Daily Digest

CISA Mandates Patches for Exploited Windows & Gogs Zero-Days; Ransomware Cripples Hospital & Energy Giant Breached

CISA Mandates Patches for Exploited Windows & Gogs Zero-Days; Ransomware Cripples Hospital & Energy Giant Breached

January 14, 2026
9 articles (8 new, 1 updated)
27 min read

Summary

In the last 24 hours, the cybersecurity landscape has been dominated by critical vulnerability disclosures and high-impact cyberattacks. The U.S. CISA has added two actively exploited zero-day vulnerabilities to its KEV catalog: a Windows information disclosure flaw (CVE-2026-20805) and a Gogs RCE flaw (CVE-2025-8110), mandating urgent action from federal agencies. In Europe, a suspected ransomware attack crippled Belgium's AZ Monica hospital, forcing the transfer of critical patients, while Spanish energy giant Endesa confirmed a massive data breach with a threat actor claiming to hold data on 20 million people. These incidents are compounded by new threat intelligence on evolving tactics from Russian GRU hackers and a strategic shift in the ransomware ecosystem towards encryptionless extortion.

Filter by Category

New Articles (8)

CISA Mandates Patch for Exploited Windows Zero-Day Used in Attack Chains

HIGH

CISA Adds Actively Exploited Windows Zero-Day (CVE-2026-20805) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a zero-day vulnerability in the Windows Desktop Window Manager (CVE-2026-20805) by February 3, 2026. The medium-severity information disclosure flaw is being actively exploited in the wild as a crucial component in multi-stage attack chains, allowing attackers to bypass Address Space Layout Randomization (ASLR) and enable more severe exploits like remote code execution. The flaw was addressed in Microsoft's January 2026 Patch Tuesday update.

January 14, 2026
5 min read
CVE-2026-20805WindowsZero-DayCISAKEV +3 more
CISA Mandates Patch for Exploited Windows Zero-Day Used in Attack Chains

Spanish Energy Giant Endesa Hit by Massive Data Breach, 20M Records Allegedly For Sale

HIGH

Endesa Confirms Data Breach; Hacker Claims to Hold Data of 20 Million People

Spain's largest electric utility, Endesa, has confirmed a data breach after detecting unauthorized access to a commercial platform. The company admitted that customer PII, contact details, and bank account IBANs were potentially exposed. The situation is amplified by a threat actor on a cybercrime forum who claims to have stolen a 1.05 TB database containing the data of over 20 million people, which is now up for sale. Endesa, which serves over 10 million customers, is urging vigilance against phishing and fraud.

January 14, 2026
5 min read
Data BreachEndesaSpainPIIEnergy Sector +2 more
Spanish Energy Giant Endesa Hit by Massive Data Breach, 20M Records Allegedly For Sale

Pax8 Data Leak Exposes Sensitive MSP and Customer Info via Accidental Email

MEDIUM

Pax8 Accidentally Exposes Partner and Customer Business Data via Email

Cloud commerce marketplace Pax8 has confirmed a data exposure incident caused by human error. On January 13, an employee mistakenly sent an email containing a CSV file with sensitive, non-PII business data for approximately 1,800 Managed Service Provider (MSP) partners. The email, sent to fewer than 40 UK-based partners, exposed valuable information such as customer names, Microsoft license counts, pricing, and contract renewal dates, creating a significant risk of targeted phishing and competitive poaching.

January 14, 2026
5 min read
Data LeakPax8MSPHuman ErrorData Exposure +1 more
Pax8 Data Leak Exposes Sensitive MSP and Customer Info via Accidental Email

CISA Warns of Critical Flaws in Rockwell & YoSmart ICS Equipment

HIGH

CISA Issues Advisories for Critical Vulnerabilities in Rockwell Automation and YoSmart Industrial Control Systems

CISA has released several Industrial Control Systems (ICS) advisories, warning of significant vulnerabilities in widely deployed equipment from Rockwell Automation and YoSmart. A high-severity SQL injection flaw (CVE-2025-12807) in Rockwell's FactoryTalk platform could allow for database takeover, while another flaw (CVE-2025-9368) can cause a denial-of-service condition. Separately, multiple flaws in YoSmart smart home hubs could permit remote device control and data interception, posing risks to both manufacturing and communications sectors.

