January 10, 2026

Hello all,

Cisco had a bad week, first with an actively exploited flaw in ISE, and then a switch and router boot loop due to a DNS bug . CISA went nostalgic on us and alerted to a PowerPoint flaw from 2009 for some reason. And a host of other vendors and issues made the news this week. Let’s get to some details.

Headline NEWS:

• Cisco Identity Service Engine flaw in how XML is parsed in the web-based management interface of their ISE and ISE Passive Identity Connector (ISE-PIC). Successfully exploiting this defect could allow an attacker to read files from the underlying operating system. A patch is available to fix this flaw. Cisco also addressed multiple IOS XE vulnerabilities this week. Check your Cisco gear for updates.
• D-Link DSL Gateway Routers have a newly discovered command injection vulnerability. An unauthenticated threat actor can execute remote commands, altering DNS configurations. There are at least four router models that are affected. Although there could be more. All of the known affected units are end-of-life (EOL) and D-Link has said that they will not receive any support or updates. It is highly recommended that you immediately replace any EOL D-Link routers you may have.
• GNU Wget2 is a tool used to download from the web via command line. It has been found that if a threat actor can convince a victim to access a specially crafted link, then GNU Wget2 can write output to filesystem locations that are unintended. This could allow an attacker to replace vital system files and libraries with compromised or malicious versions. No patch was available at the time of this publication.
• Open-source workflow automation platform n8n has a maximum severity defect in both the on-premises and cloud-hosted versions that can result in remote code execution (RCE). Several additional defects were revealed this week that also can enable RCE. There is mitigation guidance for these defects, if you’re unable to update. But the most effective way to protect yourself or your users is to update to the latest patched versions.
• Trend Micro Apex Central web-based management console (on-premises) has a critical defect that can allow an unauthenticated threat actor RCE access. Trend Micro has released a patched version that fixes this defect along with two denial-of-service (DoS) flaws. Proof-of-Concept (PoC) code is in the wild, so don’t wait to patch this vulnerability.
• Veeam has released updates to their Backup and Replication software to fix multiple defects. All of them involve unwanted or undesired elevation of privileges. Users are urged to upgrade to the latest patched versions and to follow the vendors’ recommended security guidelines.
• Zoom for Windows has released an updated version to address a defect in how Zoom loads DLL files. In the unpatched version, the Zoom executable could be tricked in using a malicious DLL file instead of the legitimate one from Zoom. Update immediately to patch this vulnerability.

In Ransomware, Malware, and Vulnerabilities News:

• Palo Alto Networks security-intel boss calls AI agents 2026’s biggest insider threat. In what I consider to be an excellent forward-thinking statement, Wendi Whitmore, Palo Alto Networks Chief Security Intel Officer, recently spoke with The Register about AI and what 2026 will bring. Understanding that AI Agents are now being integrated into nearly every aspect of our infrastructures, she correctly warned that these largely unmonitored and oft misunderstood quasi-users are frequently given excessive permissions. Most organizations are ignorant of the power they’re placing into the digital hands of an entity that has been demonstrated to be malleable in allegiance and intention, which is readily swayed based upon how and when it is asked to perform an action. This makes the agentic AI “a very attractive target to attack”. As we begin to employ these new “workers” it is vital that we continue to put into practice zero-trust and least access privilege. Anything more puts an organization at tremendous risk.

In Other News Events of Note and Interest:

• Microsoft to enforce MFA for Microsoft 365 Admin Center sign-ins. About time! Why hasn’t this already been enforced, is what I’m left wondering? We’ve seen several years of massive account take-over happening in the M365 world. This is a good first step that should have happened five years ago. And additional step needs to be enabling device-bound tokens across all of Microsoft’s applications and infrastructure. If your login cannot be cloned and spoofed, much of the current account takeover attacks would immediately cease to exist.

