Critical RCEs in n8n, Microsoft Warns of Phishing Surge, and Lapsus$ Group Resurfaces

Publication Date: January 7, 2026

Summary

This cybersecurity publication for January 7, 2026, covers a series of critical threats and developments. Highlights include the disclosure of two maximum-severity unauthenticated and authenticated RCE vulnerabilities (CVSS 10.0) in the n8n automation platform, a major warning from Microsoft about a surge in phishing attacks exploiting email routing and DNS misconfigurations, and intelligence suggesting the Lapsus$ extortion group has resurfaced with evolved tactics. Other key stories include the 'Zestix' actor breaching 50 companies via stolen credentials on MFA-less portals, a ransomware attack on claims giant Sedgwick by the TridentLocker group, and significant updates to US data privacy laws and UK government cyber strategy.

Today New Articles

No MFA, No Problem: "Zestix" Actor Breaches 50 Firms Using Stolen Credentials

A threat actor identified as 'Zestix' (or 'Sentap') has successfully compromised approximately 50 global enterprises by simply logging into their corporate file-sharing portals with valid credentials. According to research from Hudson Rock, the attacks were no...

Ni8mare: Critical Unauthenticated RCE Flaw (CVSS 10.0) Hits n8n Automation Platform

A critical, unauthenticated remote code execution (RCE) vulnerability, codenamed 'Ni8mare' and tracked as CVE-2026-21858, has been disclosed in the popular n8n workflow automation platform. The flaw, which carries the maximum possible CVSS score of 10.0, allow...

TridentLocker Ransomware Strikes Claims Giant Sedgwick in Breach-then-Encrypt Attack

Global claims management leader Sedgwick has reportedly been targeted by the TridentLocker ransomware group. The attack follows the increasingly common 'breach-then-encrypt' model, where threat actors first exfiltrate sensitive data before deploying ransomware...

CISA Adds Two New Actively Exploited Vulnerabilities to KEV Catalog

On January 7, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The specific details of the flaws have not been disclosed, but their inclusion confirms the...

Second CVSS 10.0 RCE Hits n8n, Allows Authenticated Takeover

A second maximum-severity vulnerability, CVE-2026-21877, has been disclosed in the n8n workflow automation platform, also rated CVSS 10.0. Unlike the recently revealed unauthenticated flaw, this vulnerability requires an attacker to be an authenticated user. A...

NIST Releases Draft Cybersecurity Framework Profile for AI

The U.S. National Institute of Standards and Technology (NIST) has released a preliminary draft of a Cybersecurity Framework (CSF) Profile for Artificial Intelligence. This new guidance, intended to be used with CSF 2.0 and the AI Risk Management Framework (AI...

ownCloud Urges Users to Enable MFA as Credential Stuffing Attacks Surge

In a proactive security move, the developers of the ownCloud file-sharing platform have issued a warning to all users, strongly advising them to enable multi-factor authentication (MFA). The advisory, released on January 7, 2026, is a direct response to recent...

Qualcomm Issues January Security Bulletin Addressing Multiple Vulnerabilities

Qualcomm has published its January 2026 security bulletin, addressing multiple vulnerabilities of varying severities across a wide range of its products. The bulletin was highlighted by an advisory from the Canadian Centre for Cyber Security on January 7, 2026...

Lapsus$ Hacking Group Is Back with Evolved Extortion Tactics

The notorious Lapsus$ extortion group, known for its high-profile breaches of major tech companies, has reportedly resurfaced. According to a threat intelligence report from January 7, 2026, remnants of the group have reformed and evolved, integrating tactics...