Iranian-Linked Hackers Dox Israeli Intel Agents; Critical Flaws in Fortinet & Next.js Actively Exploited
Summary
This cybersecurity brief for January 3, 2026, covers several critical developments. The Iran-linked Handala group has escalated its psychological warfare campaign by doxing Israeli SIGINT officers, primarily through Telegram account compromises. Meanwhile, critical, actively exploited vulnerabilities in Fortinet firewalls (CVE-2020-12812) and Next.js (CVE-2025-55182) are being leveraged by threat actors for 2FA bypass and botnet creation, respectively. Other major incidents include a massive data breach claim against Tokyo FM radio, the rise of the VVS Stealer malware, and a widespread phishing campaign abusing Google Tasks.
Today New Articles
Handala Group Doxes Israeli Intel Agents in Psyops Campaign
The Iran-linked hacktivist group Handala has intensified its information warfare against Israel by publicly exposing the identities of 15 alleged Signal Intelligence (SIGINT) officers on January 3, 2026. This act of doxing is the latest in a series of campaign...
Tokyo FM Radio Hit by Massive Data Breach, 3 Million Records for Sale
A threat actor using the alias 'victim' has claimed responsibility for a major data breach against Tokyo FM Broadcasting Co., LTD., one of Japan's largest radio stations. On January 1, 2026, the attacker announced on a hacker forum that they had stolen a datab...
KIOTI Tractor Discloses Wider Impact from 2024 Data Breach
Daedong-USA, Inc., parent company of the KIOTIĀ® Tractor Division, issued a notice on January 2, 2026, expanding the scope of a data breach that originally occurred in October 2024. A prolonged investigation that concluded in late 2025 revealed that a wider ran...
Resecurity Turns Tables on Hackers, Claims Breach Was a Honeypot
Cybersecurity firm Resecurity has publicly refuted claims of a major data breach made by a hacking group known as 'Scattered Lapsus$ Hunters' (SLH). On January 3, 2026, the group announced on Telegram that it had compromised Resecurity's systems, stealing inte...
Finland Arrests Two in Probe of Damaged Undersea Telecom Cable
Finnish authorities have arrested two crew members of the cargo ship 'Fitburg' in connection with significant damage to an undersea telecommunications cable in the Gulf of Finland. The incident, which occurred around New Year's Eve, disrupted a critical data l...
VVS Stealer Malware Uses PyArmor Obfuscation to Target Discord Users
A new information-stealing malware named VVS Stealer is being sold on Telegram and used to target Discord users. Written in Python, the stealer's key feature is its use of the legitimate tool PyArmor to heavily obfuscate its code, allowing it to bypass static...
Infostealers Fuel Vicious Cycle, Hijacking Victim Websites to Spread More Malware
A new report from Hudson Rock highlights a dangerous and self-perpetuating cybercrime trend where credentials stolen by infostealer malware are used to hijack legitimate business websites. Attackers gain administrative access to platforms like WordPress using...
Over 10,000 Fortinet Firewalls Exposed to Critical 2FA Bypass Flaw
Security watchdog Shadowserver revealed on January 2, 2026, that over 10,000 Fortinet FortiGate firewalls remain unpatched and vulnerable to a critical, five-year-old 2FA bypass flaw, CVE-2020-12812. This vulnerability, rated 9.8 on the CVSS scale, allows an a...