A (0:00)

From the CISO series, it's Cybersecurity Headlines.

B (0:06)

These are the cybersecurity headlines for Monday, January 5, 2026. I'm Steve Prentiss, Palo Alto Network's boss calls AI agents biggest insider Threat this is according to Chief Security Intel Officer Wendy Whitmore, describing these as the new insider threat to companies in 2026. She describes the threat as a double edged sword because CISO and security teams find themselves under a lot of pressure to deploy new technology as quickly as possible and that creates this massive amount of pressure to go through procurement processes, security checks and to understand if the new AI applications are secure enough for the use cases that organizations have. She added. One of the risks stems from the super user problem, which occurs when the autonomous agents are granted broad permissions, creating a super user that can chain together access to sensitive applications and resources without security teams knowledge or approval. End quote. More details from her interview are available in the show Notes to this episode Hackers claim RE Security hack firm says it was a Honeypot Threat Actors associated with the scattered Lapsus Hunters group claimed to have recently breached the systems of cybersecurity firm RE Security and stolen internal data. RE Security, however, says the attackers only accessed a deliberately deployed honeypod containing fake information used to monitor their activity. This past Saturday, the threat actors published screenshots on Telegram of the alleged breach, claiming they stole employee data, internal communications, threat intelligence reports and client information. However, representatives from Shiny Hunters have told Bleeping Computer that they were not involved in this activity. But despite being associated with the scattered Lapsus Hunters group Thousands of Cold Fusion exploit attempts spotted during Christmas holiday According to security firm Greynoise, a coordinated campaign that exploited a dozen Adobe Cold Fusion vulnerabilities resulted in thousands of attack attempts over the Christmas 2025 holiday. The attack appears to be mostly from a single threat actor operating from Japan based infrastructure. Most of the activity, amounting to nearly 6,000 requests, occurred on Christmas Day. Covenant Health announces May Ransomware attack Damage the healthcare organization based in Andover, Massachusetts, which suffered a ransomware attack last May, is now notifying customers that their personal and health information may have been compromised. The organization has increased the number of individuals affected from an initial 7,800 to a slightly larger number, 478,000 in December. The Qilin Ransomware group has claimed responsibility for this attack. Huge thanks to our sponsor hawkshunt. A small tip for if you are unsure whether your security training is actually reducing the phishing risk, check out what Qualcomm achieved with Hoxhunt. They took their 1000 highest risk users from consistent underperformers to outperforming the rest of the company, driving measurable human risk reduction and earning a CSO50 award. See the Qualcomm case study at hawkshunt.com qualcomm that is H O X H-U-N-T.com qualcomm Sedgwick confirms new Year's Eve Cyber incident the Claims administration company has confirmed that its government focused subsidiary is dealing with a cybersecurity incident. Sedgwick provides claims and risk management services to federal agencies like the dhs, Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and Immigration Services, the Department of labor and cisa. The Trident Locker ransomware gang has claimed responsibility. Sedgwick stresses that its Government Solutions arm is segmented from the rest of its business and that no wider Sedgwick systems or data were affected. Finland arrests two from ship suspected of cable break following up on a story we covered on Friday, Finnish police have now arrested two crew members of a ship suspected of damaging an undersea telecommunications cable and they are interviewing others. The ship, named Fitberg, has a crew of 14, reportedly from Russia, Georgia, Azerbaijan and Kazakhstan. It was seized on December 31 following a rash of cable faults detected in the Baltic Sea. The investigating authorities are currently conducting crime scene work on the seabed near the damaged cable Cloud Email feature abused in multi stage phishing campaign Researchers from Check Point have revealed details of a phishing campaign that involves the impersonation of legitimate Google generated messages. By abusing Google Cloud's application integration service to distribute emails, the campaign takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address. The campaign takes advantage of Application Integration's Send Mail task, which allows users to send custom email notifications from an integration Lockbit takedown Hero receives OBE Gavin Webb, a senior UK security professional with the National Crime Agency, will receive an Order of the British Empire the 2026 New Year's Honors List for his role in dismantling the Lockbit ransomware gang's infrastructure. The OBE recognises extraordinary public service and is among the UK's highest civilian honours. Webb played a key leadership role in Operation Kronos, a global law enforcement effort that seized critical systems used by Lockbit, one of the world's most notorious ransomware groups. Despite not having a traditional IT background, Webb's work significantly disrupted cybercriminal operations and streng international cybersecurity efforts. Do you want to know more about the most pressing stories of the last few days in time for your weekly standup. Join us today at 4:00 Eastern Time for the Department of no Where. Our guests, Peter Clay, CISO at Aerion, and Chris Ray Field, CTO at gigaom, will sort out the priority stories and do a deep dive on the ones that matter the most. And of course, we will actively involve you in the conversation. Just go to YouTube, search for CISO series and look for Rich Struffolino's smiling face under upcoming Live Streams. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbacksoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.