CyberNews: 13/01/2026 Edition

Today’s roundup

Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity path traversal vulnerability, CVE-2025-8110 (CVSS 8.7), in the Go Git Service (Gogs) to its Known Exploited Vulnerabilities (KEV) catalog. Discovered by Wiz Research, this flaw allows authenticated users to overwrite files outside repositories through a symbolic link bypass, leading to remote code execution. Over 700 publicly exposed Gogs instances have reportedly been compromised, with federal agencies mandated to patch by February 2, 2026.

Check Point Research has unveiled VoidLink, a sophisticated and stealthy cloud-native Linux malware framework. Written in Zig, VoidLink is designed for long-term access to Linux-based cloud and container environments, capable of detecting major cloud providers and adjusting its evasion tactics. Its advanced features include rootkit capabilities, an in-memory plugin system, multiple command-and-control channels (HTTP/S, ICMP, DNS tunneling, mesh C2), anti-analysis, and anti-forensic modules.

The University of Hawaii's Cancer Center has disclosed a ransomware attack that occurred in August 2025, resulting in the theft of data belonging to study participants. The compromised information includes documents dating back to the 1990s, which contained sensitive personal details such as Social Security numbers.

Hackers are claiming to have stolen internal source code from Target Corporation and are attempting to sell it, having published samples on a public software development platform. Following notification, Target's developer Git server was taken offline, and the exposed files were removed, indicating a potential breach of critical intellectual property.

ServiceNow has patched a critical security vulnerability, CVE-2025-12420 (CVSS 9.3), impacting its AI Platform. The flaw could allow an unauthenticated user to impersonate another user and execute arbitrary actions within the platform, posing a significant risk to data integrity and user access control.

A maximum-severity vulnerability, dubbed "Ni8mare," continues to impact nearly 60,000 n8n workflow automation instances that remain unpatched and exposed online. This widespread unaddressed flaw represents a significant attack surface for potential exploitation against these critical automation platforms.

Silent Push has identified a new, ongoing Magecart campaign actively targeting six major payment network providers since 2022. This global skimming operation aims to compromise online payment infrastructures to steal credit card details, posing a continuous threat to e-commerce and financial security.

Threat actors have deployed a supply chain attack against the n8n workflow automation platform, uploading eight malicious packages to the npm registry. These packages masquerade as legitimate integrations to steal developers' OAuth credentials by tricking users into linking their advertising accounts through deceptive forms.

A new malware campaign, dubbed SHADOW#REACTOR, is delivering the commercially available Remcos Remote Administration Tool (RAT) through an evasive multi-stage Windows attack chain. The campaign is designed to establish persistent and covert remote access to compromised systems.

Armenian authorities are investigating the alleged sale of 8 million government records on an underground hacker forum for $2,500. The dataset reportedly includes official notifications, police communications, and judicial body information, indicating a potentially severe national data breach.

Want to dig deeper?

Vulnerabilities

Malware Families