RadioCSIRT English Version - Your Weekly Cybersecurity News for Sunday, January 18, 2026 (Ep. 68) cover art

RadioCSIRT English Version - Your Weekly Cybersecurity News for Sunday, January 18, 2026 (Ep. 68)

RadioCSIRT English Version - Your Weekly Cybersecurity News for Sunday, January 18, 2026 (Ep. 68)

Listen for free

View show details

About this listen

 We open this weekly recap with a massive Patch Tuesday from Microsoft, which addressed 114 vulnerabilities, including three zero-days; notably, CVE-2026-20805 is actively exploited in the wild. Infrastructure concerns continued as Cisco patched a critical AsyncOS zero-day exploited by Chinese APT actors, and AWS remediated a "CodeBreach" supply chain flaw in its console CI pipelines.In data privacy and regulation, France’s CNIL imposed a combined $48 million fine on Free and Free Mobile for security failures affecting 24 million subscribers. Meanwhile, Spanish energy giant Endesa disclosed a breach exposing the data of 22 million customers, and a massive scraping incident affected 17.5 million Instagram users.On the threat landscape, Check Point Research analyzed "Sicarii," a new ransomware operation likely acting as a false flag with confused ideological messaging. Physical "Quishing" (QR code phishing) campaigns are surging in France, and the infamous BreachForums hacking community suffered a taste of its own medicine with a leak of its user database. Finally, strategic cooperation strengthens as the UK unveils its Government Cyber Action Plan and Germany partners with Israel to build a "Cyber Dome" defense system.OSINT Sources:📊 Reports, Studies & StrategiesKaspersky Security Bulletin 2025 : https://www.kasbersky.com/about/press-releases/2025_kaspersky-financial-sector-faced-ai-blockchain-and-organized-crime-threats-in-2025SecurityScorecard (via KnowBe4) : https://www.knowbe4.com/hubfs/Financial-Sector-Threats-The-Shifting-Landscape.pdfENISA Threat Landscape 2025 : https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025FS-ISAC : https://www.fsisac.com/knowledge/annual-navigating-cyber-2025-reportRESCO Courtage : https://www.resco-courtage.com/dora-reglementation-guide-complet-2025NCSC UK : https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk🛡️ Vulnerabilities, Patch Tuesday & Security AdvisoriesMicrosoft Security Update Guide : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0628CISA (CVE-2025-8110) : https://www.cisa.gov/news-events/alerts/2026/01/12/cisa-adds-one-known-exploited-vulnerability-catalogCISA (CVE-2026-20805) : https://www.cisa.gov/news-events/alerts/2026/01/13/cisa-adds-one-known-exploited-vulnerability-catalogCERT-FR (MISP) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0030/CERT-FR (VMware) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0029/CERT-FR (MariaDB) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0028/CERT-FR (NetApp) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0027/CERT-FR (Google Pixel) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0026/Krebs on Security : https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/Cisco Talos Intelligence : https://blog.talosintelligence.com/microsoft-patch-tuesday-january-2026/CERT Santé : https://cyberveille.esante.gouv.fr/alertes/palo-alto-cve-2026-0227-2026-01-15BleepingComputer (Cisco AsyncOS) : https://www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/CyberPress (AWS Console) : https://cyberpress.org/aws-console-supply-chain-attack-github-hijackingcyber/⚠️ Data Leaks, Incidents & AttacksBleepingComputer (BreachForums) : https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-database-leaked-exposing-324-000-accounts/CyberPress (Instagram) : https://cyberpress.org/instagram-data-leak/Cybersecurity Dive (SitusAMC) : https://www.cybersecuritydive.com/news/hackers-steal-sensitive-data-major-banking-industry-vendor-situsamc/BleepingComputer (Endesa) : https://www.bleepingcomputer.com/news/security/spanish-energy-giant-endesa-discloses-data-breach-affecting-customers/BleepingComputer (Pax8) : https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/The Record (Anchorage Police) : https://therecord.media/anchorage-police-takes-servers-offline-after-third-party-attack🕵️ Threat Intelligence (APT, Ransomware, Phishing)Planet.fr (Quishing Scam) : https://www.planet.fr/societe-arnaque-a-la-fausse-carte-bancaire-par-courrier-le-mecanisme-du-quishing-qui-vise-vos-coordonnees.2992374.29336.htmlCheck Point Research (Sicarii) : https://research.checkpoint.com/2026/sicarii-ransomware-truth-vs-myth/Cisco Talos Intelligence (UAT-8837) : https://blog.talosintelligence.com/uat-8837/Malwarebytes (LinkedIn Phishing) : https://www.malwarebytes.com/blog/news/2026/01/phishing-scammers-are-posting-fake-account-restricted-comments-on-linkedin⚖️ Regulations, Sanctions & International CooperationThe Record (CNIL/Free Fine) : https://therecord.media/france-data-regulator-fineMalwarebytes (Datamasters Fine) : https://www.malwarebytes.com/blog/news/2026/01/data-broker-fined-after-selling-alzheimers-patient-info-and-millions-of-sensitive-profilesThe Record (Germany-Israel Deal) : https://therecord.media/...
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.