CYBERSECURITY WEEKLY RECAP: January 12-16, 2026

By Ṣọ Email Security3 min read

Your weekly roundup of the biggest cybersecurity news including Microsoft's massive Patch Tuesday, Cisco zero-day exploits, ransomware attacks on major corporations, and browser malware campaigns affecting hundreds of thousands of users.

weekly recapcybersecurity newspatch tuesdayransomwaredata breachmalwarezero-dayphishing

Another week, another avalanche of security incidents. Here's what you need to know from January 12-16, 2026.

Microsoft's January patch Tuesday: 114 flaws, one actively exploited

Microsoft kicked off 2026 with its largest January Patch Tuesday in years, addressing 114 security vulnerabilities. Eight are rated Critical, and one is already being exploited in the wild.

The actively exploited flaw (CVE-2026-20805) affects Desktop Window Manager and allows attackers to disclose sensitive information locally. CISA has added it to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 3rd to patch.

Another notable fix addresses a Secure Boot bypass (CVE-2026-21265) that could allow attackers to run malware during the boot process. Microsoft also removed vulnerable Agere Soft Modem drivers that had been shipped with Windows for years.

Source: The Hacker News

Cisco patches zero-day exploited by Chinese APT

Cisco released emergency patches for a maximum-severity flaw (CVSS 10.0) in its Secure Email Gateway after discovering it was being exploited by a China-linked threat actor dubbed UAT-9686.

The vulnerability (CVE-2025-20393) allows remote command execution with root privileges through the Spam Quarantine feature. Attackers have been using it since November 2025 to deploy tunneling tools and a Python backdoor called AquaShell.

If you're running Cisco Email Security Gateway or Secure Email and Web Manager, patch immediately. Cisco also recommends disabling HTTP for admin portals, enforcing strong authentication, and changing default passwords.

Source: The Hacker News

Everest ransomware claims 900GB stolen from Nissan

The Everest ransomware group claims to have breached Nissan Motor Corporation, posting screenshots allegedly showing internal data including dealership records, financial documents, and certification reports.

The group gave Nissan five days to respond before releasing the data publicly. This isn't Nissan's first rodeo with ransomware. In August 2025, the Qilin group claimed 4TB from a Nissan subsidiary. In March 2024, hackers stole data on over 100,000 employees and customers.

Everest has been prolific lately, also claiming attacks on ASUS, Chrysler, Iberia Airlines, Under Armour, and AT&T.

Source: HackRead

GhostPoster: browser malware hidden for 5 years

Security researchers uncovered a long-running malware campaign that infected over 840,000 users through browser extensions on Chrome, Firefox, and Edge.

The malware, dubbed GhostPoster, hid its payload inside innocent-looking PNG image files to bypass detection. What started as a single suspicious Firefox add-on turned into 17 malicious extensions, some active for nearly five years without detection.

Mozilla and Microsoft have removed the extensions from their stores, but if you already have them installed, they're still running. Check your extensions and remove anything you don't recognize.

Source: HackRead

More headlines this week

Data breaches and leaks

  • GrubHub confirmed hackers stole customer data in a recent breach
  • Target employees verified that leaked source code is authentic after hackers claimed to steal it from a dev server
  • Central Maine Healthcare breach exposed data of over 145,000 people
  • Monroe University revealed a 2024 breach affecting 320,000 people
  • Betterment confirmed a data breach after customers received crypto scam emails
  • Spanish energy giant Endesa disclosed a customer data breach
  • Cloud marketplace Pax8 accidentally exposed data on 1,800 MSP partners

Sources: Bleeping Computer, Bleeping Computer, Bleeping Computer

Ransomware and attacks

  • Belgian Hospital AZ Monica shut down servers after a cyberattack
  • University of Hawaii Cancer Center hit by ransomware
  • Ukraine's army targeted in new charity-themed malware campaign

Sources: Bleeping Computer, Bleeping Computer

Vulnerabilities and patches

  • Palo Alto Networks warned of a DoS bug that lets hackers disable firewalls
  • Critical WhisperPair flaw lets hackers track and eavesdrop via Bluetooth audio devices
  • WordPress plugin Modular DS exploited for admin access
  • Delta industrial PLCs found to have critical bugs

Sources: Bleeping Computer, Dark Reading

Phishing and scams

  • New PayPal scam sends verified invoices with fake support numbers
  • LinkedIn comment reply tactic used in new phishing campaign
  • Facebook login thieves now using browser-in-browser trick
  • Russian BlueDelta (Fancy Bear) using PDFs to steal login credentials

Sources: HackRead, Bleeping Computer

Malware and threats

  • VoidLink Linux malware targeting cloud providers emerged
  • New CastleLoader variant linked to 469 infections across critical sectors
  • Malicious Chrome extension steals MEXC cryptocurrency exchange credentials
  • New malware campaign delivers Remcos RAT through fake employee reports

Sources: Bleeping Computer, HackRead, The Hacker News

Industry news

  • France fined Free Mobile €42 million over a 2024 data breach
  • Hacker sentenced to seven years for breaching Rotterdam and Antwerp ports
  • BreachForums breached, exposing 324K cybercriminals
  • Verizon blamed nationwide outage on a software issue
  • Google now lets you change your Gmail address

Sources: Bleeping Computer, Dark Reading, Bleeping Computer

What this means for you

This week reinforced three critical lessons:

  1. Patch aggressively. Microsoft's actively exploited zero-day and Cisco's critical email gateway flaw show attackers waste no time. If you're running affected systems, patch today.

  2. Audit your browser extensions. The GhostPoster campaign proves malicious extensions can hide in plain sight for years. Review what's installed and remove anything unnecessary.

  3. Verify before you trust. From PayPal invoice scams to LinkedIn phishing tactics, attackers are getting creative with social engineering. The 3-Second Hover Rule applies everywhere.

Stay vigilant out there.

This recap was compiled from reporting by The Hacker News, HackRead, Bleeping Computer, and Dark Reading. Visit these sources for full coverage of each story.