Microsoft Patches Actively Exploited Zero-Day; Massive Data Breaches Impact Millions in France and US Healthcare
Summary
In the period ending January 15, 2026, the cybersecurity landscape was dominated by Microsoft's January Patch Tuesday, which addressed an actively exploited zero-day (CVE-2026-20805). Concurrently, several massive data breaches came to light, including a leak exposing the records of 45 million French citizens and significant intrusions at healthcare and educational institutions in the US and New Zealand. New threats also emerged, with reports on the industrialization of npm supply chain attacks and the discovery of VoidLink, a sophisticated Linux malware framework targeting cloud environments.
Today New Articles
Central Maine Healthcare Breach Exposes Data of Over 145,000 Patients and Employees
Central Maine Healthcare (CMH) has disclosed a major data breach affecting 145,381 patients and employees. The incident involved an unauthorized third party maintaining access to its network for over two months, from March to June 2025. The compromised data in...
Massive Unsecured Database Leaks Personal, Health, and Financial Data of 45 Million French Citizens
Security researchers have discovered a massive, unprotected database on a cloud server containing the sensitive records of approximately 45 million French citizens. The data, which has since been secured, appears to be an aggregation from at least five separat...
VoidLink: New Modular Linux Malware Framework Discovered Targeting Cloud and Container Environments
Security researchers at Check Point have discovered 'VoidLink,' a highly sophisticated and modular Linux malware framework. Written in the modern Zig programming language, VoidLink is purpose-built for espionage in cloud and containerized environments. It can...
Microsoft Copilot Flaw Allowed Data Theft via "Reprompt" Session Hijacking Attack
Researchers discovered a significant vulnerability in Microsoft's Copilot AI assistant that allowed for a "Reprompt" attack, enabling threat actors to bypass safety features, hijack user sessions, and exfiltrate data. The flaw, which has been patched in the Ja...