Daily Digest

Instagram Denies Breach Amid Data Leak Panic; Ransomware Hits French and Japanese Giants

Instagram Denies Breach Amid Data Leak Panic; Ransomware Hits French and Japanese Giants

January 11, 2026
9 articles (9 new)
27 min read

Summary

This cybersecurity brief for January 11, 2026, covers a tumultuous period marked by a major data leak scare at Instagram affecting 17.5 million users, which the company attributes to a bug rather than a breach. Meanwhile, ransomware groups continue their assault on major corporations, with the Qilin group targeting French infrastructure firm Bouygues and the Everest group claiming a massive 900 GB data theft from Nissan. Nation-state activity also remains high, as Iran-linked MuddyWater deploys a new 'RustyWater' RAT in the Middle East, and Chinese APT 'Salt Typhoon' is linked to a hack of U.S. Congressional staff emails. Other significant events include a healthcare data breach in New Zealand, a novel 'quishing' scam in France, and a critical vulnerability disclosed in the Mailpit developer tool.

Filter by Category

New Articles (9)

Iran's MuddyWater APT Unveils 'RustyWater' RAT in Middle East Espionage

HIGH

Iran-Linked MuddyWater APT Targets Middle East with New 'RustyWater' Rust-Based RAT

The Iranian state-sponsored advanced persistent threat (APT) group MuddyWater, also known as Mango Sandstorm and TA450, has been observed deploying a new, custom-built Remote Access Trojan (RAT) named 'RustyWater'. According to research from CloudSEK, this new implant, written in the Rust programming language, is being used in a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities across the Middle East. The shift to a Rust-based tool marks a significant evolution in the group's capabilities, aimed at enhancing stealth and evading detection during long-term espionage operations.

January 11, 2026
6 min read
APTCyber EspionageRustRATSpear-phishing +2 more
Iran's MuddyWater APT Unveils 'RustyWater' RAT in Middle East Espionage

Qilin Ransomware Hits French Infra Giant Bouygues, Claims 80GB Data Theft

CRITICAL

Qilin Ransomware Group Claims Cyberattack on French Infrastructure Firm Bouygues Energies & Services, Alleges Theft of SCADA Data

The prolific Qilin ransomware group has listed French multinational infrastructure firm Bouygues Energies & Services as its latest victim on its dark web leak site. The group claims to have exfiltrated 80 GB of highly sensitive data, comprising 31,000 files. Most alarmingly, the threat actors allege the stolen data includes documents related to industrial control systems (ICS), such as SCADA interfaces and network plans for critical infrastructure projects like tunnels and tramways. This attack highlights the severe risk ransomware poses to physical safety and national security, extending beyond simple data encryption.

January 11, 2026
6 min read
Double ExtortionSCADACritical InfrastructureFranceData Leak +1 more
Qilin Ransomware Hits French Infra Giant Bouygues, Claims 80GB Data Theft

Apex Legends 'Remote Control' Hack Patched After Streamers Hijacked

HIGH

Respawn Entertainment Patches 'Remote Control' Exploit in Apex Legends That Allowed Player Hijacking

Respawn Entertainment, the developer of the popular battle royale game Apex Legends, rapidly deployed a patch on January 10, 2026, to fix a significant security exploit. The vulnerability allowed a malicious actor to remotely take control of other players' characters during a live match, an incident that affected several high-profile streamers. The developer was quick to reassure the community that the exploit was not a Remote Code Execution (RCE) vulnerability, meaning attackers could not execute malicious code on victims' computers. The issue was resolved within a day of being publicly acknowledged.

January 11, 2026
4 min read
GamingExploitAnti-CheatInput HijackingRespawn +1 more
Apex Legends 'Remote Control' Hack Patched After Streamers Hijacked

Everest Ransomware Claims 900 GB Data Theft from Nissan

HIGH

Everest Ransomware Group Alleges Major Breach at Nissan, Claims 900 GB of Corporate Data Exfiltrated

The Everest ransomware group has claimed a massive data breach against Japanese automotive giant Nissan Motor Co., Ltd. In a post on its dark web leak site on January 10, 2026, the group alleged it had stolen approximately 900 GB of sensitive corporate data. To back up its claim, Everest published screenshots showing internal directory structures and file names related to dealerships, finance, and audits. The group, which employs a double-extortion model, has given Nissan a five-day deadline to respond before it threatens to release the data publicly. Nissan has not yet officially confirmed the breach.

