CISA KEV Alert for Gogs RCE Flaw; BreachForums Database Leaked; AI Threats Forecasted to Rise
Summary
This cybersecurity brief for January 13, 2026, covers several major incidents. CISA has added a critical, actively exploited Gogs vulnerability (CVE-2025-8110) to its KEV catalog, demanding urgent patching. In a significant blow to the cybercrime ecosystem, the user database of the notorious BreachForums was leaked, exposing nearly 324,000 members. Additionally, telecom provider Brightspeed is investigating a major breach claim, while reports from Experian and Everstream Analytics forecast a surge in AI-driven attacks and cyber threats against the global supply chain. Other key events include a critical 10.0 CVSS vulnerability in the n8n automation platform and a new roadmap from the G7 for post-quantum cryptography in the financial sector.
Today New Articles
Urgent Patch: CISA Adds Actively Exploited Gogs RCE Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical path traversal vulnerability, CVE-2025-8110, in the Gogs self-hosted Git service to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, which allows for remote code...
Poetic Justice: BreachForums Hacked, Database of 324,000 Cybercriminals Leaked
In a significant turn of events for the cybercrime community, the user database for the notorious hacking marketplace BreachForums was leaked online on January 9, 2026. The dump contains sensitive records for 323,986 users, including usernames, email addresses...
Oregon DEQ Kept Data Breach of 4,800 People Secret for Nine Months
The Oregon Department of Environmental Quality (DEQ) confirmed on January 13, 2026, that a cyberattack in April 2025 exposed the personal data of approximately 4,800 people. The agency opted not to issue a broad public disclosure, citing that Oregon law did no...
French Immigration Agency Data Leaked via Third-Party Breach
France's Office for Immigration and Integration (OFII) has confirmed a data breach originating from a compromised third-party service provider. In early January 2026, a hacker claimed to be selling a database of up to 2.1 million records of foreign residents o...