AWS CodeBreach Exposes Massive Supply Chain Risk; Ransomware Attacks Hit Record Highs in 2025

Publication Date: January 16, 2026

Summary

This cybersecurity publication for January 16, 2026, covers a series of critical developments, led by the disclosure of the 'CodeBreach' vulnerability in AWS CodeBuild, which posed a severe supply chain threat to countless applications. Concurrently, new reports confirm that 2025 was a record-breaking year for ransomware, with a 58% surge in attacks. Other major incidents include the Everest ransomware group's claimed breach of Nissan, active exploitation of a critical WordPress plugin flaw, and the discovery of sophisticated malware frameworks like VoidLink targeting cloud environments and GlassWorm targeting macOS developers.

Today New Articles

AWS Patches 'CodeBreach' Flaw, Averting Massive GitHub Supply Chain Attack

Amazon Web Services (AWS) has remediated a critical vulnerability in its AWS CodeBuild service, dubbed 'CodeBreach' by Wiz researchers. The flaw, which stemmed from a misconfigured webhook filter, could have allowed unauthenticated attackers to inject maliciou...

China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

A new report from Cisco Talos has identified a China-nexus Advanced Persistent Threat (APT) group, tracked as UAT-8837, actively targeting critical infrastructure organizations in North America since at least 2025. The group gains initial access by exploiting...

Hacker Group 'HawkSec' Claims Breach of 184 Million TotalEnergies Records

A hacking group calling itself 'HawkSec' has claimed a massive data breach against the French energy supermajor, TotalEnergies. In a post on a data leak forum, the group alleged the theft of a database containing nearly 184 million records, including sensitive...

Critical Flaw in WordPress Plugin 'Modular DS' Actively Exploited for Admin Takeover

A critical, unauthenticated privilege escalation vulnerability in the 'Modular DS' WordPress plugin is being actively exploited in the wild. The flaw, tracked as CVE-2026-23550 with a CVSS score of 10.0, affects over 40,000 websites. It allows attackers to byp...

Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

Palo Alto Networks has issued security updates to address a high-severity denial-of-service (DoS) vulnerability, CVE-2026-0227, in its PAN-OS software. The flaw, which has a CVSS score of 7.7, allows an unauthenticated, remote attacker to crash firewalls that...

GlassWorm Malware Pivots to Attack macOS Developers via Malicious VS Code Extensions

The GlassWorm malware campaign has evolved, now specifically targeting macOS developers through malicious extensions for Visual Studio Code and OpenVSX. This new wave of attacks, detailed in a security digest from Acronis, uses a self-propagating worm to deliv...