← Cybersecurity Headlines
Loading summary
Transcript3 lines
- [00:00]
A
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Wednesday, January 7, 2026. I'm Rich Stroffelino. The UK hits reset on Cybersecurity the British government presented a new government Cyber Action Plan to Parliament, which makes a conscious reset in its efforts to protect public services. The announcement admits its previous approach was flawed and left it unable to meet commitments to secure government organizations known vulnerabilities and methods by 2030. This will see the UK move away from providing non binding guidance to public sector authorities and instead establish a new government cyber unit for a centralized mandatory approach. The plan also calls for more coordination on incident response and stronger contractual expectations from strategic suppliers. This comes ahead of a plan to reboot its National Cyber Strategy, set for release later this year. No mfa, no problems A threat actor that goes by Zestix or Centap listed data allegedly stolen from roughly 50 organizations on illicit forums, including the American engineering firm Picket and Associates, Spain's Iberia airline and the Japanese home builder Sekusi House. Researchers at Hudson Rock found that this data was stolen using compromised cloud credentials, which was easy because none of the organizations listed had enforced MFA for logins. Zestix isn't new to this game. They've used infostealers to abscond with passwords and serve as an initial access broker since at least 2021. Another example of threat actors that don't break in, they log in. US May have coordinated cyberattacks with Maduro Arrest Both US President Trump and the chair of the Joint Chiefs of Staff, general Dan Kaine alluded to possible US Cyber attacks to cut power in Caracas as part of the arrest of Venezuelan President Nicolas Madero on January 3rd. Kane referred to this as layering different effects as part of the operation. Without going into too much detail, the Internet tracking group NetBlocks reported a loss of Internet connectivity at that time due to power cuts, saying that if they were tied to a cyber attack, it will have had to have been targeted, not impacting the broader network space. While it's widely known that the US Operates sophisticated cyber operations globally, we generally don't get any kind of acknowledgments this close to the event. Jaguar Land Rover sees sales crash after cyberattack the British automaker is still feeling the impact of a cyberattack last year, which forced it to halt production for weeks in the fall. In its most recent earnings report, Jaguar Land Rover saw a 25.1% fall in sales on the year in Q3 down to 79,600 vehicles. Even this drop depended on old stock already on dealer lots because shipments to dealers fell 43% on the year to just over 59,000 vehicles. The UK's Cyber Monitoring center has described the attack as the most economically damaging CyberAttack in the UK, with an estimated financial impact of £1.9 billion. And now, thanks to today's episode sponsor Hoxhunt, a small tip for CISOs if you're unsure whether your security training is actually reducing phishing risk, check out what Qualcomm achieved with Hoxhunt. They took their 1000 highest risk users from consistent underperformers to outperforming the rest of the company, driving measurable human risk, risk reduction and earning a CSO50 award. See the Qualcomm case@hoxhunt.com Qualcomm that's H O X H U N T.com Qualcomm Microsoft pushes back on Copilot Security Flaws Security engineer John Russell recently outlined several perceived security flaws in Microsoft Copilot, including prompt injection, leaking system prompts, command execution within isolated Linux environments, and bypassing file type restrictions with base 64 plaintext strings. Rossel noted that while all LLMs hit a point where they struggled to separate data from instruction, other major LLMs like Anthropic's Claude didn't have the same issues he saw with Copilot. Speaking to Bleeping Computer about these findings, a Microsoft spokesperson said that these were out of the scope for servicing as their vulnerability. They saying there are several reasons why a case may be out of scope, including instances where a security boundary is not crossed. Impact is limited to the requesting user's execution environment or other low privileged information is provided that is not considered to be a vulnerability. N8scape spells trouble for N8N researchers at Sierra disclosed a critical sandbox bypass vulnerability for the open source automation platform N8N, impacting all versions prior to 2.0. This stems from a protection mechanism failure where an authenticated user carries over the same permissions on the underlying host, meaning they could execute commands. Users on version 1.111 can enable improved security isolation to get around the bug and with version 2.0 this is on by default. Ledger impacted by third party breach the blockchain security company ledger says that a breach at its payment provider Global E resulted in leaked customer information. This included names, contact data, order details and amounts paid. Ledger was quick to point out that nothing related to financial data or cryptocurrency. Wallets were impacted. Global east started notifying impacted customers as of January 5, warning them to be on the lookout for targeted phishing attacks. Based on the Information Ledger is specifically warning customers about any scams involving devices shipped to their addresses. Looking for access to crypto wallets Microsoft Sees Misconfigurations Used to Spoof Domains In a blog post, Microsoft warned that since May 2025 it's seen an increase in threat actors using complex routing and exploiting misconfigurations to spoof domains in phishing messages. The company was quick to point out that this does not represent a vulnerability in its direct send mail flow method for exchange. Most of these messages are using the Tycoon2FA phishing as a service platform, using lures like business invoices to be paid or spoofing Microsoft messages asking users to refresh a soon to be expired password to steal credentials. Microsoft recommended setting strict demarked reject and SPF hard fail policies and reviewing third party connector integrations to avoid these spoofed messages. Remember, if you enjoy our live streams, live events and other activities from the CISO series, why not subscribe to our calendar? Just head on over to the events page@cisoseries.com, click on the subscribe button and you'll soon have everything synced to your calendar so you don't miss a thing. And if you have some thoughts about the news from today or about the show in general, be sure to reach out to us@feedbacksoseries.com we love to hear from you. Re read every single message and we'll probably get back to you. Reporting for the CISO Series, I'm Rich Stroffelino reminding you to have a super sparkly day.
- [07:03]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.