Cybersecurity News | Daily Recap [07 Jan 2026]

hendryadrian.com

hendryadrian.com

Policy & Funding

• UK admits years of failing cyber policy and unveils a £210M national cyber action plan to reset strategy and capabilities – UK Reset, UK Overhaul
• Cybersecurity firms raised $14 billion in 2025 while sector risk shifts include a four-fold rise in ransomware against telecoms and calls to build resilience for 2026 – Sector Funding, Telecom Ransomware, 2026 Trends

Vulnerabilities & Patches

• Unpatched firmware and flaws allow full remote takeover of TOTOLINK EX200 range extenders, with active exploits reported — update devices immediately – TOTOLINK EX200, TOTOLINK Flaw
• Veeam patched several remote code execution flaws in Backup & Replication that could allow arbitrary code execution if exploited – Veeam Patch
• New flaw in legacy D‑Link DSL routers is being actively exploited in the wild, prompting urgent mitigation guidance – D‑Link Flaw
• Critical Dolby vulnerability in Android has been patched; users should install updates to close remote-code risks – Dolby Patch

Malware & Campaigns

• The Kimwolf Android botnet is abusing residential proxies to move laterally and infect internal devices, expanding stealthy compromise chains – Kimwolf Botnet
• VVS Stealer uses advanced obfuscation to target and steal from Discord users, increasing credential-theft sophistication – VVS Stealer
• Sophisticated hospitality-focused campaigns — a ClickFix campaign and fake booking emails — redirect staff to BSoD-like pages to deliver DCRat and other payloads to hotel systems – ClickFix Campaign, Fake Booking

Incidents & Geopolitics

• Taiwan reports a tenfold increase in Chinese cyber attacks on its energy sector, underscoring rising infrastructure targeting – Taiwan Attacks
• A cyberattack forced a British high school to cancel classes and delay reopening amid operational disruption – School Attack
• Sedgwick confirms a breach at a government-contractor subsidiary, impacting corporate systems and client services – Sedgwick Breach
• Researchers trapped scattered Lapsus$ hunters in a honeypot to study opportunistic intrusion behavior and credential-harvesting tactics – Lapsus Honeypot

AI, Identity & Privacy

• Generative AI techniques are accelerating identity attacks against Active Directory, automating reconnaissance and credential abuse at scale – AI Identity
• Explainer: Identity Dark Matter covers unseen identity assets that attackers exploit to escalate access and persist undetected – Identity Dark Matter
• Debate and scrutiny intensify as Copilot prompt-injection issues raise security questions and the European Commission probes Grok AI after explicit images of minors surfaced—regulatory pressure on AI grows – Copilot Debate, Grok Probe
• Webinar previews how AI-powered Zero Trust can detect attacks with no files or indicators by leveraging behavioral analytics and runtime signals – Zero Trust Webinar

Extensions & Supply Chain

• Two Chrome extensions were caught exfiltrating ChatGPT and DeepSeek chats from 900,000 users, exposing massive conversational data leakage – Chrome Extensions
• VS Code forks recommending missing extensions create supply-chain risks for Open VSX users by implicitly endorsing potentially malicious packages – VS Code Risk

Products & Services

• Microsoft cancels plans to rate-limit Exchange Online bulk emails after feedback, altering planned anti-abuse throttling for high-volume senders – Exchange Policy

Guides & Research

• Guide outlines proxy server types, uses, and benefits for privacy, caching, and traffic routing in modern networks – Proxy Guide

Cybersecurity News | Daily Recap – hendryadrian.com