Vulnerabilities
- New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands
"A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure. Cyera Research Labs' Vladimir Tokarev and Ofek Itach have been credited with discovering and reporting the flaw, which has been codenamed N8scape."
https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html
https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v - New D-Link Flaw In Legacy DSL Routers Actively Exploited In Attacks
"Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. The vulnerability is now tracked as CVE-2026-0625 and affects the dnscfg.cgi endpoint due to improper input sanitization in a CGI library. An unauthenticated attacker could leverage this to execute remote commands via DNS configuration parameters. Vulnerability intelligence company VulnCheck reported the problem to D-Link on December 15, after The Shadowserver Foundation observed a command injection exploitation attempt on one of its honeypots."
https://www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/
https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint - Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write On Servers
"Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting the AdonisJS multipart file handling mechanism. "@adonisjs/bodyparser" is an npm package associated with AdonisJS, a Node.js framework for developing web apps and API servers with TypeScript. The library is used to process AdonisJS HTTP request body."
https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html
https://github.com/adonisjs/core/security/advisories/GHSA-gvq6-hvvp-h34h - Cato CTRL
Threat Research: Vulnerability Discovered In Open WebUI Enables Account Takeover And Remote Code Execution (CVE-2025-64496)
"Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a vulnerability (CVE-2025-64496 with a “High” severity rating of 7.3 out of 10) in Open WebUI in versions 0.6.34 and older. This flaw affects the Direct Connections feature, which lets users connect to external AI model servers (ex: OpenAI’s API). If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack. If the user also has workspace.tools permission enabled, it can lead to remote code execution (RCE). Which means that a threat actor can control the system running Open WebUI."
https://www.catonetworks.com/blog/cato-ctrl-vulnerability-discovered-open-webui-cve-2025-64496/
https://www.infosecurity-magazine.com/news/flaw-open-webui-affects-ai/
TOTOLINK EX200 Firmware-Upload Error Handling Can Activate An Unauthenticated Root Telnet Service
"A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access."
https://kb.cert.org/vuls/id/295169
https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html
https://securityaffairs.com/186597/security/cert-cc-warns-of-critical-unfixed-vulnerability-in-totolink-ex200.html - Critical Dolby Vulnerability Patched In Android
"The January 2026 Android update patches a single vulnerability, a critical Dolby audio decoder issue whose existence came to light in October 2025. The flaw, tracked as CVE-2025-54957, was described at the time of its disclosure as a medium-severity out-of-bounds write issue impacting the widely used Dolby Digital Plus (DD+) Unified Decoder. The vulnerability, exploitable using specially crafted media files, was discovered by Google researchers and reported to Dolby in June 2025, with a patch released in September."
https://www.securityweek.com/critical-dolby-vulnerability-patched-in-android/
https://securityaffairs.com/186591/security/google-fixes-critical-dolby-decoder-bug-in-android-january-update.html
Malware
- Cyber Counterintelligence (CCI): When 'Shiny Objects' Trick 'Shiny Hunters'
"It is worth noting that "Shiny Hunters" (tricked by our team with a honeytrap), or more accurately, their rebranded version involving new members, which calls itself "Scattered Lapsus$ Hunters" (SLH) or "Scattered Lapsus$ Shiny Hunters (SLSH)," linked to 'The Com' (short for 'The Community'), a predominantly English-speaking cybercriminal ecosystem. This loosely organized network operates more like a cybercrime youth movement, encompassing a broad and constantly shifting range of actors, mainly teenagers. Some announcements of successful data breaches by these actors were published on the associated Telegram channel, "The Comm Leaks." The FBI issued a Public Service Announcement (PSA) last year warning about the risks associated with joining such movements."
https://www.resecurity.com/blog/article/cyber-counterintelligence-cci-when-shiny-objects-trick-shiny-hunters
https://databreaches.net/2026/01/06/cyber-counterintelligence-cci-resecurity-releases-data-on-john-erin-binns-irdev/
https://securityaffairs.com/186586/cyber-crime/resecurity-went-on-the-cyber-offensive-when-shiny-objects-trick-shiny-hunters.html - 900K Users Compromised: Chrome Extensions Steal ChatGPT And DeepSeek Conversations
"The OX Research team detected a new malware campaign stealing ChatGPT and DeepSeek conversations – from over 900,000 Chrome extension downloads. Two malicious extensions were found exfiltrating user conversations and all Chrome tab URLs to a remote C2 server every 30 minutes. The malware deceives users by impersonating a legitimate extension by a company called AITOPIA, which adds a sidebar on top of any website, with the ability to chat with the most popular LLMs in the market."
