![Cybersecurity News | Daily Recap [05 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [05 Jan 2026]")
Daily Recap, researchers spotlight a WhatsApp metadata leak as Meta begins rolling out fixes to address exposure of message metadata, while ManageMyHealth remains under investigation for a cyberattack affecting its systems and patient services, and IBM API Connect contains a critical authentication bypass that could let attackers impersonate users and access protected APIs; SlowMist flags a potential security risk at HitBTC that could threaten user funds and platform integrity. On the malware/APT front, VVS Stealer targets Discord via obfuscated Python, and Transparent Tribe (APT36) campaigns weaponize JLPT exam notifications to deliver fileless espionage tools against targets in India, with a weekly threat recap for 04 Jan 2026.
#VVSStealer #APT36
#VVSStealer #APT36
Privacy & Messaging
- Researcher spotlights a WhatsApp metadata leak while Meta begins rolling out fixes to address exposure of message metadata – WhatsApp Leak
Breaches & Incidents
- ManageMyHealth provides an update on an ongoing cyberattack investigation affecting its systems and patient services – ManageMyHealth Update
Vulnerabilities
- A critical flaw in IBM API Connect enables authentication bypass, allowing attackers to impersonate users and access protected APIs – IBM API
Crypto & Exchanges
- Security firm SlowMist flags a potential critical security risk at the HitBTC exchange that could threaten user funds and platform integrity – HitBTC Risk
Malware & APTs
- Researchers report a new VVS Stealer targeting Discord via obfuscated Python code and a separate Transparent Tribe (APT36) campaign weaponizing JLPT exam notifications to deliver fileless espionage tools against targets in India – VVS Stealer, APT36 Campaign
Research & Recaps
- Weekly threat research recap covering key incidents and research highlights for 04 Jan 2026 – Weekly Recap