Chinese Hackers Caught Exploiting VMware Zero-Days for Over a Year; FBI Warns of North Korean &#39;Quishing&#39; Attacks

Illinois Department of Human Services Exposes Personal and Health Information of 705,000 Residents via Public Website

The Illinois Department of Human Services (IDHS) has disclosed a major data breach affecting approximately 705,000 state residents. The breach was caused by incorrect privacy settings on internal planning maps that were inadvertently made public on a mapping website for up to four years. The exposed data includes addresses, case numbers, and medical plan information for Medicaid recipients, and names, addresses, and case details for customers of the Division of Rehabilitation Services. The exposure, which constitutes a HIPAA violation, was discovered in September 2025 but only announced in January 2026. IDHS has since secured the data and implemented new policies to prevent a recurrence.

Data BreachIllinoisIDHSMisconfigurationHIPAA +3 more

Illinois DHS Exposes Data of 700,000 Residents in Massive Misconfiguration Breach

Chinese State Hackers 'Salt Typhoon' Breach U.S. Congressional Committee Emails

Chinese APT Salt Typhoon Infiltrates Email Systems of U.S. House Committee Staff

The Chinese state-sponsored hacking group known as Salt Typhoon has reportedly compromised the email systems of staff members for several key U.S. House of Representatives committees. The cyberespionage campaign, detected in December 2025, targeted aides on influential panels including those overseeing China, foreign affairs, intelligence, and armed services. While lawmakers' personal accounts are not believed to have been accessed, the infiltration of staff networks raises significant national security concerns about the potential for long-term intelligence gathering from sensitive, unclassified communications. Salt Typhoon is a known actor with a history of targeting U.S. critical infrastructure.

Salt TyphoonChinaAPTCyberespionageUS Government +2 more

6 min read

Chinese State Hackers 'Salt Typhoon' Breach U.S. Congressional Committee Emails

Cisco Patches Medium-Severity Flaws in Snort 3 Engine That Could Lead to DoS and Data Leaks

MEDIUM

Cisco Snort 3 Vulnerabilities in DCE/RPC Processing Allow for Denial of Service and Information Disclosure

Cisco has disclosed two medium-severity vulnerabilities, CVE-2026-20026 and CVE-2026-20027, in its widely used Snort 3 detection engine. The flaws exist in the processing of DCE/RPC traffic and can be triggered by a remote, unauthenticated attacker. CVE-2026-20026 (CVSS 5.8) is a use-after-free issue that could cause the engine to crash, leading to a denial-of-service. CVE-2026-20027 (CVSS 5.3) is an out-of-bounds read that could leak sensitive memory data. The vulnerabilities affect numerous Cisco products, including Secure Firewall, IOS XE with UTD, and Meraki MX appliances. Patches are available for some products, but others are pending.

CiscoSnortVulnerabilityPatch ManagementDenial of Service +2 more

Cisco Patches Medium-Severity Flaws in Snort 3 Engine That Could Lead to DoS and Data Leaks

Google Patches High-Severity Chrome Flaw That Could Allow Attackers to Bypass Security Policies

Google Releases Urgent Patch for High-Risk Chrome WebView Vulnerability (CVE-2026-0628)

Google has issued a security update for its Chrome browser, patching a high-severity vulnerability tracked as CVE-2026-0628. The flaw, which affects Chrome on Windows, macOS, and Linux, is described as an "insufficient policy enforcement" issue within the WebView component. An attacker could exploit this by tricking a user into installing a malicious extension, which could then bypass security controls to execute unauthorized code on normally protected browser pages. This could lead to data theft or session hijacking. While there is no evidence of active exploitation, Google urges all users to update to the patched versions immediately.

Google ChromeVulnerabilitySecurity BypassWebViewPatch Management +1 more

Online Betting Giant BetVictor Discloses Major Data Breach, Customer Data Compromised

BetVictor Confirms Significant Data Breach Impacting Customer Information and Operations

BetVictor, a major European online gambling company, has officially disclosed a significant data breach that compromised sensitive customer information. The security incident was first detected on January 8, 2026, during routine security audits and has caused unspecified operational disruptions. The company has not yet detailed the nature of the attack or the exact types of data accessed. An investigation is underway as BetVictor works to secure its systems and manage the fallout, which could include regulatory scrutiny and a loss of customer trust in the highly competitive online gaming market.

Data BreachBetVictorGamblingGamingCustomer Data

Online Betting Giant BetVictor Discloses Major Data Breach, Customer Data Compromised

Data of 17.5 Million Instagram Users Leaked on Hacker Forum After Scraping Attack

Scraped Data of 17.5 Million Instagram Users, Including Emails and Phone Numbers, Leaked on BreachForums

The personal data of approximately 17.5 million Instagram users has been leaked on the BreachForums hacking forum. The data, posted by a user named 'Solonik,' was allegedly obtained via automated data scraping from public APIs. The leaked information includes full names, email addresses, phone numbers, and user IDs, exposing the affected individuals to a high risk of targeted phishing, identity theft, and SIM swapping attacks. Following the leak, users have reported a surge in fraudulent password reset attempts. As of January 10, 2026, Instagram's parent company, Meta, has not formally acknowledged the incident.

Data LeakData ScrapingInstagramMetaBreachForums +3 more

6 min read

Data of 17.5 Million Instagram Users Leaked on Hacker Forum After Scraping Attack

Critical OpenSSH Flaw Exposes Moxa Industrial Switches to Remote Code Execution

CRITICAL

Moxa Warns of Critical RCE Vulnerability (CVE-2023-38408) in Industrial Ethernet Switches

Industrial networking vendor Moxa has issued a security advisory for a critical vulnerability, CVE-2023-38408, affecting its EDS-G4000 and RKS-G4000 series industrial Ethernet switches. The flaw resides in the OpenSSH service integrated into the device firmware and could allow a remote attacker to execute arbitrary code. These switches are commonly used in critical infrastructure and industrial control systems (ICS), making the vulnerability particularly high-risk. The Canadian Centre for Cyber Security has echoed the warning, and both organizations are urging administrators to apply the provided firmware updates immediately to mitigate the threat.

MoxaICSOT SecurityVulnerabilityCritical Infrastructure +3 more

Critical OpenSSH Flaw Exposes Moxa Industrial Switches to Remote Code Execution

Updated Articles (1)

HPE OneView Flaw Scores Perfect 10.0, Grants Attackers 'Keys to the Kingdom'

CRITICAL

HPE OneView Hit with Maximum-Severity RCE Vulnerability (CVE-2025-37164)

Update:

CISA has officially confirmed that the critical HPE OneView RCE vulnerability, CVE-2025-37164, is now being actively exploited in the wild. This update follows the initial disclosure and CISA's previous KEV listing, which indicated high risk. The confirmation of active exploitation, likely spurred by a public Proof-of-Concept released in late December 2025, elevates the threat level significantly. CISA has reiterated its mandate for federal agencies to patch by January 28, 2026, urging all organizations to prioritize remediation immediately due to the severe risk of infrastructure compromise.

December 20, 2025

Updated: January 10, 2026