InfoSec News 08JAN2026

General

• Veeam - a backup solution commonly targeted in ransomware intrusions, especially as a way of elevating to Domain Admin - has released patches for new Remote Code Execution vulnerabilities.
  • https://www.veeam.com/kb4738#:~:text=CVE%2D2025%2D59470
  • https://www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/
• More (Classic) Outlook bugs - the latest impacting opening of encrypted emails
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-classic-outlook-bug-prevents-opening-encrypted-emails/
• Workflow automation software N8N suffers from a full CVSS 10/10 bug in "certain form-based workflows". There are a few critical vulnerabilities recently discovered.
  • https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg
  • https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/
• European Space Agency (ESA) suffers another data breach - this time more Annoying Persistent Teenagers - ScatteredLapsus$Hunters.
  • https://www.theregister.com/2026/01/07/european_space_agency_breach_criminal_probe/
• Resecurity showing some love for Scattered Lapsus$ Hunters, with some doxing. Not so much public, but it seems rather a lot for Law Enforcement.
  • https://www.resecurity.com/blog/article/cyber-counterintelligence-cci-when-shiny-objects-trick-shiny-hunters
  • https://databreaches.net/2026/01/06/cyber-counterintelligence-cci-resecurity-releases-data-on-john-erin-binns-irdev/

Getting Techy

• A well written guide to different sandboxing techniques. Looks at various options for segregating less-trusted code, the security provided, and the trade-offs to be made. Interesting, even as just a different look at approaches, such as containers and micro-VMs.
  • https://www.luiscardoso.dev/blog/sandboxes-for-ai / https://archive.is/c6bjp
• VMware ESXi Guest-to-Host - possibly as part of china-aligned data gathering.
  • https://www.huntress.com/blog/esxi-vm-escape-exploit

Geo-Politics

• [CN] More members of the "Prince Group" have been arrested and extradited from Cambodia to China. The Prince Group are heavily involved in the scam compounds.
  • https://therecord.media/alleged-cyber-scam-kingpin-cambodia-arrested-extradited
  • Background on Chen - https://www.bbc.com/news/articles/c70jz8e00g1o
• [TW] China's attacks and intimidation of Taiwan continue, with claims that attacks on critical infrastructure are ramping up.
  • https://www.bleepingcomputer.com/news/security/taiwan-says-chinas-attacks-on-its-energy-sector-increased-tenfold/

AI

• OpenAI losing market share to Gemini, Copilot also going down
  • https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-is-losing-market-share-as-google-gemini-gains-ground/
• Further reports of advertising coming to ChatGPT.
  Given the amount of information shared by users in chats, and the insights OpenAI could draw this could become the new pinnacle of privacy invasion.
  • https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-reportedly-getting-ready-to-test-ads-in-chatgpt/
• Google are implicitly acknowledging the problem of hallucination in its AI Overviews - recruiting to improve AI Answers Quality.
  • https://www.bleepingcomputer.com/news/google/google-search-ai-hallucinations-push-google-to-hire-ai-answers-quality-engineers/
• Dell - Consumers don't care about AI PC's

"One thing you'll notice is the message we delivered around our products was not AI-first," Dell head of product, Kevin Terwilliger says with a smile. "So, a bit of a shift from a year ago where we were all about the AI PC."
It's not that Dell doesn't care about AI or AI PCs anymore, it's just that over the past year or so it's come to realise that the consumer doesn't.

• https://www.pcgamer.com/hardware/dells-ces-2026-chat-was-the-most-pleasingly-un-ai-briefing-ive-had-in-maybe-5-years/
• Wired dig into the content generated by Grok - outside of the X/Twitter ecosystem. It's rather disturbing.
  • (Wired) https://archive.is/V9qT4
  • (Wired) https://archive.is/hyCKg