Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Cyber Security Weekly Briefing, 17-23 January
Cisco patches actively exploited 0-day RCE in Unified Communications
Cisco has issued a critical security advisory for a 0-day remote code execution vulnerability in Unified Communications Manager and Webex Calling products. Identified as CVE-2026-20045 (CVSSv3 8.2 according to the vendor), it is an insufficient HTTP input validation issue.
An unauthenticated remote attacker can send specially crafted requests to the web management interface to gain access to the operating system and elevate privileges to root. There are no workarounds or effective mitigations without the update. Cisco has observed attempts to exploit the flaw, and CVE-2026-20045 has been included in the CISA catalogue of Known Exploited Vulnerabilities.
It is recommended that patches be applied immediately to prevent potential compromise of unified communications systems and privilege escalation.
VoidLink: first advanced malware generated by AI
Check Point Research has published research claiming that VoidLink, a malware framework for Linux, was predominantly generated by Artificial Intelligence, representing, according to the researchers, the first documented evidence of advanced malware created almost entirely by AI under the direction of a single developer. Analysis of development artefacts exposed by operational security (OPSEC) errors reveals that the project was generated and executed in less than a week.
The creation methodology adopted is described as Spec Driven Development (SDD), where an AI model generates plans, specifications and timelines that are reused as blueprints to implement and validate the complete malware. VoidLink uses a modular architecture that allows it to dynamically adapt to the target operating system. Its design prioritises stealthy persistence by manipulating shared objects and intercepting system calls.
The framework includes lateral self-propagation capabilities within virtual networks and simulates legitimate cloud service traffic to go undetected by host detection and response tools.
The European Commission has revised the Cybersecurity Act to eliminate high-risk vendors from critical infrastructure
The updated and expanded Cybersecurity Act aims to strengthen the digital resilience and security of information and communications technology supply chains. The project introduces mandatory mechanisms to phase out high-risk suppliers (although no specific vendors are mentioned) in critical infrastructures, such as telecommunications networks, energy systems and medical services. These mechanisms are based on risk assessments coordinated by the Commission and the Member States.
The proposed text will make previously voluntary rules binding (e.g. the EU 5G Security Toolbox). On the other hand, the EU is promoting GCVE (Global Cybersecurity Vulnerability Enumeration), a vulnerability database initiative designed as an alternative to the US CVE programme, so as to avoid dependence on it and the possibility of its discontinuation, a situation recently raised by the Trump administration.
Five malicious Chrome extensions attack Workday, NetSuite, and SuccessFactors
Socket researchers have identified five malicious Chrome extensions that together accumulate more than 2300 installs and are aimed at enterprise HR platforms such as Workday, NetSuite and SuccessFactors, in order to compromise authenticated sessions.
The extensions execute three main attack vectors: exfiltration of session cookies to attacker-controlled servers, manipulation of the DOM to block administration and incident response pages, and bi-directional injection of stolen cookies to allow direct session hijacking without additional credentials.
Campaign components share identical infrastructure and code patterns, indicating a coordinated operation. It’s recommended the use of strict extension management policies and session auditing in enterprise environments.
New evidence that a cyberattack was used to support Nicolás Maduro's capture
Reports from U.S. officials cited by The New York Times and collected by SecurityWeek indicate that in the operation to capture Nicolás Maduro, known as Operation Absolute Resolve.
Cyberattacks were used to disrupt Caracas' power grid and disable air defense radars to support the capture of the then-president of Venezuela, managing to shut down and restore electricity in minutes in key areas, although some areas of Caracas were without electricity for up to 36 hours.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
