Researchers disclosed multiple critical flaws in Coolify that let authenticated users run commands as root, enabling full server compromise.

The issues span 11 CVEs rated up to 10.0 and impact 52,890 internet-exposed hosts.

🔗 Details here → https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html

🚨 Three npm pkgs posing as bitcoinjs tools found spreading NodeCordRAT.

Postinstall scripts chained a 2nd pkg to drop the payload, steal Chrome creds, API tokens, and crypto wallet seed phrases, and run commands via Discord C2 on Win/Linux/macOS.

🔗 Details → https://thehackernews.com/2026/01/researchers-uncover-nodecordrat-hidden.html

🛑 Cisco released patches for CVE-2026-20029 in Identity Services Engine and ISE-PIC.

The XML parsing flaw allows an authenticated admin to upload a malicious file and read restricted OS files.

A public PoC exists. Patch Now.

🔗 Read → https://thehackernews.com/2026/01/cisco-patches-ise-security.html

[🔥] ThreatsDay Bulletin is live!

⚖️ OpenAI – Court orders 20M ChatGPT logs.
🇨🇳 China–Taiwan – Cyberattacks surge tenfold.
💌 Microsoft – Exchange limit scrapped.
🕵️ pcTattletale – Spyware maker guilty.
🔑 RustFS – Hardcoded token flaw fixed.
🎭 pkr_mtsi – Loader spreads malware.
💥 Open WebUI – RCE via CVE-2025-64496.
🇮🇷 MuddyWater – New backdoors active.
☁️ ownCloud – MFA urged after breaches.
🐍 GravityRAT – Cross-platform RAT exposed.

🔗 Read the full edition ➜ https://thehackernews.com/2026/01/threatsday-bulletin-rustfs-flaw-iranian.html

Most production risk sits outside the top 20 images.

Chainguard data shows 98% of CVEs were remediated in the longtail, where about half of workloads run. That’s where security focus needs to move.

🔗 See where real supply-chain risk accumulates → https://thehackernews.com/2026/01/the-state-of-trusted-open-source.html

🇨🇳 China-linked UAT-7290 targets telecoms in South Asia, now expanding into Southeastern Europe.

Cisco Talos links the group to deep recon, edge device exploits, SSH brute force, 🐧 Linux malware, and shared ORB relay infrastructure.

🔗 Read → https://thehackernews.com/2026/01/china-linked-uat-7290-targets-telecoms.html

The future of AI is exciting, but securing it is essential. Risks like Shadow AI, vulnerabilities, and data exposure are growing.

We’re excited to join Zscaler’s virtual event with CEO Jay Chaudhry to learn how to secure AI systems—hope you’ll join too!

🔍 Identify AI risks
⚙️ Automate remediation
🛡️ Protect AI systems
✅ Ensure compliance

Register → https://thn.news/ai-zero-trust

⚠️ Astaroth banking malware is now using WhatsApp as its main delivery channel in Brazil.

Researchers report a new Python-based module that steals a victim’s contact list and auto-sends malicious ZIP files, spreading the infection chat to chat.

🔗 How the campaign works and spreads → https://thehackernews.com/2026/01/whatsapp-worm-spreads-astaroth-banking.html

🛡️ The FBI warns North Korea–linked Kimsuky is using QR codes in spear-phishing emails.

The “quishing” tactic pushes victims onto unmanaged phones 📱, enabling session token theft, MFA bypass, and cloud takeover.

🔗 Read → https://thehackernews.com/2026/01/fbi-warns-north-korean-hackers-using.html

⚠️ CISA closed 10 Emergency Directives issued between 2019–2024.

The required security actions for risks such as SolarWinds, Microsoft Exchange, and VMware were completed or are now enforced under Binding Operational Directive 22-01.

🔗 Read → https://thehackernews.com/2026/01/cisa-retires-10-emergency-cybersecurity.html

🚨 Trend Micro patched a critical flaw in on-prem Apex Central for Windows that can lead to SYSTEM-level code execution.

