🧨 Major Breaches & Incidents – Space agencies compromised, healthcare fallout continues

🕵️ Emerging Threats & Vulnerabilities – Zero days, Patch Tuesday pressure, automation risks

💸 Cybercrime Spotlight – Ransomware shifts targets and tactics

🔐 Privacy Watch – Data protection decisions with global impact

🧠 APTs & State-Sponsored Attacks – Geopolitical lures and persistent espionage

🤖 AI in Cyber – LLM infrastructure weaknesses and governance gaps

🔁 Story Follow-Ups – Previously disclosed bugs confirmed exploited

European Space Agency Data Theft Exposes Credentials and Internal Files
Attackers stole more than 700GB of data from the European Space Agency, including email credentials and internal documents. Some of the data is now circulating on dark web forums, while ESA continues containment and investigation efforts.
👉 Even highly specialized government agencies remain attractive, high-value targets.

New Zealand Health Portal Breach Fallout Continues Into 2026
The ManageMyHealth breach remains under investigation as notifications, audits, and regulatory reviews continue into the new year. Hundreds of thousands of patient records were exposed, extending operational and legal risk well beyond initial disclosure.
👉 Healthcare breaches rarely end at disclosure and often create long-tail risk.

Fortinet FortiSIEM Flaw Actively Exploited in the Wild
A critical FortiSIEM vulnerability enabling unauthenticated command execution is being actively exploited shortly after disclosure. Security teams report exploit tooling circulating publicly, reducing the time defenders have to respond.
👉 Security platforms themselves continue to be high-value targets.

Microsoft January Patch Tuesday Fixes 115 Vulnerabilities
Microsoft’s January Patch Tuesday addressed 115 vulnerabilities, including multiple critical remote code execution flaws. Several of the affected components are widely deployed in enterprise environments.
👉 Patch volume remains high, while attacker patience remains low.

Cisco Zero Day Used by Chinese Threat Actors Now Patched
Cisco released fixes for a zero-day vulnerability exploited by a China-linked group targeting Secure Email Gateway appliances. The flaw enabled persistent access and backdoor deployment before detection.
👉 Perimeter and email infrastructure remain reliable entry points for attackers.

Critical Severity 10 Vulnerability Found in n8n Automation Platform
A critical vulnerability in the n8n automation platform could allow attackers to bypass workflow logic and execute malicious payloads. Organizations using automation for orchestration or AI pipelines face elevated risk.
👉 Automation increases efficiency, but also expands blast radius.

Telecom Sector Sees Spike in Ransomware Activity
Threat intelligence reports show ransomware attacks against telecom providers continuing to rise. Attackers are exploiting exposed infrastructure and unpatched systems to maximize disruption leverage.
👉 Critical infrastructure remains a preferred pressure point for extortion.

Ransomware Groups Shift Focus to Cloud Identity Systems
Ransomware operators are increasingly abusing cloud identity systems to disable defenses and maintain persistence. Compromised IAM accounts are becoming central to modern extortion campaigns.
👉 Identity has replaced endpoints as the primary control plane.

China Orders Firms to Drop U.S. and Israeli Cybersecurity Software
China has reportedly instructed domestic companies to stop using certain foreign cybersecurity products. The move raises concerns about forced technology decoupling and data sovereignty implications.
👉 Privacy, politics, and security tooling are increasingly intertwined.

CISA Flags Growing Risks to Citizen Data in 2026 Outlook
CISA outlined its top challenges for 2026, emphasizing the protection of citizen data and critical services. The agency highlighted privacy risk as a persistent issue across sectors.
👉 Public sector data protection remains under sustained pressure.

Mustang Panda Targets U.S. Entities With Geopolitical Phishing Lures
China-linked Mustang Panda launched phishing campaigns using geopolitical themes to deliver malware. The activity targeted U.S. government and policy organizations.
👉 State-backed groups continue to blend espionage with timely world events.

Large Scale Attacks Target Misconfigured Proxies Supporting LLMs
Researchers observed tens of thousands of attacks probing misconfigured HTTP proxies supporting large language models. The activity highlights persistent weaknesses in AI infrastructure deployment.
👉 AI systems inherit every underlying infrastructure mistake.

NIST Seeks Public Input on Securing AI Agents
NIST issued a request for public input on securing autonomous AI agents. The effort focuses on misuse risks, autonomy controls, and secure design principles.
👉 Agentic AI is advancing faster than governance frameworks.

Allianz Report Shows AI Rising as a Top Enterprise Risk
A new Allianz risk report shows AI rapidly climbing executive risk rankings. Cybersecurity, regulatory uncertainty, and data misuse remain top concerns.
👉 Executives now view AI risk as inseparable from cyber risk.

Microsoft PowerPoint Vulnerability Added to CISA KEV Catalog
CISA added a Microsoft PowerPoint code execution vulnerability to its Known Exploited Vulnerabilities catalog. Inclusion confirms active exploitation in the wild.
👉 If it makes KEV, remediation is no longer optional.