Musings

Is it just me, or are people becoming more helpless and demanding? In my day job, I manage a team of cybersecurity professionals that receive a large number of requests from organizations and people from all walks of life. But some of the requests show a total lack of initiative on the part of the requestor. I’ll often copy and paste the exact text of a request into a search engine, and the first result that comes up is usually correct. Why didn’t the person who sent the request in do that? It would have saved them, and my team time. And then there’s the feeling that it is often an adversarial relationship, whereby my people are being blamed for causing an error or adverse software interaction on their workstation or network, as if we want to create problems for them. Most of my team is too young to remember the early days of computer support, when those of us that had a good grasp of how technology worked were almost venerated as minor deities. We were the heroes that would swoop in and save the day. I fondly recall one lady named Linda that always referred to me as “resident genius”. Nowadays we fix an issue, and the response is often, “Why wasn’t this done sooner?” But alas, whether the person has trouble spelling Google, or they are miffed and impatient, or are genuinely grateful, I must remind myself and my team, and never forget, that we’re here to help, to educate, to defend, to stand between the darkness and the light. And we must ever…

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Cisco warns of Identity Service Engine flaw with exploit code
• New D-Link flaw in legacy DSL routers actively exploited in attacks
• Critical GNU Wget2 Vulnerability Let Remote Attackers to Overwrite Sensitive Files
• n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
• New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands
• Trend Micro warns of critical Apex Central RCE vulnerability
• Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
• Windows Users at Risk as Critical Zoom Vulnerability Exploited 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA orders feds to patch MongoBleed flaw exploited in attacks
• CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
• CISA Warns of Microsoft PowerPoint Code Injection Vulnerability Exploited in Attacks
• FCC finalizes new penalties for robocall violators
• Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts
• Cisco switches hit by reboot loops due to DNS client bug
• Cisco routers knocked out due to Cloudflare DNS change
• Vulnerabilities and Exploits
• Six for 2026: The cyber threats you can’t ignore
• Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat
• Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data
• New China-linked hackers breach telcos using edge device exploits
• Chrome fixes a problematic security flaw in first update of 2026
• Kimwolf Botnet Hacked 2 Million Devices and Turned User’s Internet Connection as Proxy Node
• Threat Actor Exploited Multiple FortiWeb Appliances to Deploy Sliver C2 for Persistent Access
• Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
• Critical jsPDF flaw lets hackers steal secrets via generated PDFs
• jsPDF has Local File Inclusion/Path Traversal vulnerability
• Forcepoint DLP Vulnerability Enables Memory Manipulation and Arbitrary Code Execution
• Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
• AI agents 2026’s biggest insider threat: PANW security boss
• Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
• Without Registry Callbacks – Registry Writes
• How generative AI accelerates identity attacks against Active Directory
• Samsung Magician SSD software ‘High Severity’ vulnerability patched
• New macOS TCC Bypass Vulnerability Allow Attackers to Access Sensitive User Data
• Critical Dolby Codec Vulnerability Exposes Android Devices to Code Execution Attacks
• IBM’s AI agent Bob easily duped to run malware: Researchers
• PoC Exploit Released for Android/Linux Kernel Vulnerability
• OpenAI patches déjà vu prompt injection vuln in ChatGPT
• VMware ESXi zero-days likely exploited a year before disclosure
• New OAuth-Based Attack Let Hackers Bypass Microsoft Entra Authentication Flows to Steal Keys
• Hackers target misconfigured proxies to access paid LLM services
• Phishing, Malware, and similar
• RondoDox Botnet Expands Scope With React2Shell Exploitation
• ClickFix attack uses fake Windows BSOD screens to push malware
• Watch out for this fake Windows BSOD – it’s actually malware
• Cloud file-sharing sites targeted for corporate data theft attacks
• Are criminals vibe coding malware? All signs point to yes
• The Kimwolf Botnet is Stalking Your Local Network
• Kimwolf Android botnet abuses residential proxies to infect internal devices
• Phishing actors exploit complex routing and misconfigurations to spoof domains
• New GoBruteforcer attack wave targets crypto, blockchain projects
• Black Cat Hacker Group Uses Fake Notepad++ Websites to Distribute Malware and Steal Data
• Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
• ToddyCat Malware Compromises Microsoft Exchange Servers using ProxyLogon Vulnerability
• Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns Delivering Multiple Malware Families
• New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
• Email security needs more seatbelts: Why click rate is the wrong metric
• Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
• Breaches, Leaks, and Ransomware
• Ransomware attacks kept climbing in 2025
• Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft
• NordVPN denies breach claims, says attackers have “dummy data”
• Resecurity traps cybercrim in honeypot
• ownCloud urges users to enable MFA after credential theft reports
• Sedgwick Confirms Cyberattack on Government Subsidiary
• Ledger customers impacted by third-party Global-e data breach
• US broadband provider Brightspeed investigates breach claims
• Brightspeed investigates breach as crims post data for sale
• Hackers claim breach of engineering firm, offer sale of info on three major US utilities
• Covenant Health Data Breach Impacts 478,000 Individuals
• Illinois health department exposed over 700,000 residents’ personal data for years
• Major Data Breach Hits Company Operating 150 Gas Stations in the US 