January 14, 2026
4 min read
ICSSCADACISARockwell AutomationYoSmart +3 more
CISA Warns of Critical Flaws in Rockwell & YoSmart ICS Equipment

Russian GRU Hackers (APT28) Evolve Credential-Harvesting Tactics

HIGH

GRU-Linked BlueDelta (APT28) Refines Credential-Harvesting Operations Against European and Eurasian Targets

The Russian GRU-linked threat group BlueDelta, also known as APT28 or Fancy Bear, has been observed refining its credential-harvesting operations. According to research from Recorded Future, campaigns between February and September 2025 targeted energy, defense, and policy organizations in Europe and Eurasia. The group uses tailored spear-phishing emails, multi-stage redirection, and abuses low-cost, disposable infrastructure like ngrok and other free hosting services to enhance stealth and complicate attribution.

January 14, 2026
4 min read
APT28Fancy BearBlueDeltaGRURussia +3 more
Russian GRU Hackers (APT28) Evolve Credential-Harvesting Tactics

Russian Hackers Target Ukrainian Military with "PluggyApe" Malware

HIGH

Void Blizzard (UAC-0190) Targets Ukrainian Defense Forces with PluggyApe Malware via Charity-Themed Lures

A Russian-linked hacking group, Void Blizzard (also known as UAC-0190), has been targeting the Ukrainian Defense Forces with a new cyber-espionage campaign. According to CERT-UA, the attacks, which occurred between October and December 2025, use a novel malware strain called PluggyApe. The campaign employs sophisticated social engineering, with attackers making direct contact with targets on secure messaging apps like Signal and WhatsApp, using charity-themed lures to build trust and deliver the malware.

January 14, 2026
4 min read
Void BlizzardPluggyApeUkraineRussiaCyber Espionage +2 more
Russian Hackers Target Ukrainian Military with "PluggyApe" Malware

ConnectPOS Exposed Admin GitHub Token for Over Four Years, Creating Massive Supply Chain Risk

CRITICAL

ConnectPOS Leaked Admin-Level GitHub Token in Public Docs for Four Years, Posing Major Supply Chain Risk

Point-of-sale vendor ConnectPOS exposed a GitHub Personal Access Token (PAT) with full administrative privileges in its public documentation for over four years, from September 2021 until its discovery in January 2026. The blunder, found by security firm Sansec, put the vendor's entire software supply chain at risk. An attacker could have used the token to inject malicious code, such as a payment card skimmer, into the POS software, which would then be distributed to its 12,000+ customers, including major brands like Asus and Indiana University.

January 14, 2026
4 min read
ConnectPOSSupply Chain AttackGitHubSecret LeakPAT +2 more
ConnectPOS Exposed Admin GitHub Token for Over Four Years, Creating Massive Supply Chain Risk

Microsoft's January 2026 Patch Tuesday Fixes 114 Flaws, Including One Exploited Zero-Day

HIGH

Microsoft January 2026 Patch Tuesday Addresses 114 Vulnerabilities, Including One Exploited Zero-Day

Microsoft has released its first Patch Tuesday of 2026, a substantial update that addresses 114 security vulnerabilities across a wide range of its products, including Windows, Office, Azure, and SharePoint. The release includes fixes for eight critical remote code execution (RCE) vulnerabilities and, most notably, one moderate-severity information disclosure zero-day (CVE-2026-20805) that is confirmed to be actively exploited in the wild. This makes it the third-largest January update on record, urging administrators to prioritize deployment.

January 14, 2026
3 min read
Patch TuesdayMicrosoftVulnerabilityZero-DayRCE +1 more
Microsoft's January 2026 Patch Tuesday Fixes 114 Flaws, Including One Exploited Zero-Day

Updated Articles (1)

Ransomware Evolves: Groups Recruit Insiders, Add DDoS as Profits Fall

INFORMATIONAL

Ransomware Trends for 2026: Declining Profits Force Tactical Shifts to Insider Recruitment and DDoS Attacks

Update:

Recent analysis reveals a significant shift in ransomware tactics, with threat actors moving towards 'extortion-only' attacks that forgo data encryption entirely. Instead, they focus on silent, long-term data exfiltration, followed by threats to leak stolen information. This approach is stealthier, generates fewer alerts, and effectively bypasses backup-based recovery strategies, turning every incident into a data breach. Groups like Cl0p and ShinyHunters are pioneering this model, which accounted for a substantial portion of 2025's extortion incidents. This fundamentally changes the impact, making every attack a data breach with legal and reputational consequences, and renders backups ineffective against data leakage.

January 5, 2026
Updated: January 14, 2026
6 min read
RansomwareThreat IntelligenceDDoSInsider ThreatRaaS +1 more
Ransomware Evolves: Groups Recruit Insiders, Add DDoS as Profits Fall

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.