Ticker feed

Cybercriminals and hacktivists dramatically escalated attacks on industrial control systems in 2025, with vulnerability disclosures jumping from 1,690 to 2,451 across 152 vendors, according to Cyble's latest threat report.

Siemens topped the list with 1,175 reported vulnerabilities, though Schneider Electric faced more severe threats with 70% classified as high or critical. Manufacturing and healthcare bore the brunt of ransomware attacks, seeing 600 and 477 entities compromised respectively.

Hacktivist groups like Z-Pentest increasingly targeted human-machine interfaces and SCADA systems, while geopolitical tensions fueled cyber operations. The Israel-Iran conflict alone sparked activity from 74 hacktivist groups, generating 1.5 million intrusion attempts tied to India-Pakistan tensions.

Cyble warns that exposed industrial systems will face even more aggressive targeting in 2026.

Source: Infosecurity Magazine

Microsoft partnered with international law enforcement to shut down RedVDS, a cybercrime marketplace that enabled attackers to steal millions from businesses worldwide. The $24-per-month service provided criminals with disposable virtual computers to launch phishing campaigns and business email compromise attacks.

RedVDS facilitated major thefts, including $7.3 million from Alabama pharmaceutical company H-2 Pharma and nearly $500,000 from a Florida condominium association. The service operated at massive scale, with 2,600 virtual machines sending 1 million phishing messages daily to Microsoft customers alone.

Since September, attackers compromised over 191,000 organizations globally using RedVDS infrastructure. Microsoft seized two key domains and laid groundwork to identify the operators behind the service.

Source: Dark Reading

Kensington and Chelsea Council suffered a major cyber attack that may have compromised the personal details of hundreds of thousands of residents. The west London authority is warning people to watch for scams using their stolen information and to be suspicious of unexpected calls or messages claiming to be from the council.

The attack also affected shared services with Westminster City Council and Hammersmith and Fulham Council. Cybersecurity experts say local authorities are prime targets because they hold valuable data including social care and housing records, while operating under tight budgets that can leave security gaps.

Council leader Elizabeth Campbell called the breach "serious" and said it could take months to fully assess what data was accessed. The Met's Cyber Crime Unit is investigating, but no arrests have been made yet.

Source: BBC

Cyber fraud has surpassed ransomware as CEOs' biggest digital threat concern, according to the World Economic Forum's 2026 Global Cybersecurity Outlook released Monday. The shift marks a dramatic change from previous years when ransomware dominated executive fears.

A striking 73% of CEOs were personally affected by cyber fraud or knew someone who was in 2025, while 77% believe these attacks increased over the past year. The new top three CEO concerns are cyber fraud, AI vulnerabilities, and software exploitation—notably pushing ransomware off the list entirely.

Interestingly, CISOs still rank ransomware as their primary worry, suggesting different priorities between financial and operational leaders. AI concerns have also evolved, with executives now more worried about employees accidentally exposing data through internal AI tools than hackers weaponizing artificial intelligence.

Source: Security Week

Microsoft released its largest January security update ever, fixing 112 vulnerabilities—nearly double December's count. The standout concern is CVE-2026-20805, a zero-day flaw in Desktop Window Manager that hackers are already exploiting to steal memory information and potentially escalate attacks.

Eight vulnerabilities are flagged as likely exploitation targets, including two critical Windows NTFS buffer overflow bugs that could allow remote code execution. Security experts warn these third-party-reported flaws may soon become public, creating urgency for patches.

Two Microsoft Office vulnerabilities stand out for enabling code execution through the Preview Pane without user interaction—meaning simply viewing a file could trigger an attack.

Source: Dark Reading

SAP dropped 17 security patches on January 13, 2026, targeting dangerous vulnerabilities that could let attackers take complete control of enterprise systems. Four critical flaws scored up to 9.9 on the severity scale, including a SQL injection bug in S/4HANA financials (CVE-2026-0501) that lets low-level users steal financial data.

The scariest issue hits SAP's monitoring tool - unauthenticated attackers can remotely execute code just by tricking users into clicking something malicious. Two other code injection flaws in S/4HANA and Landscape Transformation scored 9.1, allowing privileged users to run malicious code remotely.

SAP urges administrators to patch the SQL injection and remote code execution vulnerabilities within 24 hours. Companies should test updates in staging environments first, focusing on S/4HANA and HANA systems that power most enterprise operations.

Source: Cyber Security News

Instagram users worldwide received unexpected password reset emails this week, sparking fears of a security breach. The company denied any system compromise, claiming it fixed an issue that allowed "an external party" to trigger legitimate password reset requests.

However, cybersecurity firm Malwarebytes contradicted Instagram's statement, alleging hackers stole data from 17.5 million accounts including usernames, addresses, and phone numbers. The firm linked the emails to an ongoing sale of Instagram user data on hacker forums, though some researchers believe it's old publicly available information from 2022.

Instagram hasn't explained who the "external party" was or how they gained this capability. Users should change passwords directly through Instagram's official app or website.

Source: BBC News

Meta fixed an Instagram vulnerability that let third parties send password reset emails to users, causing confusion across the platform. The company insists no breach occurred and accounts remain secure.

Separately, cybersecurity firm Malwarebytes warned that hackers leaked data from 17.5 million Instagram accounts, including usernames, emails, phone numbers, and addresses. However, experts clarified this isn't new data—it's from a 2022 leak that resurfaced in November 2024.

The two incidents appear unrelated despite their timing. Users can safely ignore the password reset emails.

Source: SecurityWeek

Security researchers have discovered a severe buffer overflow vulnerability in zlib's untgz utility version 1.3.1.2 that lets attackers execute malicious code through simple command-line input.

The flaw exists in the TGZfname() function, where an unbounded strcpy() call copies user-supplied archive names into a fixed 1,024-byte buffer without any length validation. Attackers can trigger memory corruption by simply providing filenames longer than 1,024 bytes as command-line arguments.

Researchers demonstrated the exploit using a 4,096-byte filename, which caused a global buffer overflow affecting memory beyond the function's scope. This makes the vulnerability particularly dangerous since the corruption persists and can influence subsequent program behavior, potentially leading to code execution.

Source: Cyber Security News

Cisco Talos researchers have exposed UAT-7290, a sophisticated threat group active since 2022 that's been infiltrating critical infrastructure across South Asia. The hackers deploy a custom malware toolkit including RushDrop, DriveSwitch, and SilentRaid to establish persistent access and conduct espionage operations.

The group primarily targets telecommunications providers but has recently expanded into Southeastern Europe. They use one-day exploits and SSH brute force attacks to compromise edge devices, then burrow deep into victim networks. Beyond espionage, UAT-7290 also converts infected systems into operational relay boxes that other Chinese threat actors can use.

Cisco's analysis reveals significant overlaps with known Chinese military unit PLA 69010, suggesting state-sponsored backing for these ongoing cyber operations.

Source: Industrial Cyber