Sedgwick Discloses Data Breach After TridentLocker Ransomware Attack
Global claims management provider Sedgwick confirmed a cybersecurity incident affecting its federal contractor subsidiary, Sedgwick Government Solutions, after TridentLocker ransomware group claimed to have stolen 3.4GB of data on New Year’s Eve. The company, which handles claims and risk management for U.S. federal agencies including DHS, ICE, CBP, USCIS, DOL, and CISA, immediately activated incident response protocols with external cybersecurity experts. TridentLocker is a ransomware-as-a-service operation that emerged in late November 2025, using double-extortion tactics and targeting diverse sectors including manufacturing, government, IT, and professional services primarily in North America and Europe.
CISA Adds MongoDB MongoBleed Flaw to KEV Catalog, Orders Federal Patch by January 19
CISA added the MongoBleed vulnerability (CVE-2025-14847) to its Known Exploited Vulnerabilities catalog, confirming active exploitation and ordering Federal Civilian Executive Branch agencies to patch within three weeks by January 19, 2026. The high-severity MongoDB flaw stems from improper handling of network packets using the zlib library for data compression, allowing unauthenticated threat actors to remotely steal credentials, API keys, session tokens, and personally identifiable information through low-complexity attacks requiring no user interaction. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, with a public proof-of-concept exploit available since December 26.
University of Phoenix Data Breach Affects 3.5 Million After Oracle Zero-Day Exploit
University of Phoenix disclosed a major data breach affecting approximately 3.5 million people after attackers exploited CVE-2025-61882, a zero-day vulnerability in Oracle E-Business Suite that has been actively abused since early August. Security researchers believe the attack aligns with tactics used by the Clop ransomware gang, which has a history of stealing data through zero-day flaws rather than encrypting systems. The compromised information includes Social Security numbers, bank account details, driver’s license numbers, and government-issued identification numbers, prompting the U.S. Department of State to offer a reward of up to $10 million for information linking Clop’s attacks to a foreign government.
CISA Issues Critical Alert on WHILL Electric Wheelchair Bluetooth Hijacking Vulnerability
CISA issued an urgent warning about CVE-2025-14346, a critical vulnerability with a CVSS score of 9.8 affecting WHILL Model C2 electric wheelchairs and Model F power chairs. Security researchers from QED Secure Solutions discovered the devices lack proper authentication mechanisms for critical functions, enabling attackers within Bluetooth range to seize complete control of the wheelchair without any user interaction or authorization. The affected products are widely deployed in healthcare facilities and by individual users worldwide, potentially putting vulnerable individuals at immediate risk, though CISA has not yet confirmed whether patches or mitigations are available.
Phishing Campaign Abuses Google Cloud Integration Service to Bypass Email Security
Cybersecurity researchers disclosed a sophisticated phishing campaign where attackers impersonate legitimate Google-generated messages by abusing Google Cloud’s Application Integration service to distribute emails from the authentic address “noreply-application-integration@google.com.” The campaign leverages the trust associated with Google Cloud infrastructure to bypass traditional email security filters, with emails mimicking routine enterprise notifications such as voicemail alerts and file access requests to appear normal and trustworthy. Check Point observed 9,394 phishing emails targeting approximately 3,200 customers over a 14-day period in December 2025, affecting organizations in the U.S., Asia-Pacific, Europe, Canada, and Latin America.
