CyberNetSec.io

Daily Cybersecurity Threat Briefings

Home

Publications

Home Publications

Security Advisories & Threat Intelligence

Real-time cybersecurity alerts, vulnerability advisories, and threat analysis

Filter by Category

Showing 1 - 10 of 585 articles

1 / 59

Per page:

G7 Urges Financial Sector to Prepare for Quantum Computing Threat

INFORMATIONAL

G7 Releases Roadmap for Financial Sector's Transition to Post-Quantum Cryptography

The G7 Cyber Expert Group (CEG), co-chaired by the U.S. Department of the Treasury and the Bank of England, has issued a public statement and roadmap advising the global financial sector to begin a coordinated transition to quantum-resilient technology. The guidance warns that advanced quantum computers will eventually be able to break the public-key cryptography that secures the world's financial transactions. The roadmap encourages financial institutions to start assessing their quantum risks and developing formal plans for migrating to post-quantum cryptography (PQC) standards, such as those being developed by NIST, to counter 'harvest now, decrypt later' attacks.

Jan 12, 2026

5 min read

Policy and Compliance

Regulatory

Threat Intelligence

G7PQCPost-Quantum CryptographyFinanceBanking +3 more

G7 Urges Financial Sector to Prepare for Quantum Computing Threat

Supply Chain Attack: Malicious npm Packages Steal Credentials from n8n Automation Platform

HIGH

New Supply Chain Attack Uses Malicious npm Packages to Steal Credentials from n8n Workflow Automation Platform

A novel supply chain attack discovered by Endor Labs is targeting users of the n8n workflow automation platform. Attackers are publishing malicious packages to the npm registry, disguised as legitimate 'community nodes' for popular services. When an unsuspecting user installs one of these nodes and enters their credentials (e.g., OAuth tokens, API keys), the malicious code exfiltrates the entire credential store from the n8n instance to an attacker-controlled server. This gives the attackers access to all services connected to the victim's n8n workflows, such as Salesforce and Stripe, creating a significant risk of widespread data breaches and financial fraud.

n8nnpmSupply Chain AttackCredential TheftEndor Labs +2 more

Supply Chain Attack: Malicious npm Packages Steal Credentials from n8n Automation Platform

Cyber-Fraud Now Top Global Threat, Surpassing Ransomware, WEF Report Finds

INFORMATIONAL

WEF Global Cybersecurity Outlook 2026: Cyber-Fraud and AI-Driven Threats Redefine Risk Landscape

The World Economic Forum's (WEF) 'Global Cybersecurity Outlook 2026' report, produced with Accenture, reveals a major shift in the threat landscape: cyber-enabled fraud and phishing have now surpassed ransomware as the top concern for global business leaders. The report highlights that fraud has reached 'record highs,' with 77% of leaders reporting an increase. It also identifies Artificial Intelligence as the most consequential force shaping cybersecurity in 2026, with 94% of leaders agreeing it will be the biggest factor. AI is seen as a double-edged sword, accelerating both offensive capabilities and defensive solutions, while growing concerns about data leaks from generative AI persist.

Jan 12, 2026

5 min read

Policy and Compliance

Threat Intelligence

Regulatory

WEFCyber FraudPhishingRansomwareAI +2 more

Cyber-Fraud Now Top Global Threat, Surpassing Ransomware, WEF Report Finds

GoBruteforcer Botnet Exploits Weak Credentials on Linux Servers to Target Crypto Wallets

HIGH

GoBruteforcer Botnet Compromises Linux Servers via Weak Credentials, Steals Cryptocurrency

A modular Go-based botnet named GoBruteforcer is actively compromising internet-facing Linux servers by brute-forcing weak credentials for services like FTP, MySQL, and PostgreSQL. According to Check Point Research, the campaign's success is fueled by the widespread use of default or weak passwords, often found in AI-generated server deployment examples. Once compromised, servers are added to an IRC-controlled botnet and used to scan for more victims. The attackers have a clear financial motive, as they have been observed deploying tools on compromised hosts to scan for and drain TRON and Binance Smart Chain cryptocurrency wallets.

GoBruteforcerBotnetLinuxMalwareBrute Force +2 more

GoBruteforcer Botnet Exploits Weak Credentials on Linux Servers to Target Crypto Wallets

High-Severity Code Injection Flaw in Open WebUI (CVE-2025-64496) Allows RCE

HIGH

Open WebUI Vulnerability (CVE-2025-64496) Allows Account Takeover and Remote Code Execution

A high-severity vulnerability, tracked as CVE-2025-64496, has been discovered in Open WebUI, a popular self-hosted interface for large language models (LLMs). The flaw, found by Cato Networks, allows a malicious AI server to inject arbitrary JavaScript code into a user's browser session. This can be exploited to steal authentication tokens and take over the user's account. If the compromised user has specific permissions enabled, the vulnerability can be escalated to achieve full remote code execution (RCE) on the host server. The issue affects Open WebUI versions 0.6.34 and older and was patched in version 0.6.35.