https://www.ox.security/blog/malicious-chrome-extensions-steal-chatgpt-deepseek-conversations/
https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html
General News
- Taiwan Says China's Attacks On Its Energy Sector Increased Tenfold
"The National Security Bureau in Taiwan says that China's attacks on the country's energy sector increased tenfold in 2025 compared to the previous year. A report from the agency highlights that attackers targeted critical infrastructure in nine key sectors, and the total number of cyber incidents linked to China grew by 6%. The emergency rescue and hospitals sectors saw an increase in cyberattacks of 54%, while communications and transmissions recorded 6.7% more incidents."
https://www.bleepingcomputer.com/news/security/taiwan-says-chinas-attacks-on-its-energy-sector-increased-tenfold/ - 7 Types Of Hacker Motivations
"Hackers are not created equal, nor do they have the same purpose. Some hackers are paid to scrutinize security systems, find loopholes, fix weaknesses, and ultimately protect organizations and people. Others exploit those same gaps for profit, power, or disruption. What separates hackers isn’t just skill level or tactics; it’s intent. The purpose behind an attack changes everything about how hackers shape their tactics and how the hacking process unfolds: who is targeted, which methods and tools are used, how patient the attacker is, and the kind of damage they want to cause."
https://www.mcafee.com/blogs/internet-security/7-types-of-hacker-motivations/ - CISOs Face a Tighter Insurance Market In 2026
"Cyber-risk leaders may not want to get too cozy with the current dynamics in the cyber-insurance market. After a couple of years of softening rates and cutthroat competition, the pace of premium rate reductions shows signs of slowing, and insurers are asking for more proof of best practices before writing policies or paying claims. Boards and enterprise risk management stakeholders increasingly see cyber insurance as a non-negotiable part of cyber-risk management strategies, but while it may be easier and cheaper to get coverage now, all it takes is one or two mega loss events — a supply chain problem or AI-related incident — to cause underwriting stances to shift dramatically."
https://www.darkreading.com/endpoint-security/cisos-face-tighter-insurance-market - Startup Trends Shaking Up Browsers, SOC Automation, AppSec
"Entrepreneurs, investors, and CISOs working in startups are often developing new artificial intelligence (AI) technologies, infrastructure, and attack surfaces long before most early adopters. It's instructive for us to pay attention to what they've been up to in 2025 to see where the industry is headed. The following trends have emerged in the startup space over the past year that will disrupt Web security, threat modeling, and AI SOC automation for years to come."
https://www.darkreading.com/endpoint-security/startup-trends-shaking-up-browsers-soc-automation-appsec - How To Avoid Phishing Incidents In 2026: A CISO Guide
"By 2026, most phishing emails will look legitimate enough to pass filters and first checks. Trusted platforms, clean-looking links, and delayed execution make fast decisions risky and slow ones dangerous. As a result, investigations drag on, queues grow during phishing waves, and confidence in verdicts drops. Read on to see how security leaders can regain confidence in phishing decisions and reduce investigation pressure as these attacks become harder to spot."
https://hackread.com/how-to-avoid-phishing-incidents-2026-ciso-guide/ - Turning Plain Language Into Firewall Rules
"Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into vendor specific firewall syntax usually involves detailed knowledge of zones, objects, ports, and rule order. New research from New York University examines a different starting point, one that treats natural language as the entry point for firewall configuration."
https://www.helpnetsecurity.com/2026/01/06/research-natural-language-firewall-configuration/
https://arxiv.org/pdf/2512.10789 - The Roles And Challenges In Moving To Quantum-Safe Cryptography
"A new research project examines how organizations, regulators, and technical experts coordinate the transition to quantum safe cryptography. The study draws on a structured workshop with public sector, private sector, and academic participants to document how governance, security, and innovation systems shape cryptographic migration planning. The paper focuses on the Netherlands as a case study. The authors frame the transition to quantum safe systems as a socio technical process that involves institutions, standards bodies, and operational decision makers alongside cryptographic engineering work."
https://www.helpnetsecurity.com/2026/01/06/quantum-safe-cryptography-transition-research/
https://arxiv.org/pdf/2512.16974 - Cyber Risk Trends For 2026: Building Resilience, Not Just Defenses
"If there’s one lesson from the past year, it’s this: we won’t outpace the adversary by trying to stop every attack. We will, however, outlast them by becoming measurably more resilient. In my recent lecture on emerging threats for 2026, I made the case that cyberattacks will be more complex, more persistent, more intelligent, and far more automated than we’ve seen before. That means our odds of outright prevention diminish. The imperative shifts to resilience; the ability to take a punch, adapt in the moment, and rebound quickly with minimal damage."
https://www.securityweek.com/cyber-risk-trends-for-2026-building-resilience-not-just-defenses/ - HackerOne 'ghosted' Me For Months Over $8,500 Bug Bounty, Says Researcher
"Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months. The open source bug bounty program finally contacted Ciolek on Tuesday, but only after The Register reached out to HackerOne asking about the status of his reward payment and the IBB program in general."
https://www.theregister.com/2026/01/07/hackerone_ghosted_researcher/
อ้างอิง
Electronic Transactions Development Agency (ETDA) 
