Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-16 02:00 PST
- Cisco finally fixes AsyncOS zero-day exploited since November
BleepingComputer • 2026-01-16 01:20 • www.bleepingcomputer.com
Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. […]
https://www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/ - Microsoft: Some Windows PCs fail to shut down after January update
BleepingComputer • 2026-01-16 00:35 • www.bleepingcomputer.com
Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. […]
https://www.bleepingcomputer.com/news/security/microsoft-some-windows-pcs-fail-to-shut-down-after-january-update/ - China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
The Hacker News • 2026-01-15 23:18 • thehackernews.com
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.
Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.
https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html - Weekly Update 486
Troy Hunt • 2026-01-15 22:39 • www.troyhunt.comI’m in Oslo! Flighty is telling me I’ve flown in or out of here 43 times since a visit in 2014 set me on a new path professionally and, many years later, personally. It’s special here, like a second home that just feels…
- Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
The Hacker News • 2026-01-15 21:38 • thehackernews.com
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.
The vulnerability, tracked as CVE-2025-20393 (CVSS
https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