CVE-2025-64496Open WebUIVulnerabilityRCEAccount Takeover +2 more

Iran's MuddyWater APT Unveils 'RustyWater' RAT in Middle East Espionage

HIGH

Iran-Linked MuddyWater APT Targets Middle East with New 'RustyWater' Rust-Based RAT

The Iranian state-sponsored advanced persistent threat (APT) group MuddyWater, also known as Mango Sandstorm and TA450, has been observed deploying a new, custom-built Remote Access Trojan (RAT) named 'RustyWater'. According to research from CloudSEK, this new implant, written in the Rust programming language, is being used in a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities across the Middle East. The shift to a Rust-based tool marks a significant evolution in the group's capabilities, aimed at enhancing stealth and evading detection during long-term espionage operations.

APTCyber EspionageRustRATSpear-phishing +2 more

Iran's MuddyWater APT Unveils 'RustyWater' RAT in Middle East Espionage

Qilin Ransomware Hits French Infra Giant Bouygues, Claims 80GB Data Theft

CRITICAL

Qilin Ransomware Group Claims Cyberattack on French Infrastructure Firm Bouygues Energies & Services, Alleges Theft of SCADA Data

The prolific Qilin ransomware group has listed French multinational infrastructure firm Bouygues Energies & Services as its latest victim on its dark web leak site. The group claims to have exfiltrated 80 GB of highly sensitive data, comprising 31,000 files. Most alarmingly, the threat actors allege the stolen data includes documents related to industrial control systems (ICS), such as SCADA interfaces and network plans for critical infrastructure projects like tunnels and tramways. This attack highlights the severe risk ransomware poses to physical safety and national security, extending beyond simple data encryption.

Jan 11, 2026

6 min read

Ransomware

Industrial Control Systems

Cyberattack

Double ExtortionSCADACritical InfrastructureFranceData Leak +1 more

Qilin Ransomware Hits French Infra Giant Bouygues, Claims 80GB Data Theft

Apex Legends 'Remote Control' Hack Patched After Streamers Hijacked

HIGH

Respawn Entertainment Patches 'Remote Control' Exploit in Apex Legends That Allowed Player Hijacking

Respawn Entertainment, the developer of the popular battle royale game Apex Legends, rapidly deployed a patch on January 10, 2026, to fix a significant security exploit. The vulnerability allowed a malicious actor to remotely take control of other players' characters during a live match, an incident that affected several high-profile streamers. The developer was quick to reassure the community that the exploit was not a Remote Code Execution (RCE) vulnerability, meaning attackers could not execute malicious code on victims' computers. The issue was resolved within a day of being publicly acknowledged.

GamingExploitAnti-CheatInput HijackingRespawn +1 more

Apex Legends 'Remote Control' Hack Patched After Streamers Hijacked

Everest Ransomware Claims 900 GB Data Theft from Nissan

HIGH

Everest Ransomware Group Alleges Major Breach at Nissan, Claims 900 GB of Corporate Data Exfiltrated

The Everest ransomware group has claimed a massive data breach against Japanese automotive giant Nissan Motor Co., Ltd. In a post on its dark web leak site on January 10, 2026, the group alleged it had stolen approximately 900 GB of sensitive corporate data. To back up its claim, Everest published screenshots showing internal directory structures and file names related to dealerships, finance, and audits. The group, which employs a double-extortion model, has given Nissan a five-day deadline to respond before it threatens to release the data publicly. Nissan has not yet officially confirmed the breach.

RaaSAutomotiveData ExfiltrationDark WebJapan +1 more

Everest Ransomware Claims 900 GB Data Theft from Nissan

High-Severity Flaw in Mailpit Dev Tool Allows Email Interception

MEDIUM

Mailpit Email Testing Tool Vulnerable to Cross-Site WebSocket Hijacking (CVE-2026-22689)

A high-severity vulnerability, tracked as CVE-2026-22689, has been discovered in Mailpit, a popular email testing tool for developers. The flaw is a Cross-Site WebSocket Hijacking (CSWSH) issue affecting all versions prior to 1.28.2. It allows a remote attacker to intercept sensitive data, including the full content of test emails, by tricking a developer running a vulnerable Mailpit instance into visiting a specially crafted malicious website. Users are strongly urged to upgrade to the patched version to mitigate the risk of data exposure.

CSWSHWebSocketDeveloper ToolCVEPatch +1 more

High-Severity Flaw in Mailpit Dev Tool Allows Email Interception

Showing 1 - 10 of 585 articles

1 / 59