Other News Events of Note and Interest

• HP’s EliteBoard G1a is an entire Windows PC inside a keyboard
• Lenovo shows off new laptops that twist and roll
• Luggable datacenter: startup straps handles to 4 H200 GPUs
• The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations
• The last supported version of HP-UX is no more
• SanDisk’s NVMe SSDs are no longer called WD_BLACK
• CES 2026: The best tech announced so far
• Google Play Store users are now getting settlement emails
• Chrome for Android is getting a desktop style bookmarks bar
• Android XR is Google’s advertising focus at CES 2026
• Google VP John Maletis confirms 10-year ChromeOS support commitment
• Google VP confirms not all Chromebooks will be able to migrate to Aluminium OS
• California residents can use new tool to demand brokers delete their personal data
• Wi-Fi advocates get win from FCC with vote to allow higher-power devices
• AI, LLM’s, and Skynet
• Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome
• The Alexa Plus website is now available to everyone in early access
• Instagram CEO: More practical to label real content versus AI
• xAI launches Grok Business and Enterprise with team features
• Plaud launches a new AI pin and a desktop meeting notetaker
• Researchers poison stolen data to make AI results wrong
• California lawmaker proposes a four-year ban on AI chatbots in kids’ toys
• Judge Demands OpenAI to Release 20 Million Anonymized ChatGPT Chats in AI Copyright Dispute
• Lenovo is building an AI assistant that ‘can act on your behalf’
• Google is taking over your Gmail inbox with AI
• Google Search AI hallucinations push Google to hire “AI Answers Quality” engineers
• AI isn’t “just predicting the next word” anymore
• The Downside to Using AI for All Those Boring Tasks at Work
• Microsoft
• “Microslop” trends in backlash to Microsoft’s AI obsession
• Microsoft will put buy buttons directly in Copilot
• Microsoft to enforce MFA for Microsoft 365 admin center sign-ins
• Microsoft shares official ways to save GBs of disk on Windows 11/10 using free native tools
• Outlook for Windows is getting an interesting meeting feature soon
• Microsoft: Classic Outlook bug prevents opening encrypted emails
• Microsoft Edge is getting a Copilot-inspired redesign
• Microsoft is slowly turning Edge into another Copilot app — tests redesigned UI that takes inspiration from Copilot
• These Microsoft Teams security features will be turned on by default this month
• Here are my 10 favorite features Windows 11 received in 2025
• Microsoft cancels plans to rate limit Exchange Online bulk emails
• Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services
• Microsoft killing a free Windows 11/10 Office desktop app to move entirely to web
• Microsoft confirms one of the most basic functions in Word is getting a useful upgrade
• Microsoft warns IT admins against using this unsupported Exchange Online configuration