.0 being actively exploited or posing severe risks. Major data breaches in the healthcare sector, attributed to ransomware gangs like Qilin, have exposed the sensitive information of hundreds of thousands of individuals. Concurrently, sophisticated supply chain attacks continue to prove effective, with a crypto wallet losing millions and Apple's manufacturing partners facing threats. Phishing campaigns also evolved, abusing legitimate cloud services to bypass traditional defenses.

Filter by Category

New Articles (3)

NZ Patient Portal Breach Exposes Health Records of 126,000

HIGH

New Zealand's ManageMyHealth Patient Portal Discloses Major Data Breach Affecting Up to 126,000 Users

ManageMyHealth, New Zealand's largest online patient portal, has confirmed a significant data breach discovered on December 30, 2025. The cyberattack compromised the 'My Health Documents' module, exposing the sensitive medical records of between 108,000 and 126,000 users. A threat actor using the alias 'Kazu' has claimed responsibility, alleging the exfiltration of 108 gigabytes of data and issuing a ransom demand. Compromised information includes clinical notes, lab results, and hospital discharge summaries. ManageMyHealth has engaged cybersecurity specialists, notified authorities including the Office of the Privacy Commissioner, and obtained a High Court injunction to prevent the stolen data's distribution.

January 2, 2026
5 min read
patient dataPHIcyberattackransom demandNew Zealand +1 more
NZ Patient Portal Breach Exposes Health Records of 126,000

Critical Auth Bypass Flaw (CVSS 9.8) in IBM API Connect

CRITICAL

IBM Warns of Critical Authentication Bypass Vulnerability (CVE-2025-13915) in API Connect Platform

IBM has issued an urgent security advisory for a critical authentication bypass vulnerability, CVE-2025-13915, in its API Connect platform. The flaw carries a CVSS score of 9.8, reflecting its potential for severe impact. It could allow a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to applications managed by the platform. The vulnerability affects specific versions of API Connect V10. IBM has released patches and strongly urges customers to apply them immediately. As a temporary mitigation, disabling the self-service sign-up feature on the Developer Portal is recommended. There is currently no evidence of active exploitation.

January 2, 2026
5 min read
API securityauthentication bypasszero trustpatch managementCVSS 9.8
Critical Auth Bypass Flaw (CVSS 9.8) in IBM API Connect

Apple Supply Chain on Alert After Cyberattack Hits Key Chinese Manufacturer

HIGH

Cyberattack on Major Chinese Manufacturing Partner Raises Concerns for Apple's Supply Chain Security

Apple's supply chain is on high alert following a cyberattack in mid-December 2025 against one of its major Chinese manufacturing partners. The breach has raised significant concerns about the potential exposure of sensitive intellectual property, including production-line data and proprietary trade secrets related to Apple products. While the unnamed supplier claims the issue is resolved, internal audits are ongoing to assess the extent of the data loss. The incident highlights the persistent risk to major technology firms from attacks targeting their less secure supply chain partners.

January 2, 2026
5 min read
intellectual propertytrade secretsthird-party riskmanufacturing securityespionage
Apple Supply Chain on Alert After Cyberattack Hits Key Chinese Manufacturer

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.