CyberNews: 20/01/2026 Edition

Published by Dunateo on 2026-01-20

Today’s roundup

  • VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
  • Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
  • New PDFSider Windows malware deployed on Fortune 100 firm's network
  • North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
  • Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
  • EU plans cybersecurity overhaul to block foreign high-risk suppliers
  • Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
  • Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
  • UK NCSC warns of Russia-linked hacktivists DDoS attacks
  • Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

    • Summary

    Check Point Research identified VoidLink, an advanced malware framework potentially the first fully AI-designed and built offensive tool. Leaked materials showed an individual rapidly developed this sophisticated malware, incorporating eBPF and LKM rootkits, using an AI model to orchestrate its creation. This marks a new era where AI accelerates sophisticated malware production.

    TP-Link patched a critical authentication bypass (CVE-2026-0629, CVSS 8.7) in 32 VIGI surveillance camera models. The flaw allowed local network attackers to reset admin passwords without verification, gaining full control. Over 2,500 internet-exposed cameras were found, posing high risks of remote exploitation, privacy breaches, and network compromise.

    A new Windows malware strain, PDFSider, was used by ransomware attackers against a Fortune 100 finance company. The malware delivered malicious payloads for covert, long-term system access within the firm's network, highlighting evolving tactics targeting high-value corporate entities.

    North Korea-linked "Contagious Interview" threat actors are now targeting developers with malicious Microsoft Visual Studio Code (VS Code) projects. These projects act as lures to deliver backdoors, evolving their tactics to exploit trusted development environments for persistent access, as observed since December 2025.

    The new Evelyn Stealer malware targets software developers by weaponizing Microsoft Visual Studio Code (VS Code) extensions. It exfiltrates sensitive developer credentials and cryptocurrency-related data, posing a significant threat of supply chain compromise and financial losses.

    The European Commission proposed new cybersecurity legislation to strengthen digital defenses. It mandates removing high-risk foreign suppliers from telecommunications networks to protect critical infrastructure against state-backed and cybercrime groups, enhancing the EU's overall digital resilience.

    Cloudflare addressed a critical ACME validation bug, allowing attackers to bypass its Web Application Firewall (WAF) and directly access origin servers. The vulnerability stemmed from how Cloudflare's edge network processed requests to the ACME HTTP-01 challenge path.

    A prompt injection flaw in Google Gemini allowed researchers to bypass authorization and extract private Google Calendar data. Attackers could embed malicious instructions in calendar invites, tricking the AI into disclosing sensitive information from a user's calendar.

    The UK NCSC warned of ongoing, ideologically motivated DDoS attacks by Russia-linked hacktivists, including NoName057(16), targeting critical national infrastructure and local government. Some groups also exploit poorly secured VNC connections to access operational technology. Organizations are urged to strengthen defenses.

    Three prompt injection vulnerabilities were found in Anthropic's official Git Model Context Protocol (MCP) server, mcp-server-git. These flaws allow attackers to read/delete arbitrary files and execute code, posing significant risks to AI development environment security and integrity.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-0629 High