Daily Digest

Ransomware & Supply Chain Attacks Proliferate as TridentLocker Hits Gov't Contractor and Cl0p Breaches Korean Air

Ransomware & Supply Chain Attacks Proliferate as TridentLocker Hits Gov't Contractor and Cl0p Breaches Korean Air

January 6, 2026
5 articles (4 new, 1 updated)
15 min read

Summary

This cybersecurity brief for January 6, 2026, covers a surge in high-impact incidents. Key events include a confirmed ransomware attack on a Sedgwick government subsidiary by the new TridentLocker group and a major supply chain breach at Korean Air via a vendor, attributed to Cl0p. Additionally, the Kimwolf botnet has infected over two million Android devices, Microsoft warns of phishing attacks exploiting email routing flaws, and new state-level privacy laws have taken effect across the U.S., increasing compliance burdens.

Filter by Category

New Articles (4)

Kimwolf Botnet Hijacks 2M Android Devices via Proxy Networks

HIGH

Kimwolf Botnet Compromises Over 2 Million Android Devices for DDoS and Proxy Services

The Kimwolf botnet has rapidly expanded to infect over 2 million devices worldwide, primarily targeting low-cost Android-based TV and streaming boxes. Active since at least mid-2025, the botnet operators monetize their network by launching large-scale DDoS attacks, surreptitiously installing applications, and selling residential proxy bandwidth. The botnet's growth is fueled by its exploitation of residential proxy networks to infect devices behind home routers, with some evidence suggesting devices are being sold pre-infected.

January 6, 2026
5 min read
BotnetKimwolfAndroidDDoSIoT Security +1 more
Kimwolf Botnet Hijacks 2M Android Devices via Proxy Networks

Russia-Aligned UAC-0184 Uses Viber to Target Ukrainian Military

HIGH

UAC-0184 (Hive0156) Distributes Remcos RAT via Viber in Attacks on Ukrainian Military

The Russia-aligned threat group UAC-0184 (also tracked as Hive0156) has evolved its tactics to include the Viber messaging platform for malware distribution. The group is targeting Ukrainian military and government departments with malicious ZIP archives containing LNK files. When opened, these files deploy the Remcos Remote Administration Tool (RAT), enabling the attackers to conduct espionage. This new vector supplements their previous methods of using phishing emails and other messaging apps like Signal and Telegram.

January 6, 2026
6 min read
UAC-0184Threat ActorEspionageUkraineRemcos RAT +1 more
Russia-Aligned UAC-0184 Uses Viber to Target Ukrainian Military

New Privacy & Cybersecurity Laws Take Effect Across US States

INFORMATIONAL

New Privacy and Cybersecurity Regulations Become Effective in California, Indiana, Kentucky, and Rhode Island

January 1, 2026, marked the effective date for a significant wave of new state-level privacy and cybersecurity laws in the United States. Comprehensive privacy laws are now active in Indiana, Kentucky, and Rhode Island. Concurrently, new regulations under the California Consumer Privacy Act (CCPA) covering cybersecurity audits, risk assessments, and automated decision-making technology (ADMT) have also come into force, increasing compliance obligations for businesses operating in these states.

January 6, 2026
5 min read
PrivacyComplianceRegulationCCPAData Privacy +1 more
New Privacy & Cybersecurity Laws Take Effect Across US States

EmEditor Website Hacked to Distribute Infostealer Malware

HIGH

Emurasoft's EmEditor Website Compromised to Serve Infostealer-Laden Installers

Emurasoft, the developer of the popular EmEditor text editor, has disclosed that its official website was compromised for a four-day period. During the breach, the main download button on the homepage was redirected to a malicious server hosting a trojanized installer. Users who downloaded and ran this fake installer were infected with an infostealer malware designed to harvest system credentials. The malware also installed a rogue browser extension capable of remote control and cryptocurrency swapping.

January 6, 2026
6 min read
InfostealerMalwareSupply Chain AttackWatering HoleEmEditor +1 more
EmEditor Website Hacked to Distribute Infostealer Malware

Updated Articles (1)

Korean Air Subsidiary Breach Exposes Data of 30,000 Employees

HIGH

Korean Air Discloses Employee Data Breach via Third-Party Supplier Compromise

Update:

New reports confirm that the notorious Cl0p ransomware group has claimed responsibility for the supply chain attack on Korean Air's catering supplier, KC&D Service. The group stated they exploited a vulnerability in Oracle E-Business Suite to gain initial access and exfiltrate data. This new information provides crucial attribution and technical details regarding the initial access vector, which were previously undisclosed. The impact remains focused on the 30,000 exposed employee records, including names and bank account numbers, with no customer data affected.

December 31, 2025
Updated: January 6, 2026
5 min read
supply chain attackdata breachthird-party riskaviation securityemployee data
Korean Air Subsidiary Breach Exposes Data of 30,000 Employees

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.