CyberNews: 05/01/2026 Edition

Published by Dunateo on 2026-01-05

Today’s roundup

  • The cybercriminal behind the 2016 Bitfinex hack has been released from prison early thanks to Trump’s 2018 First Step Act
  • New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
  • Experts Trace $35m in Stolen Crypto to LastPass Breach
  • Sedgwick discloses data breach after TridentLocker ransomware attack
  • Resecurity Caught ShinyHunters in Honeypot
  • What is happening to the Internet in Venezuela? Did the U.S. use cyber capabilities?

    • Summary

    Ilya Lichtenstein, 38, who was sentenced to five years in November 2024 for his role in laundering 120,000 Bitcoins stolen in the 2016 Bitfinex hack, has been released early from prison. His early release is attributed to the U.S. First Step Act. Over 96% of the stolen funds have been recovered. His wife, Heather Morgan, also received an early release from her 18-month sentence.


    Cybersecurity researchers from Palo Alto Networks Unit 42 have identified a new Python-based information stealer named VVS Stealer (VVS $tealer). This malware is designed to harvest Discord credentials and tokens and has been available for sale on Telegram since at least April 2025. It employs Pyarmor for code obfuscation.


    TRM Labs has reported that $35 million in cryptocurrency has been drained from user wallets, directly linking these losses to the 2022 LastPass data breach. This development underscores the long-term financial repercussions for victims of major security incidents involving sensitive credential storage.


    Sedgwick, a global claims management and risk services provider, has confirmed a cyber incident impacting its federal contractor subsidiary, Sedgwick Government Solutions. The TridentLocker ransomware group claimed responsibility, alleging the theft of 3.4GB of data on New Year's Eve. The affected subsidiary handles claims for several U.S. federal agencies, including DHS and CISA. Sedgwick asserts the impacted unit is segmented, preventing wider system or data compromise, and that claims management servers were not accessed.


    Resecurity successfully employed a honeypot to trap the ShinyHunters (also known as Scattered Lapsus$ Hunters, SLH) threat actor group. ShinyHunters mistakenly declared a compromise of Resecurity's systems after interacting with decoy accounts. This incident follows Resecurity's prior reporting in September 2025 on SLH's attacks targeting airlines, telecommunications, and law enforcement. Resecurity subsequently disclosed details, including IP addresses and operational security errors made by the group.


    Internet connectivity experienced outages in parts of Caracas, Venezuela, coinciding with a U.S. military operation that resulted in the capture of President Nicolás Maduro. NetBlocks confirmed the disruptions, linking them to power cuts. Former U.S. President Donald Trump suggested that U.S. cyber capabilities were utilized to cause the power failures. During this period, a significant increase in Tor network usage was observed across Venezuela, indicating a widespread effort by citizens to circumvent censorship and monitoring. This event follows a December cyberattack on the state-owned oil company PDVSA, which the Venezuelan government attributed to the U.S.

    Want to dig deeper?

    Malware Families

    Global GLOBAL GROUP