January 11, 2026
6 min read
RaaSAutomotiveData ExfiltrationDark WebJapan +1 more
Everest Ransomware Claims 900 GB Data Theft from Nissan

High-Severity Flaw in Mailpit Dev Tool Allows Email Interception

MEDIUM

Mailpit Email Testing Tool Vulnerable to Cross-Site WebSocket Hijacking (CVE-2026-22689)

A high-severity vulnerability, tracked as CVE-2026-22689, has been discovered in Mailpit, a popular email testing tool for developers. The flaw is a Cross-Site WebSocket Hijacking (CSWSH) issue affecting all versions prior to 1.28.2. It allows a remote attacker to intercept sensitive data, including the full content of test emails, by tricking a developer running a vulnerable Mailpit instance into visiting a specially crafted malicious website. Users are strongly urged to upgrade to the patched version to mitigate the risk of data exposure.

January 11, 2026
5 min read
CSWSHWebSocketDeveloper ToolCVEPatch +1 more
High-Severity Flaw in Mailpit Dev Tool Allows Email Interception

French Bank Customers Hit by 'Quishing' Scam Using Fake Physical Cards

MEDIUM

Sophisticated 'Quishing' Campaign in France Targets Bank Customers with Fake Cards and Malicious QR Codes

A highly deceptive phishing campaign, dubbed 'quishing,' is targeting bank customers in France using a blend of physical and digital tactics. Scammers are sending official-looking letters by postal mail that contain a high-quality counterfeit bank card. The letter instructs the recipient to 'activate' the new card by scanning an included QR code. This QR code directs the victim to a fraudulent website designed to mimic their bank's portal, where their banking credentials and personal information are harvested. This hybrid attack method is effective at bypassing traditional email security filters.

January 11, 2026
4 min read
QuishingQR CodeSocial EngineeringBank FraudFrance +1 more
French Bank Customers Hit by 'Quishing' Scam Using Fake Physical Cards

Texas Health System Breach Exposes Data of Over 34,000 Patients

HIGH

Vida Y Salud Health Systems Discloses Data Breach Affecting 34,504 Texas Patients

Vida Y Salud Health Systems Inc., a nonprofit health center serving rural communities in South Texas, has reported a data breach that exposed the sensitive personal and medical information of 34,504 patients. The organization detected unauthorized access to its network in October 2025, where an attacker copied files containing names, Social Security numbers, driver's license numbers, and protected health information (PHI). Vida Y Salud is notifying affected individuals and offering complimentary credit monitoring services as law firms begin to investigate the incident.

January 11, 2026
5 min read
PHISSNPatient DataHealthcare BreachTexas +1 more
Texas Health System Breach Exposes Data of Over 34,000 Patients

Financial Sector Warned of Systemic Supply Chain Risk and 'Indirect Ransomware'

HIGH

Report Highlights Systemic Supply Chain Risk and Rise of 'Indirect Ransomware' in Financial Sector

A new threat intelligence report for 2025-2026 reveals a perilous cyber landscape for the financial sector, dominated by systemic supply chain risks and evolving ransomware tactics. Citing data that 97% of U.S. banks were breached via third-party suppliers in 2024, the report underscores the critical vulnerability posed by partners. It also highlights the rise of 'indirect ransomware,' where attackers compromise a supplier to bypass a bank's defenses. Geopolitical threats also persist, with pro-Russian hacktivists targeting European banks and the North Korean Lazarus Group remaining a primary state-aligned threat.

January 11, 2026
5 min read
Supply ChainIndirect RansomwareDORAFinancial ServicesThreat Report +1 more
Financial Sector Warned of Systemic Supply Chain Risk and 'Indirect Ransomware'

YARA-X Update Helps Analysts Avoid Flawed Detection Rules

INFORMATIONAL

YARA-X v1.11.0 Released with Hash Function Warnings to Prevent False Negatives

Version 1.11.0 of YARA-X, a popular tool for malware analysis, has been released with a key enhancement aimed at improving the accuracy of detection rules. The update introduces 'hash function warnings,' a feature that alerts security analysts when they make common errors in hash string comparisons, such as providing a SHA1 hash where a SHA256 hash is expected. This quality-of-life improvement helps prevent silent false negatives, where a flawed rule fails to detect malware without providing any error, thereby strengthening threat hunting and security operations.

January 11, 2026
3 min read
YARAMalware AnalysisThreat HuntingDetection EngineeringFalse Negatives +1 more
YARA-X Update Helps Analysts Avoid Flawed Detection Rules

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.