🚨 Warning - Yet another n8n vulnerability.

n8n disclosed a CVSS 10.0 RCE flaw allowing authenticated users to execute untrusted code and fully compromise an instance.

CVE-2026-21877 affects cloud and self-hosted deployments running versions ≥0.123.0 and <1.121.3.

🔗 Read → https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html

🤖 Non-human accounts now rival humans in security risk. As AI and automation expand, service accounts and bots are gaining deep, unmanaged cloud access.

51% of security teams now rank non-human identity security as a top priority. Don't let machine identities become your biggest blind spot.

🔗 Read more: https://thehackernews.com/2026/01/the-future-of-cybersecurity-includes.html

🔥 WEBINAR ALERT - Most attacks today don’t drop malware. They blend into tools your teams already trust.

That’s why alerts stay quiet while real risk moves forward. Fileless and Living-off-the-Land attacks are now standard tradecraft.

🔗 Join our next webinar on how teams are closing this gap. Register here → https://thehackernews.com/2026/01/webinar-learn-how-ai-powered-zero-trust.html

🚨 Another CVSS 10.0 n8n vulnerability disclosed.

Researchers found another critical flaw (CVE-2026-21858) in n8n that lets remote attackers take full control with no authentication required.

The bug abuses Content-Type handling in form webhooks to read local files, steal secrets, forge admin sessions, and achieve RCE.

🔗 Details here → https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html

Black Cat is running an SEO poisoning campaign that ranks fake software sites in search results.

The group impersonates tools like Notepad++, tricking users into installing trojanized installers that drop a backdoor stealing browser data, keystrokes, clipboard contents, and enabling remote access.

🔗 Read → https://thehackernews.com/2026/01/black-cat-behind-seo-poisoning-malware.html

🏥 OpenAI launched ChatGPT Health, a sandboxed space for health chats.

Users can link medical records and wellness apps. Data uses purpose-built 🔒 encryption, stays siloed, isn’t used to train models, and doesn’t affect other chats.

🔗 Details here → https://thehackernews.com/2026/01/openai-launches-chatgpt-health-with.html

CISA added two flaws to its KEV list, citing evidence of exploitation.

🧩 PowerPoint RCE (CVSS 8.8) — memory corruption enables remote code execution
🚨 HPE OneView RCE (CVSS 10.0) — unauthenticated, affects all versions before 11.00

🔗 Read → https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

🗓️ Federal agencies must patch by Jan 28, 2026.

Ransomware has moved past simple extortion.

Stolen data is now auctioned when ransoms fail, turning breaches into repeat revenue. Data auctions expand profits, attract more actors, and scale attacks faster.

🔗 Read → https://thehackernews.com/2026/01/weekly-recap-iot-exploits-wallet.html#:~:text=Ransomware%20Turns%20Breaches%20into%20Bidding%20Wars

Large enterprises now run 45 security tools on average, yet 52% of executives say complexity blocks effective security. Vendor consolidation cut costs, not operational results.

That gap is driving a rethink of what a security “platform” should actually deliver.

🔗 Read → https://thehackernews.com/expert-insights/2026/01/the-security-platform-is-dead-long-live.html

Researchers disclosed multiple critical flaws in Coolify that let authenticated users run commands as root, enabling full server compromise.

The issues span 11 CVEs rated up to 10.0 and impact 52,890 internet-exposed hosts.

🔗 Details here → https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html

🚨 Three npm pkgs posing as bitcoinjs tools found spreading NodeCordRAT.

Postinstall scripts chained a 2nd pkg to drop the payload, steal Chrome creds, API tokens, and crypto wallet seed phrases, and run commands via Discord C2 on Win/Linux/macOS.

🔗 Details → https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html

🛑 Cisco released patches for CVE-2026-20029 in Identity Services Engine and ISE-PIC.

The XML parsing flaw allows an authenticated admin to upload a malicious file and read restricted OS files.

A public PoC exists. Patch Now.

🔗 Read → https://thehackernews.com/2026/01/cisco-patches-ise-security.html

[🔥] ThreatsDay Bulletin is live!

⚖️ OpenAI – Court orders 20M ChatGPT logs.
🇨🇳 China–Taiwan – Cyberattacks surge tenfold.
💌 Microsoft – Exchange limit scrapped.
🕵️ pcTattletale – Spyware maker guilty.
🔑 RustFS – Hardcoded token flaw fixed.
🎭 pkr_mtsi – Loader spreads malware.
💥 Open WebUI – RCE via CVE-2025-64496.
🇮🇷 MuddyWater – New backdoors active.
☁️ ownCloud – MFA urged after breaches.
🐍 GravityRAT – Cross-platform RAT exposed.

🔗 Read the full edition ➜ https://thehackernews.com/2026/01/threatsday-bulletin-rustfs-flaw-iranian.html

Most production risk sits outside the top 20 images.

Chainguard data shows 98% of CVEs were remediated in the longtail, where about half of workloads run. That’s where security focus needs to move.

🔗 See where real supply-chain risk accumulates → https://thehackernews.com/2026/01/the-state-of-trusted-open-source.html

🇨🇳 China-linked UAT-7290 targets telecoms in South Asia, now expanding into Southeastern Europe.

Cisco Talos links the group to deep recon, edge device exploits, SSH brute force, 🐧 Linux malware, and shared ORB relay infrastructure.

🔗 Read → https://thehackernews.com/2026/01/china-linked-uat-7290-targets-telecoms.html

The future of AI is exciting, but securing it is essential. Risks like Shadow AI, vulnerabilities, and data exposure are growing.

We’re excited to join Zscaler’s virtual event with CEO Jay Chaudhry to learn how to secure AI systems—hope you’ll join too!

🔍 Identify AI risks
⚙️ Automate remediation
🛡️ Protect AI systems
✅ Ensure compliance

Register → https://thn.news/ai-zero-trust

⚠️ Astaroth banking malware is now using WhatsApp as its main delivery channel in Brazil.

Researchers report a new Python-based module that steals a victim’s contact list and auto-sends malicious ZIP files, spreading the infection chat to chat.

🔗 How the campaign works and spreads → https://thehackernews.com/2026/01/whatsapp-worm-spreads-astaroth-banking.html

🛡️ The FBI warns North Korea–linked Kimsuky is using QR codes in spear-phishing emails.

The “quishing” tactic pushes victims onto unmanaged phones 📱, enabling session token theft, MFA bypass, and cloud takeover.

🔗 Read → https://thehackernews.com/2026/01/fbi-warns-north-korean-hackers-using.html

⚠️ CISA closed 10 Emergency Directives issued between 2019–2024.

The required security actions for risks such as SolarWinds, Microsoft Exchange, and VMware were completed or are now enforced under Binding Operational Directive 22-01.

🔗 Read → https://thehackernews.com/2026/01/cisa-retires-10-emergency-cybersecurity.html

🚨 Trend Micro patched a critical flaw in on-prem Apex Central for Windows that can lead to SYSTEM-level code execution.

CVE-2025-69258 (CVSS 9.8) allows a remote, unauthenticated attacker with endpoint access to load a malicious DLL via MsgReceiver.exe.

On-prem builds below 7190 are affected.

🔗 Details → https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html

🇷🇺 Russian state-linked APT28 targeted Turkish energy and nuclear staff, a European think tank, and organizations in North Macedonia and Uzbekistan.

🎣 Fake Microsoft, Google, and VPN login pages harvested credentials, then redirected victims to real sites to stay hidden.

🔗 Details → https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html