Daily Digest

Critical 'Ni8mare' Flaw Hits n8n; Chinese Hackers Wielded VMware Zero-Day for a Year

Critical 'Ni8mare' Flaw Hits n8n; Chinese Hackers Wielded VMware Zero-Day for a Year

January 9, 2026
9 articles (7 new, 2 updated)
27 min read

Summary

This cybersecurity brief for January 9, 2026, covers a critical unauthenticated RCE vulnerability (CVSS 10.0) in the n8n platform, revelations that a Chinese state-sponsored actor possessed a VMware ESXi zero-day exploit for over a year before its disclosure, and an FBI warning about North Korean 'quishing' campaigns. Other major events include data breaches affecting London councils and New Zealand's largest patient portal, new malware strains like Ripper Ransomware, and CISA adding actively exploited flaws in HPE and legacy PowerPoint to its KEV catalog.

Filter by Category

New Articles (7)

FBI: North Korea's Kimsuky APT Using 'Quishing' to Bypass MFA

HIGH

FBI Warns of North Korean 'Quishing' Campaigns by Kimsuky (APT43) Targeting Government and Academia

The U.S. Federal Bureau of Investigation (FBI) has issued a formal advisory warning that the North Korean state-sponsored threat group Kimsuky (also known as APT43) is actively using malicious QR codes in spear-phishing emails. This tactic, dubbed 'quishing,' is designed to bypass traditional email security by tricking users into scanning the code with a personal mobile device. The goal is to harvest credentials and session tokens from high-value targets in government, academic institutions, and think tanks, effectively bypassing multi-factor authentication (MFA) through session hijacking.

January 9, 2026
6 min read
quishingQR codephishingKimsukyAPT43 +3 more
FBI: North Korea's Kimsuky APT Using 'Quishing' to Bypass MFA
Phishing
Threat Actor
Policy and Compliance

London Councils Hit by Major Cyberattack, Resident Data Exposed

HIGH

Data Breach at London Councils Exposes Sensitive Resident Information After Cyberattack on Shared IT System

A significant cyberattack targeting a shared IT system used by multiple London councils has resulted in a data breach exposing the sensitive personal information of thousands of residents. The incident, which affected Kensington and Chelsea Council among others, has caused widespread service disruptions and has triggered an investigation by the UK's National Cyber Security Centre (NCSC) and the Metropolitan Police. The attack highlights the systemic risks associated with interconnected IT platforms in the public sector, where a single point of failure can have cascading consequences.

January 9, 2026
5 min read
data breachLondonlocal governmentpublic sectorNCSC +2 more
London Councils Hit by Major Cyberattack, Resident Data Exposed
Data Breach
Cyberattack
Regulatory

Critical 9.8 CVSS RCE Flaw Hits Trend Micro Apex Central

CRITICAL

Trend Micro Patches Critical 9.8 CVSS Remote Code Execution Flaw (CVE-2025-69258) in Apex Central

Trend Micro has released patches for multiple vulnerabilities in its on-premise Apex Central security management console, including a critical remote code execution (RCE) flaw, CVE-2025-69258, with a CVSS score of 9.8. The vulnerability allows an unauthenticated remote attacker to load a malicious DLL and execute code with SYSTEM-level privileges. The flaw resides in the 'MsgReceiver.exe' component listening on TCP port 20001. Two other high-severity denial-of-service flaws were also fixed. Customers are urged to update to Build 7190 or later.

January 9, 2026
5 min read
Trend MicroApex CentralRCEvulnerabilityCVSS 9.8 +1 more
Critical 9.8 CVSS RCE Flaw Hits Trend Micro Apex Central
Vulnerability
Patch Management
Cyberattack

Qilin Ransomware Gang Claims Attack on Italian Manufacturer Cressi

HIGH

Russia-Linked Qilin Ransomware Gang Alleges Cyberattack Against Italian Manufacturer Cressi

The prolific Russia-linked Qilin ransomware gang has claimed responsibility for a cyberattack on Cressi, a major Italian manufacturer of diving and water sports equipment. The claim was posted on the group's darknet leak site. As of January 9, 2026, the gang has not leaked any stolen data or set a public ransom deadline, which is a common extortion tactic. Cressi has not yet commented on the allegation. The Qilin group is one of the most active ransomware operations, known for targeting manufacturing and healthcare sectors and for its high-profile attacks in 2025.

