Daily Digest

CrazyHunter Ransomware Hits Taiwanese Healthcare, G7 Warns on Quantum Threats, and Malicious npm Packages Target n8n

CrazyHunter Ransomware Hits Taiwanese Healthcare, G7 Warns on Quantum Threats, and Malicious npm Packages Target n8n

January 12, 2026
5 articles (5 new)
15 min read

Summary

A cybersecurity summary for January 12, 2026, covering a surge in targeted attacks and strategic warnings. Highlights include the 'CrazyHunter' ransomware crippling Taiwanese healthcare with advanced tactics, a G7 directive urging the financial sector to prepare for post-quantum cryptography, and a new supply chain attack using malicious npm packages to steal credentials from the n8n automation platform. Other major events include a massive DDoS campaign against the UK by pro-Russian hacktivists and a WEF report identifying cyber-fraud as the new top global threat.

Filter by Category

New Articles (5)

G7 Urges Financial Sector to Prepare for Quantum Computing Threat

INFORMATIONAL

G7 Releases Roadmap for Financial Sector's Transition to Post-Quantum Cryptography

The G7 Cyber Expert Group (CEG), co-chaired by the U.S. Department of the Treasury and the Bank of England, has issued a public statement and roadmap advising the global financial sector to begin a coordinated transition to quantum-resilient technology. The guidance warns that advanced quantum computers will eventually be able to break the public-key cryptography that secures the world's financial transactions. The roadmap encourages financial institutions to start assessing their quantum risks and developing formal plans for migrating to post-quantum cryptography (PQC) standards, such as those being developed by NIST, to counter 'harvest now, decrypt later' attacks.

January 12, 2026
5 min read
G7PQCPost-Quantum CryptographyFinanceBanking +3 more
G7 Urges Financial Sector to Prepare for Quantum Computing Threat

Supply Chain Attack: Malicious npm Packages Steal Credentials from n8n Automation Platform

HIGH

New Supply Chain Attack Uses Malicious npm Packages to Steal Credentials from n8n Workflow Automation Platform

A novel supply chain attack discovered by Endor Labs is targeting users of the n8n workflow automation platform. Attackers are publishing malicious packages to the npm registry, disguised as legitimate 'community nodes' for popular services. When an unsuspecting user installs one of these nodes and enters their credentials (e.g., OAuth tokens, API keys), the malicious code exfiltrates the entire credential store from the n8n instance to an attacker-controlled server. This gives the attackers access to all services connected to the victim's n8n workflows, such as Salesforce and Stripe, creating a significant risk of widespread data breaches and financial fraud.

January 12, 2026
5 min read
n8nnpmSupply Chain AttackCredential TheftEndor Labs +2 more
Supply Chain Attack: Malicious npm Packages Steal Credentials from n8n Automation Platform

Cyber-Fraud Now Top Global Threat, Surpassing Ransomware, WEF Report Finds

INFORMATIONAL

WEF Global Cybersecurity Outlook 2026: Cyber-Fraud and AI-Driven Threats Redefine Risk Landscape

The World Economic Forum's (WEF) 'Global Cybersecurity Outlook 2026' report, produced with Accenture, reveals a major shift in the threat landscape: cyber-enabled fraud and phishing have now surpassed ransomware as the top concern for global business leaders. The report highlights that fraud has reached 'record highs,' with 77% of leaders reporting an increase. It also identifies Artificial Intelligence as the most consequential force shaping cybersecurity in 2026, with 94% of leaders agreeing it will be the biggest factor. AI is seen as a double-edged sword, accelerating both offensive capabilities and defensive solutions, while growing concerns about data leaks from generative AI persist.

January 12, 2026
5 min read
WEFCyber FraudPhishingRansomwareAI +2 more
Cyber-Fraud Now Top Global Threat, Surpassing Ransomware, WEF Report Finds

GoBruteforcer Botnet Exploits Weak Credentials on Linux Servers to Target Crypto Wallets

HIGH

GoBruteforcer Botnet Compromises Linux Servers via Weak Credentials, Steals Cryptocurrency

A modular Go-based botnet named GoBruteforcer is actively compromising internet-facing Linux servers by brute-forcing weak credentials for services like FTP, MySQL, and PostgreSQL. According to Check Point Research, the campaign's success is fueled by the widespread use of default or weak passwords, often found in AI-generated server deployment examples. Once compromised, servers are added to an IRC-controlled botnet and used to scan for more victims. The attackers have a clear financial motive, as they have been observed deploying tools on compromised hosts to scan for and drain TRON and Binance Smart Chain cryptocurrency wallets.

January 12, 2026
5 min read
GoBruteforcerBotnetLinuxMalwareBrute Force +2 more
GoBruteforcer Botnet Exploits Weak Credentials on Linux Servers to Target Crypto Wallets

High-Severity Code Injection Flaw in Open WebUI (CVE-2025-64496) Allows RCE

HIGH

Open WebUI Vulnerability (CVE-2025-64496) Allows Account Takeover and Remote Code Execution

A high-severity vulnerability, tracked as CVE-2025-64496, has been discovered in Open WebUI, a popular self-hosted interface for large language models (LLMs). The flaw, found by Cato Networks, allows a malicious AI server to inject arbitrary JavaScript code into a user's browser session. This can be exploited to steal authentication tokens and take over the user's account. If the compromised user has specific permissions enabled, the vulnerability can be escalated to achieve full remote code execution (RCE) on the host server. The issue affects Open WebUI versions 0.6.34 and older and was patched in version 0.6.35.

January 12, 2026
5 min read
CVE-2025-64496Open WebUIVulnerabilityRCEAccount Takeover +2 more
High-Severity Code Injection Flaw in Open WebUI (CVE-2025-64496) Allows RCE

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.