CVE-2025-69258 (CVSS 9.8) allows a remote, unauthenticated attacker with endpoint access to load a malicious DLL via MsgReceiver.exe.

On-prem builds below 7190 are affected.

🔗 Details → https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html

🇷🇺 Russian state-linked APT28 targeted Turkish energy and nuclear staff, a European think tank, and organizations in North Macedonia and Uzbekistan.

🎣 Fake Microsoft, Google, and VPN login pages harvested credentials, then redirected victims to real sites to stay hidden.

🔗 Details → https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html

🔐 Most 2026 cyber predictions are noise.

The real threats are already active:
🎯 ransomware shifting to targeted disruption
🤖 uncontrolled AI creating internal security gaps
🧠 big claims about AI attacks running ahead of reality

Bitdefender cuts through the hype with data, not forecasts.

🔗 Evidence-based risks shaping 2026 → https://thehackernews.com/2026/01/cybersecurity-predictions-2026-hype-we.html

🛑 Chinese-speaking attackers hijacked a SonicWall VPN to escape VMware ESXi guest VMs.

Huntress stopped it before ransomware, but the chain abused 3 VMware zero-days now on CISA’s KEV list.

🔗 Read → https://thehackernews.com/2026/01/chinese-linked-hackers-exploit-vmware.html

Europol says Spanish police arrested 34 suspects linked to Black Axe, a Nigeria-origin crime syndicate.

The 🕵️‍♂️ group is tied to cyber fraud, trafficking, and violent crime worldwide. Investigators estimate €5.93M in fraud losses, with cash and bank funds seized in Spain.

🔗 Read → https://thehackernews.com/2026/01/europol-arrests-34-black-axe-members-in.html

⚠️ Chinese crime groups are running 🐷 pig-butchering scams like a startup.

Researchers found $2,500 turnkey kits with fake trading sites, apps, hosting, and laundering—built to scale fast, no skills needed.

🔗 Read details here → https://thehackernews.com/2026/01/researchers-uncover-service-providers.html

🏥🤖 Anthropic just rolled out Claude for Healthcare.

U.S. users can connect lab results and health records, get plain-English explanations, spot patterns, and prep for doctor visits.

Data sharing is opt-in and not used for training

🔗 Read → https://thehackernews.com/2026/01/anthropic-launches-claude-ai-for.html

🚨 New GoBruteforcer wave is hijacking crypto and blockchain databases to expand a password-brute-forcing botnet.

Researchers link the spike to AI-generated setup guides and reused defaults in legacy stacks like XAMPP. These servers are easy to take over, stay online 24/7, and scale attacks fast.

🔗 Read → https://thehackernews.com/2026/01/gobruteforcer-botnet-targets-crypto.html

➡️🛑 Pentesting in 2026 isn’t failing at testing. It’s failing at what happens after.

In a new analysis, Dan DeCloss explains why static reports slow real progress—and why teams that actually reduce risk treat findings as living inputs to daily work, not PDFs that get forgotten.

Why execution, not output, now defines pentest success → https://thehackernews.com/expert-insights/2026/01/the-2026-state-of-pentesting-how-modern.html

🚨 This week’s cyber risk moved fast and wide.

⚙️ Automation abused
📱 Mobile botnets scaled
📡 Telecoms mapped
💸 Crypto crime surged
🧪 Exploits outpaced patches
🗂️ Crime forums leaked
🧩 AI chats stolen
🐛 Bugs weaponized
🇮🇳 Policy pushback
📩 Political inboxes hit

One pattern. Many fronts.

Here’s the full recap of what mattered most ↓ https://thehackernews.com/2026/01/weekly-recap-ai-automation-exploits.html

🚨 Attackers uploaded fake n8n community nodes to npm to steal OAuth tokens from live workflows.

The packages mimicked real integrations, ran with full n8n access, decrypted credentials during execution, and exfiltrated them.

Eight were removed, but activity appears ongoing.

🔗 Read about it here → https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html