January 9, 2026
4 min read
QilinransomwareRussiamanufacturingdata leak +1 more
Qilin Ransomware Gang Claims Attack on Italian Manufacturer Cressi
Ransomware
Threat Actor
Cyberattack

CISA Issues Six New Advisories for Hitachi and Mitsubishi ICS Flaws

MEDIUM

CISA Publishes Six New Advisories for Vulnerabilities in Hitachi Energy and Mitsubishi Electric Industrial Control Systems

On January 8, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released six new Industrial Control Systems (ICS) advisories. The alerts detail vulnerabilities discovered in products from Hitachi Energy and Mitsubishi Electric. These products, including the Hitachi Energy Asset Suite and Mitsubishi Electric's ICONICS Digital Solutions, are widely deployed across multiple critical infrastructure sectors, with a specific mention of the Energy sector. CISA is urging organizations using this equipment to review the advisories and remediate the flaws to prevent potential disruption of industrial processes.

January 9, 2026
4 min read
ICSSCADACISAHitachiMitsubishi +2 more
CISA Issues Six New Advisories for Hitachi and Mitsubishi ICS Flaws
Industrial Control Systems
Vulnerability
Patch Management

Cisco Patches Zero-Day Information Disclosure Flaw in ISE Platform

HIGH

Cisco Patches High-Severity Zero-Day Information Disclosure Flaw (CVE-2026-20029) in ISE

Cisco has patched a high-severity zero-day vulnerability, CVE-2026-20029, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The flaw could allow an authenticated, remote administrator to read arbitrary files from the underlying system. The vulnerability is due to improper parsing of XML in the web-based management interface. An attacker could exploit it by uploading a malicious file. Cisco has released software updates to address the issue and urges customers to apply them promptly to prevent sensitive data exposure.

January 9, 2026
4 min read
CiscoISEzero-dayvulnerabilityinformation disclosure +1 more
Cisco Patches Zero-Day Information Disclosure Flaw in ISE Platform
Vulnerability
Patch Management
Security Operations

Cyberattacks on Automotive and Logistics Supply Chains Skyrocket

HIGH

Report: Cyberattacks on Automotive Supply Chain Soar by 722% in 2025

A new report from Everstream Analytics reveals a dramatic escalation in cyberattacks targeting global supply chains. In 2025, the automotive manufacturing industry experienced a staggering 722% increase in cyber incidents compared to the previous year. The logistics industry was also heavily impacted, with attacks growing by 61%. The report identifies this surge in cyber warfare as a primary factor set to disrupt trade and logistics in 2026, alongside hybrid warfare, aging infrastructure, and the weaponization of trade regulations. This transforms supply chain risk from a cost issue to a major security challenge.

January 9, 2026
4 min read
supply chainautomotivelogisticscyberattackmanufacturing +1 more
Cyberattacks on Automotive and Logistics Supply Chains Skyrocket
Supply Chain Attack
Cyberattack
Industrial Control Systems

Updated Articles (2)

State-Sponsored "BRICKSTORM" Backdoor Targets VMware and Windows in Critical Infrastructure

HIGH

CISA and NSA Update Analysis of "BRICKSTORM" Backdoor Used by State-Sponsored Actors Against VMware and Windows Systems

Update:

New research from Huntress details how Chinese state-sponsored actors exploited three VMware ESXi zero-day vulnerabilities, collectively named 'ESXicape' (CVE-2025-22224, -22225, -22226), to achieve VM escape and execute code on the hypervisor. These exploits were developed as early as February 2024, a year before patches were released in March 2025. The attack chain observed in December 2025 involved initial access via a compromised SonicWall VPN, followed by privilege escalation and deployment of the ESXi exploit toolkit. This allows for persistent control over virtual infrastructure, total data access, and potential for widespread sabotage or ransomware. Over 30,000 internet-exposed ESXi instances may still be vulnerable, significantly increasing the threat level.

December 28, 2025
Updated: January 9, 2026
6 min read
BRICKSTORMAPTState-SponsoredCISANSA +3 more
State-Sponsored "BRICKSTORM" Backdoor Targets VMware and Windows in Critical Infrastructure
Threat Actor
Malware
Industrial Control Systems

NZ Patient Portal Breach Exposes Health Records of 126,000

HIGH

New Zealand's ManageMyHealth Patient Portal Discloses Major Data Breach Affecting Up to 126,000 Users

Update:

ManageMyHealth (MMH) is facing significant backlash for its poor communication following the data breach. Affected patients have reported receiving slow, confusing, and contradictory notifications, with some even locked out of their accounts when attempting to secure them. This has led to widespread frustration and anger among the 125,000 affected individuals. The new report also reveals an anonymous tip about a potential exposure was sent to the Privacy Commissioner in June 2025, prior to the confirmed breach, suggesting earlier security concerns. MMH has declined to comment on the attacker's identity or ransom demands, further fueling public discontent and increasing the incident's overall negative impact.

January 2, 2026
Updated: January 9, 2026
5 min read
patient dataPHIcyberattackransom demandNew Zealand +1 more
NZ Patient Portal Breach Exposes Health Records of 126,000
Data Breach
Ransomware
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats