Daily Digest

Microsoft Patches Actively Exploited Zero-Day; Massive Data Breaches Impact Millions in France and US Healthcare

Microsoft Patches Actively Exploited Zero-Day; Massive Data Breaches Impact Millions in France and US Healthcare

January 15, 2026
4 articles (4 new)
12 min read

Summary

In the period ending January 15, 2026, the cybersecurity landscape was dominated by Microsoft's January Patch Tuesday, which addressed an actively exploited zero-day (CVE-2026-20805). Concurrently, several massive data breaches came to light, including a leak exposing the records of 45 million French citizens and significant intrusions at healthcare and educational institutions in the US and New Zealand. New threats also emerged, with reports on the industrialization of npm supply chain attacks and the discovery of VoidLink, a sophisticated Linux malware framework targeting cloud environments.

Filter by Category

New Articles (4)

Central Maine Healthcare Breach Exposes Data of Over 145,000 Patients and Employees

HIGH

Central Maine Healthcare Notifies 145,381 Individuals of Data Breach After Prolonged Network Intrusion

Central Maine Healthcare (CMH) has disclosed a major data breach affecting 145,381 patients and employees. The incident involved an unauthorized third party maintaining access to its network for over two months, from March to June 2025. The compromised data includes highly sensitive personal, medical, and financial information, such as Social Security numbers and treatment details. CMH is offering complimentary credit monitoring services to those affected and has stated it is enhancing its security monitoring to prevent future incidents.

January 15, 2026
5 min read
Data BreachHealthcareHIPAAPIIPHI +2 more
Central Maine Healthcare Breach Exposes Data of Over 145,000 Patients and Employees
Data Breach
Cyberattack
Regulatory

Massive Unsecured Database Leaks Personal, Health, and Financial Data of 45 Million French Citizens

CRITICAL

Unprotected Cloud Server Exposes Aggregated Data of 45 Million French Citizens, Including Healthcare and Financial Records

Security researchers have discovered a massive, unprotected database on a cloud server containing the sensitive records of approximately 45 million French citizens. The data, which has since been secured, appears to be an aggregation from at least five separate breaches, compiled by a data broker or cybercriminal. The exposed archive included voter registration data, healthcare records, IBANs, and CRM contact information, creating comprehensive and dangerous profiles on a significant portion of the French population.

January 15, 2026
6 min read
Data LeakData BreachCloud SecurityMisconfigurationFrance +3 more
Massive Unsecured Database Leaks Personal, Health, and Financial Data of 45 Million French Citizens
Data Breach
Regulatory
Cloud Security

VoidLink: New Modular Linux Malware Framework Discovered Targeting Cloud and Container Environments

HIGH

Researchers Uncover 'VoidLink,' a Sophisticated Zig-Based Linux Malware Targeting AWS, GCP, and Kubernetes

Security researchers at Check Point have discovered 'VoidLink,' a highly sophisticated and modular Linux malware framework. Written in the modern Zig programming language, VoidLink is purpose-built for espionage in cloud and containerized environments. It can detect if it's running in AWS, GCP, Azure, Kubernetes, or Docker and adapt its behavior. With a plugin-based architecture inspired by Cobalt Strike, it features advanced rootkit capabilities, an in-memory plugin system, and tools for credential theft from cloud services and Git repositories. Though not yet seen in the wild, its advanced design poses a significant future threat.

January 15, 2026
7 min read
MalwareLinuxCloud SecurityVoidLinkZig +4 more
VoidLink: New Modular Linux Malware Framework Discovered Targeting Cloud and Container Environments
Malware
Cloud Security
Threat Actor

Microsoft Copilot Flaw Allowed Data Theft via "Reprompt" Session Hijacking Attack

MEDIUM

Microsoft Patches "Reprompt" Vulnerability in Copilot That Allowed Attackers to Hijack Sessions and Steal Data

Researchers discovered a significant vulnerability in Microsoft's Copilot AI assistant that allowed for a "Reprompt" attack, enabling threat actors to bypass safety features, hijack user sessions, and exfiltrate data. The flaw, which has been patched in the January 2026 security update, abused URL parameters to inject hidden, follow-up prompts that executed within the victim's authenticated session. This allowed attackers to chain commands and steal information without the user's knowledge, highlighting the security risks of AI assistants processing untrusted input.

January 15, 2026
5 min read
AI SecurityPrompt InjectionMicrosoft CopilotVulnerabilitySession Hijacking +1 more
Microsoft Copilot Flaw Allowed Data Theft via "Reprompt" Session Hijacking Attack
Vulnerability
Cloud Security
Other

📢 Share This Publication

Help others stay informed about cybersecurity threats