Critical &#39;Ni8mare&#39; Flaw Hits n8n; Chinese Hackers Wielded VMware Zero-Day for a Year

FBI Warns of North Korean 'Quishing' Campaigns by Kimsuky (APT43) Targeting Government and Academia

The U.S. Federal Bureau of Investigation (FBI) has issued a formal advisory warning that the North Korean state-sponsored threat group Kimsuky (also known as APT43) is actively using malicious QR codes in spear-phishing emails. This tactic, dubbed 'quishing,' is designed to bypass traditional email security by tricking users into scanning the code with a personal mobile device. The goal is to harvest credentials and session tokens from high-value targets in government, academic institutions, and think tanks, effectively bypassing multi-factor authentication (MFA) through session hijacking.

quishingQR codephishingKimsukyAPT43 +3 more

6 min read

FBI: North Korea's Kimsuky APT Using 'Quishing' to Bypass MFA

London Councils Hit by Major Cyberattack, Resident Data Exposed

Data Breach at London Councils Exposes Sensitive Resident Information After Cyberattack on Shared IT System

A significant cyberattack targeting a shared IT system used by multiple London councils has resulted in a data breach exposing the sensitive personal information of thousands of residents. The incident, which affected Kensington and Chelsea Council among others, has caused widespread service disruptions and has triggered an investigation by the UK's National Cyber Security Centre (NCSC) and the Metropolitan Police. The attack highlights the systemic risks associated with interconnected IT platforms in the public sector, where a single point of failure can have cascading consequences.

data breachLondonlocal governmentpublic sectorNCSC +2 more

5 min read

London Councils Hit by Major Cyberattack, Resident Data Exposed

Critical 9.8 CVSS RCE Flaw Hits Trend Micro Apex Central

CRITICAL

Trend Micro Patches Critical 9.8 CVSS Remote Code Execution Flaw (CVE-2025-69258) in Apex Central

Trend Micro has released patches for multiple vulnerabilities in its on-premise Apex Central security management console, including a critical remote code execution (RCE) flaw, CVE-2025-69258, with a CVSS score of 9.8. The vulnerability allows an unauthenticated remote attacker to load a malicious DLL and execute code with SYSTEM-level privileges. The flaw resides in the 'MsgReceiver.exe' component listening on TCP port 20001. Two other high-severity denial-of-service flaws were also fixed. Customers are urged to update to Build 7190 or later.

Trend MicroApex CentralRCEvulnerabilityCVSS 9.8 +1 more

5 min read

Critical 9.8 CVSS RCE Flaw Hits Trend Micro Apex Central

Qilin Ransomware Gang Claims Attack on Italian Manufacturer Cressi

Russia-Linked Qilin Ransomware Gang Alleges Cyberattack Against Italian Manufacturer Cressi

The prolific Russia-linked Qilin ransomware gang has claimed responsibility for a cyberattack on Cressi, a major Italian manufacturer of diving and water sports equipment. The claim was posted on the group's darknet leak site. As of January 9, 2026, the gang has not leaked any stolen data or set a public ransom deadline, which is a common extortion tactic. Cressi has not yet commented on the allegation. The Qilin group is one of the most active ransomware operations, known for targeting manufacturing and healthcare sectors and for its high-profile attacks in 2025.

QilinransomwareRussiamanufacturingdata leak +1 more

Qilin Ransomware Gang Claims Attack on Italian Manufacturer Cressi

CISA Issues Six New Advisories for Hitachi and Mitsubishi ICS Flaws

MEDIUM

CISA Publishes Six New Advisories for Vulnerabilities in Hitachi Energy and Mitsubishi Electric Industrial Control Systems

On January 8, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released six new Industrial Control Systems (ICS) advisories. The alerts detail vulnerabilities discovered in products from Hitachi Energy and Mitsubishi Electric. These products, including the Hitachi Energy Asset Suite and Mitsubishi Electric's ICONICS Digital Solutions, are widely deployed across multiple critical infrastructure sectors, with a specific mention of the Energy sector. CISA is urging organizations using this equipment to review the advisories and remediate the flaws to prevent potential disruption of industrial processes.

ICSSCADACISAHitachiMitsubishi +2 more

CISA Issues Six New Advisories for Hitachi and Mitsubishi ICS Flaws

Cisco Patches Zero-Day Information Disclosure Flaw in ISE Platform

Cisco Patches High-Severity Zero-Day Information Disclosure Flaw (CVE-2026-20029) in ISE

Cisco has patched a high-severity zero-day vulnerability, CVE-2026-20029, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The flaw could allow an authenticated, remote administrator to read arbitrary files from the underlying system. The vulnerability is due to improper parsing of XML in the web-based management interface. An attacker could exploit it by uploading a malicious file. Cisco has released software updates to address the issue and urges customers to apply them promptly to prevent sensitive data exposure.

CiscoISEzero-dayvulnerabilityinformation disclosure +1 more

Cisco Patches Zero-Day Information Disclosure Flaw in ISE Platform

Cyberattacks on Automotive and Logistics Supply Chains Skyrocket

Report: Cyberattacks on Automotive Supply Chain Soar by 722% in 2025

A new report from Everstream Analytics reveals a dramatic escalation in cyberattacks targeting global supply chains. In 2025, the automotive manufacturing industry experienced a staggering 722% increase in cyber incidents compared to the previous year. The logistics industry was also heavily impacted, with attacks growing by 61%. The report identifies this surge in cyber warfare as a primary factor set to disrupt trade and logistics in 2026, alongside hybrid warfare, aging infrastructure, and the weaponization of trade regulations. This transforms supply chain risk from a cost issue to a major security challenge.

supply chainautomotivelogisticscyberattackmanufacturing +1 more

Cyberattacks on Automotive and Logistics Supply Chains Skyrocket

Updated Articles (2)

State-Sponsored "BRICKSTORM" Backdoor Targets VMware and Windows in Critical Infrastructure

BRICKSTORMAPTState-SponsoredCISANSA +3 more

CISA and NSA Update Analysis of "BRICKSTORM" Backdoor Used by State-Sponsored Actors Against VMware and Windows Systems

Update:

New research from Huntress details how Chinese state-sponsored actors exploited three VMware ESXi zero-day vulnerabilities, collectively named 'ESXicape' (CVE-2025-22224, -22225, -22226), to achieve VM escape and execute code on the hypervisor. These exploits were developed as early as February 2024, a year before patches were released in March 2025. The attack chain observed in December 2025 involved initial access via a compromised SonicWall VPN, followed by privilege escalation and deployment of the ESXi exploit toolkit. This allows for persistent control over virtual infrastructure, total data access, and potential for widespread sabotage or ransomware. Over 30,000 internet-exposed ESXi instances may still be vulnerable, significantly increasing the threat level.

December 28, 2025

Updated: January 9, 2026

6 min read

State-Sponsored "BRICKSTORM" Backdoor Targets VMware and Windows in Critical Infrastructure

NZ Patient Portal Breach Exposes Health Records of 126,000