Cybersecurity News | Daily Recap [08 Jan 2026]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patches

• Multiple critical flaws including a CVSS 10.0 RCE in n8n allow unauthenticated attackers to take full control, prompting warnings and remediation guidance – n8n RCE, n8n Warning, n8n Takeover, Ni8mare Flaw
• Libraries and apps receive fixes for critical issues including a patched jsPDF vuln and a Google Android Dolby decoder patch in January updates – jsPDF Patch, Dolby Patch
• Multiple code-execution flaws in backup software expose servers to RCE and have been patched or disclosed—users should apply updates immediately – Veeam Patches, Veeam RCE
• A Microsoft Outlook bug prevents opening encrypted emails, affecting encrypted mail workflows until patched – Outlook Bug
• ownCloud urges customers to enable MFA after reports of credential theft to reduce account takeover risk – ownCloud MFA

Router, IoT & ICS Flaws

• Multiple router and IoT vulnerabilities allow device takeover or root-level access, including unpatched TOTOLINK EX200 and active exploits against legacy D-Link DSL routers—apply vendor updates or block access – Totolink Flaw, Totolink EX200, D‑Link Exploits
• Columbia Weather Systems MicroServer vulnerabilities allow unauthorized access to weather infrastructure, per CISA advisory—operators should follow mitigations – MicroServer Advisory

Incidents & Crime

• A cyberattack on a British high school forced class cancellations and delayed reopening, underscoring impacts on education services – School Attack
• Crimson Collective claims it disconnected Brightspeed users after a hack, highlighting telecom disruption risks – Brightspeed Disconnect
• An Illinois state agency exposed personal data for around 700,000 people, creating a large privacy incident requiring notifications and remediation – Illinois Exposure
• Law enforcement actions include a stalkerware operator pleading guilty and an alleged cyber-scam kingpin arrested and extradited to China, showing increased prosecutions – Stalkerware Plea, Scam Kingpin
• Threat actors ramp up supply-chain and discovery tactics: the Black Cat group is running SEO-poisoning campaigns to distribute malware via popular software search results – Black Cat SEO
• The telecommunications sector has seen a four-fold increase in ransomware attacks over four years, underlining growing sector risk – Telecom Ransomware

Policy & Strategy

• The UK government unveiled a public sector Cyber Action Plan and injected £210M to close gaps and strengthen defenses across agencies – UK Action Plan, UK Funding, UK Defenses
• The US ordered an exit from certain global cyber and hybrid threat coalitions, a move with implications for international cyber cooperation – US Exit

AI & Security

• Security teams are rethinking defenses for agentic AI as researchers warn about new risks posed by autonomous AI agents in attacks and operations – Agentic AI
• Adversaries are increasingly targeting AI tooling—reports cover hacking trends around Vibe and HackGPT, non-human employees in security, and AI-driven detection approaches including webinars on AI-powered Zero Trust – Hackers & AI, Non‑Human Employees, AI Zero Trust Webinar, Open WebUI Flaw

Market & Funding

• Cybersecurity companies raised around $14 billion in funding during 2025, reflecting strong investor interest in the sector – Sector Funding

Cybersecurity News | Daily Recap – hendryadrian.com