Daily Digest

China's Cyber War on Taiwan Intensifies; Critical Flaws in IoT and Enterprise Software Actively Exploited

China's Cyber War on Taiwan Intensifies; Critical Flaws in IoT and Enterprise Software Actively Exploited

January 4, 2026
7 articles (5 new, 2 updated)
21 min read

Summary

A cybersecurity report for January 4, 2026, reveals a significant escalation in state-sponsored cyberattacks, with a Taiwanese government report detailing over 2.6 million daily attacks from China in 2025. Concurrently, critical vulnerabilities are under active exploitation, including a memory disclosure flaw in MongoDB ('Mongobleed') added to CISA's KEV list, and a zero-day in Oracle E-Business Suite leveraged by the Clop group. The IoT landscape is also under fire, with critical remote hijacking flaws discovered in WHILL electric wheelchairs and Petlibro smart feeders, highlighting severe physical and privacy risks. Major data breaches continue to have fallout, with 700Credit exposing 5.6 million consumer records via API abuse and Cognizant facing lawsuits over its TriZetto healthcare data breach.

Filter by Category

New Articles (5)

Taiwan Reports 2.6 Million Daily Cyberattacks from China in 2025

HIGH

Taiwan's National Security Bureau Reveals Massive Surge in Chinese Cyberattacks Targeting Critical Infrastructure

Taiwan's National Security Bureau (NSB) released a report on January 4, 2026, detailing a massive and sustained cyber offensive by Chinese state-backed actors throughout 2025. The island faced an average of 2.63 million cyberattacks daily, a 6% increase from 2024 and double the rate of 2023. The attacks are described as a core component of Beijing's hybrid warfare strategy, targeting nine critical sectors including energy, healthcare, and government agencies. The NSB identified prominent threat groups like BlackTech, Flax Typhoon, and APT41 behind the campaigns, which utilized vulnerability exploitation, DDoS attacks, and supply chain intrusions. The energy sector saw an alarming 1,000% increase in attacks, underscoring a strategic effort to probe and potentially disrupt Taiwan's essential services.

January 4, 2026
5 min read
State-Sponsored AttackHybrid WarfareCritical InfrastructureAPTRansomware +2 more
Taiwan Reports 2.6 Million Daily Cyberattacks from China in 2025

Cognizant Sued in Class-Action Lawsuits After TriZetto Data Breach

MEDIUM

Cognizant and Subsidiary TriZetto Face Multiple Class-Action Lawsuits Over Healthcare Data Breach

IT services giant Cognizant Technology Solutions is facing multiple class-action lawsuits in the U.S. following a significant data breach at its healthcare subsidiary, TriZetto Provider Solutions (TPS). The lawsuits, filed in New Jersey and Missouri, allege that Cognizant failed to adequately protect sensitive patient health and personal information processed by the TriZetto platform. Plaintiffs also claim the company unreasonably delayed notifying affected individuals, preventing them from taking timely steps to protect themselves from fraud and identity theft. The breach at TriZetto, a major processor of healthcare claims, has wide-ranging privacy implications for a large number of patients.

January 4, 2026
4 min read
Data BreachHealthcareHIPAAClass Action LawsuitCognizant +1 more
Cognizant Sued in Class-Action Lawsuits After TriZetto Data Breach

Petlibro Smart Feeder API Flaw Lets Anyone Control Devices, Access Cameras

HIGH

Improper Access Control Flaw (CVE-2025-3653) in Petlibro Smart Feeders Allows Unauthorized Remote Control and Camera Access

A serious improper access control vulnerability, CVE-2025-3653, has been found in the backend API for Petlibro's smart pet feeders. The flaw allows a remote attacker to take full control of any Petlibro device simply by sending its serial number to the API, with no authentication required. A successful attacker can alter feeding schedules, dispense food on command, and, on camera-equipped models, view the live video feed. Disclosed by VulnCheck, the vulnerability affects Petlibro Smart Pet Feeder Platform versions up to 1.7.31 and highlights the persistent failure of some IoT manufacturers to implement basic security controls, creating significant privacy and safety risks for consumers.

