January has started with a sobering reminder of the persistent and evolving threats facing organisations worldwide. From critical zero-day vulnerabilities exploited by state-linked actors to innovative malware evasion techniques and significant data breaches, security teams and business leaders must remain vigilant. This roundup highlights key incidents and developments to inform your defensive strategies.
Critical Vulnerabilities and Exploits
Cisco Patch for Zero-Day Exploited by China-Linked APT
Cisco has released urgent patches for a severe remote code execution (RCE) vulnerability (CVE-2025-20393) affecting its AsyncOS software used in Secure Email Gateway and Secure Email and Web Manager products. This flaw, actively exploited by the China-linked advanced persistent threat (APT) group UAT-9686, underscores the ongoing risk of state-sponsored cyberattacks targeting critical enterprise infrastructure. Organisations relying on Cisco’s email security solutions should prioritise applying these updates promptly to mitigate exposure.
WordPress Plugin Flaw Grants Admin Access to Hackers
A maximum severity vulnerability in the Modular DS WordPress plugin is currently being exploited in the wild, allowing attackers to bypass authentication and gain admin-level control over affected sites. Given WordPress’s widespread use, security teams managing websites should audit plugin versions and apply patches immediately to prevent unauthorised access and potential site compromise.
AWS CodeBuild Misconfiguration and Supply Chain Risk
A critical misconfiguration in AWS CodeBuild exposed GitHub repositories, including those containing the AWS JavaScript SDK, to potential supply chain attacks. This vulnerability, dubbed CodeBreach, could have facilitated complete takeover scenarios impacting AWS environments globally. Although patched in September 2025 after responsible disclosure, this incident highlights the importance of rigorous cloud security configurations and continuous monitoring.
Malware and Threat Actor Developments
Gootloader’s Stealthy 1,000-Part ZIP Archive Delivery
Researchers have uncovered a new evasion technique used by the Gootloader malware, which now employs malformed ZIP archives split into up to 1,000 parts. This sophisticated packaging aims to bypass detection mechanisms and maintain persistence during initial access phases. Security teams should enhance their detection capabilities for fragmented archives and monitor for unusual archive behaviours.
Predator Spyware’s Vendor-Controlled Command and Control
Analysis of the Predator spyware reveals that its operator, Intellexa, leverages failed and thwarted infections to refine attack methods, maintaining vendor-controlled command and control infrastructure. This insight into commercial spyware tactics stresses the need for robust endpoint protection and incident response readiness, especially for organisations at risk of targeted surveillance.
Data Breaches and Service Disruptions
Grubhub Confirms Data Breach and Extortion Attempts
Food delivery giant Grubhub has acknowledged a recent data breach where hackers accessed sensitive information and are reportedly demanding extortion payments. This incident highlights the continued threat to consumer-facing platforms and the critical need for stringent data protection and breach response strategies.
Verizon Nationwide Wireless Outage Attributed to Software Issue
Verizon experienced a widespread wireless outage caused by an unspecified software issue. While no malicious activity has been confirmed, this event reminds organisations of the potential impact of software failures on critical communication infrastructure and the importance of resilience planning.
Technology and User-Focused Updates
Google Enables Gmail Address Changes
Google has rolled out a feature allowing users to change their @gmail.com addresses. While primarily a user convenience enhancement, security teams and business leaders should consider the implications for identity management and email-based authentication processes.
ChatGPT Improves Past Chat Recall for Subscribers
OpenAI’s ChatGPT now offers more reliable advanced chat history search for Plus and Pro users. This update, while not directly security-related, signals ongoing improvements in AI tools that may influence how organisations approach information retrieval and knowledge management.
Upcoming Cybersecurity Events
RSAC 2026 Conference
Security professionals are encouraged to secure their spots at the RSA Conference 2026, a premier event for cybersecurity insights, networking, and emerging trends. Attendance will be vital for staying ahead in the fast-evolving threat landscape.
Key Takeaways
- Critical zero-day vulnerabilities exploited by state-linked actors demand prompt patching of affected systems.
- Plugin and cloud misconfiguration flaws continue to provide attackers with high-impact access; rigorous patch management and configuration reviews are essential.
- Advanced malware is adopting increasingly sophisticated evasion techniques, requiring enhanced detection capabilities.
- Data breaches and extortion attempts remain prevalent, emphasising the need for robust incident response and consumer data protection.
- Service disruptions highlight the importance of resilience and contingency planning for critical infrastructure.
- New user features and AI tool enhancements may influence organisational security and identity strategies.
- Participation in industry events like RSAC 2026 is crucial for keeping pace with cybersecurity developments.
Staying informed and proactive remains the cornerstone of effective cybersecurity in 2026.