Instagram Denies Breach Amid Data Leak Panic; Ransomware Hits French and Japanese Giants
Summary
This cybersecurity brief for January 11, 2026, covers a tumultuous period marked by a major data leak scare at Instagram affecting 17.5 million users, which the company attributes to a bug rather than a breach. Meanwhile, ransomware groups continue their assault on major corporations, with the Qilin group targeting French infrastructure firm Bouygues and the Everest group claiming a massive 900 GB data theft from Nissan. Nation-state activity also remains high, as Iran-linked MuddyWater deploys a new 'RustyWater' RAT in the Middle East, and Chinese APT 'Salt Typhoon' is linked to a hack of U.S. Congressional staff emails. Other significant events include a healthcare data breach in New Zealand, a novel 'quishing' scam in France, and a critical vulnerability disclosed in the Mailpit developer tool.
Today New Articles
Iran's MuddyWater APT Unveils 'RustyWater' RAT in Middle East Espionage
The Iranian state-sponsored advanced persistent threat (APT) group MuddyWater, also known as Mango Sandstorm and TA450, has been observed deploying a new, custom-built Remote Access Trojan (RAT) named 'RustyWater'. According to research from CloudSEK, this new...
Qilin Ransomware Hits French Infra Giant Bouygues, Claims 80GB Data Theft
The prolific Qilin ransomware group has listed French multinational infrastructure firm Bouygues Energies & Services as its latest victim on its dark web leak site. The group claims to have exfiltrated 80 GB of highly sensitive data, comprising 31,000 files. M...
Apex Legends 'Remote Control' Hack Patched After Streamers Hijacked
Respawn Entertainment, the developer of the popular battle royale game Apex Legends, rapidly deployed a patch on January 10, 2026, to fix a significant security exploit. The vulnerability allowed a malicious actor to remotely take control of other players' cha...
Everest Ransomware Claims 900 GB Data Theft from Nissan
The Everest ransomware group has claimed a massive data breach against Japanese automotive giant Nissan Motor Co., Ltd. In a post on its dark web leak site on January 10, 2026, the group alleged it had stolen approximately 900 GB of sensitive corporate data. T...
High-Severity Flaw in Mailpit Dev Tool Allows Email Interception
A high-severity vulnerability, tracked as CVE-2026-22689, has been discovered in Mailpit, a popular email testing tool for developers. The flaw is a Cross-Site WebSocket Hijacking (CSWSH) issue affecting all versions prior to 1.28.2. It allows a remote attacke...
French Bank Customers Hit by 'Quishing' Scam Using Fake Physical Cards
A highly deceptive phishing campaign, dubbed 'quishing,' is targeting bank customers in France using a blend of physical and digital tactics. Scammers are sending official-looking letters by postal mail that contain a high-quality counterfeit bank card. The le...
Texas Health System Breach Exposes Data of Over 34,000 Patients
Vida Y Salud Health Systems Inc., a nonprofit health center serving rural communities in South Texas, has reported a data breach that exposed the sensitive personal and medical information of 34,504 patients. The organization detected unauthorized access to it...
Financial Sector Warned of Systemic Supply Chain Risk and 'Indirect Ransomware'
A new threat intelligence report for 2025-2026 reveals a perilous cyber landscape for the financial sector, dominated by systemic supply chain risks and evolving ransomware tactics. Citing data that 97% of U.S. banks were breached via third-party suppliers in...
YARA-X Update Helps Analysts Avoid Flawed Detection Rules
Version 1.11.0 of YARA-X, a popular tool for malware analysis, has been released with a key enhancement aimed at improving the accuracy of detection rules. The update introduces 'hash function warnings,' a feature that alerts security analysts when they make c...