January 4, 2026
4 min read
IoT SecurityAPI SecurityVulnerabilityPrivacyPetlibro
Petlibro Smart Feeder API Flaw Lets Anyone Control Devices, Access Cameras

Critical Flaw in GNU Wget2 Allows Arbitrary File Overwrites

HIGH

GNU Wget2 Hit by Critical Path Traversal Vulnerability (CVE-2025-69194) Leading to Arbitrary File Overwrite

A critical vulnerability, CVE-2025-69194, has been discovered in GNU Wget2, the modern replacement for the ubiquitous Wget file download utility. The flaw is an improper path validation issue (path traversal) that can be triggered by a malicious remote server. An attacker can trick a vulnerable Wget2 client into writing a downloaded file to an arbitrary location on the filesystem. This could be exploited to overwrite critical system files, user configuration files (like .bashrc), or place malicious scripts in sensitive locations, potentially leading to data loss, denial of service, or remote code execution.

January 4, 2026
4 min read
VulnerabilityPath TraversalArbitrary File WriteGNUWget2 +1 more
Critical Flaw in GNU Wget2 Allows Arbitrary File Overwrites

A Look Inside the CVE Process: The Story of a Rejected ID

INFORMATIONAL

CVE-2025-34775 Marked as REJECTED, Offering a Glimpse into CVE Numbering Authority Operations

On January 3, 2026, the National Vulnerability Database (NVD) officially updated the status of CVE-2025-34775 to 'REJECTED'. This status indicates that while the identifier was reserved by a CVE Numbering Authority (CNA), it was ultimately not used for a public vulnerability disclosure. This can occur for several reasons, such as the finding being a duplicate of an existing CVE, the issue not meeting the criteria for a vulnerability, or the researcher withdrawing the submission. While rejected CVEs contain no technical details, their existence provides transparency into the administrative backend of the global vulnerability tracking system.

January 4, 2026
2 min read
CVENVDVulnerability ManagementCybersecurity Standards
A Look Inside the CVE Process: The Story of a Rejected ID

Updated Articles (2)

Critical RCE in Xspeeder SXZOS Allows Unauthenticated Root Access

CRITICAL

Unauthenticated RCE Vulnerability (CVE-2025-54322) in Xspeeder SXZOS Allows Root-Level Command Execution

Update:

New information reveals that Xspeeder, the vendor of SXZOS firmware, has been unresponsive for over seven months to disclosure attempts for CVE-2025-54322. The vulnerability now has a confirmed CVSS score of 10.0, making it a critical, unpatched RCE flaw. This lack of vendor support means no official patch is available, significantly increasing the risk to affected organizations. Researchers at Pwn.ai, who publicly disclosed the flaw, also claim it was discovered using an AI agent. Due to the vendor's unresponsiveness, the primary remediation advice is now to isolate or replace affected devices, as patching is not an option.

December 31, 2025
Updated: January 4, 2026
5 min read
rcevulnerabilityunauthenticatedroot accessnetwork security +1 more
Critical RCE in Xspeeder SXZOS Allows Unauthenticated Root Access

Clop Ransomware Hits Korean Air in Supply Chain Attack, Exploiting Oracle Zero-Day

HIGH

Korean Air Discloses Employee Data Breach After Supply Chain Attack on Subsidiary; Clop Ransomware and Oracle Zero-Day (CVE-2025-61882) Implicated

Update:

New information confirms that the Clop extortion group has not only claimed responsibility but also leaked the stolen employee data from Korean Air. Crucially, the Oracle E-Business Suite zero-day vulnerability, central to this attack, was actively exploited by Clop for several months, beginning in August 2025, before a patch was available. This prolonged exploitation window allowed Clop to compromise numerous organizations globally, indicating a much wider impact of this campaign than initially reported. Clop's primary objective in this campaign is now understood to be data theft and extortion, rather than traditional ransomware deployment.

December 29, 2025
Updated: January 4, 2026
5 min read
ClopRansomwareSupply Chain AttackKorean AirOracle +3 more
Clop Ransomware Hits Korean Air in Supply Chain Attack, Exploiting Oracle Zero-Day

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.