CyberNews: 07/01/2026 Edition

Published by Dunateo on 2026-01-07

Today’s roundup

  • Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers
  • n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
  • Google fixes critical Dolby Decoder bug in Android January update
  • Veeam resolves CVSS 9.0 RCE flaw and other security issues
  • Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
  • CERT/CC warns of critical, unfixed vulnerability in TOTOLINK EX200
  • Taiwan says China's attacks on its energy sector increased tenfold
  • Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector
  • Jaguar Land Rover wholesale volumes down 43% after cyberattack
  • Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

    • Summary

    Threat actors are actively exploiting CVE-2026-0625 (CVSS 9.3), a critical RCE flaw in legacy D-Link DSL routers via command injection, with active exploitation detected since November 2025.

    Open-source workflow automation platform n8n has warned of a maximum-severity security flaw, CVE-2026-21877 (CVSS 10.0), enabling authenticated remote code execution on self-hosted and cloud versions.

    Google released a fix for a critical Dolby audio decoder vulnerability, CVE-2025-54957, in the January 2026 Android security update. This 0-click flaw allows out-of-bounds writes on DD+ decoders (UDC v4.5–v4.13), increasing risk on Android devices.

    Veeam has patched a critical RCE vulnerability, CVE-2025-59470 (CVSS 9.0), in its Backup & Replication software, allowing a Backup or Tape Operator to execute code as the postgres user. Additional RCE and file write flaws were also resolved.

    Two malicious Chrome extensions were discovered stealing OpenAI ChatGPT and DeepSeek conversations, plus browsing data, from over 900,000 users, exfiltrating information to attacker-controlled servers.

    CERT/CC revealed an unpatched critical flaw, CVE-2025-65606, in the end-of-life TOTOLINK EX200 wireless range extender. The vulnerability in firmware-upload error handling can start an unauthenticated root telnet service, allowing full device takeover by an authenticated attacker.

    Taiwan's National Security Bureau reported a tenfold increase in cyberattacks from China against its energy sector in 2025, escalating geopolitical cyber tensions targeting critical infrastructure.

    The PHALT#BLYX multi-stage malware campaign targets European hotels with fake Booking.com emails and Blue Screen of Death (BSoD) lures, deploying the DCRat remote access trojan via malicious PowerShell commands and MSBuild.exe abuse.

    Jaguar Land Rover (JLR) announced a 43% decline in third-quarter wholesale volumes, directly attributed to a September 2025 cyberattack that severely impacted operations.

    Microsoft warns that misconfigured email routing and spoof protections are being exploited by threat actors for internal domain phishing, allowing impersonation and delivery of phishing messages, including those from PhaaS platforms.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-0625 Critical
    CVE-2025-54957 Medium