Daily Digest

AWS CodeBreach Exposes Massive Supply Chain Risk; Ransomware Attacks Hit Record Highs in 2025

AWS CodeBreach Exposes Massive Supply Chain Risk; Ransomware Attacks Hit Record Highs in 2025

January 16, 2026
6 articles (6 new)
18 min read

Summary

This cybersecurity publication for January 16, 2026, covers a series of critical developments, led by the disclosure of the 'CodeBreach' vulnerability in AWS CodeBuild, which posed a severe supply chain threat to countless applications. Concurrently, new reports confirm that 2025 was a record-breaking year for ransomware, with a 58% surge in attacks. Other major incidents include the Everest ransomware group's claimed breach of Nissan, active exploitation of a critical WordPress plugin flaw, and the discovery of sophisticated malware frameworks like VoidLink targeting cloud environments and GlassWorm targeting macOS developers.

Filter by Category

New Articles (6)

AWS Patches 'CodeBreach' Flaw, Averting Massive GitHub Supply Chain Attack

CRITICAL

AWS Fixes Critical "CodeBreach" Flaw in CodeBuild That Exposed GitHub Repositories to Widespread Supply Chain Attacks

Amazon Web Services (AWS) has remediated a critical vulnerability in its AWS CodeBuild service, dubbed 'CodeBreach' by Wiz researchers. The flaw, which stemmed from a misconfigured webhook filter, could have allowed unauthenticated attackers to inject malicious code into the build processes of major open-source projects, including the AWS JavaScript SDK. An exploit could have granted attackers administrative control over key GitHub repositories, creating a catastrophic supply chain risk for the millions of applications and cloud environments that depend on these libraries. The vulnerability was discovered following a separate, failed attack attempt, highlighting the real-world threat. AWS has since patched the issue and implemented global hardening measures.

January 16, 2026
7 min read
CodeBreachCI/CD SecuritySupply Chain AttackAWSCodeBuild +3 more
AWS Patches 'CodeBreach' Flaw, Averting Massive GitHub Supply Chain Attack

China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

HIGH

Cisco Talos Uncovers Chinese APT Group UAT-8837 Actively Targeting Critical Infrastructure in North America

A new report from Cisco Talos has identified a China-nexus Advanced Persistent Threat (APT) group, tracked as UAT-8837, actively targeting critical infrastructure organizations in North America since at least 2025. The group gains initial access by exploiting public-facing vulnerabilities, including a zero-day in SiteCore products (CVE-2025-53690), and using compromised credentials. Once inside, UAT-8837 employs a variety of open-source tools, such as the Earthworm utility for creating reverse tunnels, to conduct reconnaissance, exfiltrate data, and maintain persistence. Cisco Talos assesses with medium confidence that the group is linked to China, highlighting the ongoing threat of state-sponsored espionage against vital sectors.

January 16, 2026
6 min read
APTUAT-8837ChinaCisco TalosCritical Infrastructure +2 more
China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

Hacker Group 'HawkSec' Claims Breach of 184 Million TotalEnergies Records

HIGH

"HawkSec" Hacker Group Claims Massive Data Breach at French Energy Giant TotalEnergies, Allegedly Stealing 184 Million Customer Records

A hacking group calling itself 'HawkSec' has claimed a massive data breach against the French energy supermajor, TotalEnergies. In a post on a data leak forum, the group alleged the theft of a database containing nearly 184 million records, including sensitive customer information such as names, email addresses, phone numbers, and bank account details for French customers. To substantiate their claims, HawkSec posted sample data on social media. However, the full extent and legitimacy of the breach remain unverified. TotalEnergies has not yet confirmed the incident. The group's erratic behavior on forums has led some researchers to question their experience, though the potential impact if the claims are true is significant.

January 16, 2026
6 min read
HawkSecData BreachTotalEnergiesEnergy SectorGDPR +1 more
Hacker Group 'HawkSec' Claims Breach of 184 Million TotalEnergies Records

Critical Flaw in WordPress Plugin 'Modular DS' Actively Exploited for Admin Takeover

CRITICAL

Actively Exploited Critical Vulnerability (CVE-2026-23550) in Modular DS WordPress Plugin Allows Unauthenticated Admin Takeover

A critical, unauthenticated privilege escalation vulnerability in the 'Modular DS' WordPress plugin is being actively exploited in the wild. The flaw, tracked as CVE-2026-23550 with a CVSS score of 10.0, affects over 40,000 websites. It allows attackers to bypass authentication and gain full administrator privileges by sending a specially crafted HTTP request. Security firm Patchstack, which discovered the exploitation, observed attackers creating rogue admin accounts named 'PoC Admin'. The vulnerability lies in the plugin's custom routing and login logic, which can be tricked into logging an unauthenticated user into an existing administrator account. The vendor released a patch in version 2.5.2, and all users are urged to update immediately.

January 16, 2026
6 min read
CVE-2026-23550WordPressVulnerabilityModular DSPatchstack +2 more
Critical Flaw in WordPress Plugin 'Modular DS' Actively Exploited for Admin Takeover

Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

HIGH

Palo Alto Networks Releases Patches for High-Severity Denial-of-Service Vulnerability (CVE-2026-0227) in PAN-OS

Palo Alto Networks has issued security updates to address a high-severity denial-of-service (DoS) vulnerability, CVE-2026-0227, in its PAN-OS software. The flaw, which has a CVSS score of 7.7, allows an unauthenticated, remote attacker to crash firewalls that have a GlobalProtect gateway or portal enabled. A successful exploit forces the device into maintenance mode, disrupting all network traffic. While Palo Alto Networks is not aware of active exploitation, a proof-of-concept (PoC) exploit reportedly exists. The vulnerability affects multiple versions of PAN-OS, and customers are urged to apply the patches as soon as possible, as there are no workarounds.

January 16, 2026
5 min read
CVE-2026-0227Palo Alto NetworksPAN-OSGlobalProtectDoS +2 more
Palo Alto Networks Patches High-Severity DoS Flaw in PAN-OS Firewalls

GlassWorm Malware Pivots to Attack macOS Developers via Malicious VS Code Extensions

HIGH

GlassWorm Malware Campaign Targets macOS Developers with Malicious Visual Studio Code Extensions

The GlassWorm malware campaign has evolved, now specifically targeting macOS developers through malicious extensions for Visual Studio Code and OpenVSX. This new wave of attacks, detailed in a security digest from Acronis, uses a self-propagating worm to deliver its payload. The malware embeds an encrypted payload within JavaScript files, uses a 15-minute execution delay to evade sandboxes, and establishes persistence using LaunchAgents. The primary goal of GlassWorm is to steal a wide range of developer-centric data, including credentials for GitHub and npm, browser data, and information from over 50 different cryptocurrency wallets, highlighting a significant supply chain threat.

January 16, 2026
6 min read
GlassWormMalwaremacOSVisual Studio CodeSupply Chain Attack +1 more
GlassWorm Malware Pivots to Attack macOS Developers via Malicious VS Code Extensions

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.