We open this weekly recap with a massive Patch Tuesday from Microsoft, which addressed 114 vulnerabilities, including three zero-days; notably, CVE-2026-20805 is actively exploited in the wild. Infrastructure concerns continued as Cisco patched a critical AsyncOS zero-day exploited by Chinese APT actors, and AWS remediated a “CodeBreach” supply chain flaw in its console CI pipelines.

In data privacy and regulation, France’s CNIL imposed a combined $48 million fine on Free and Free Mobile for security failures affecting 24 million subscribers. Meanwhile, Spanish energy giant Endesa disclosed a breach exposing the data of 22 million customers, and a massive scraping incident affected 17.5 million Instagram users.

On the threat landscape, Check Point Research analyzed “Sicarii,” a new ransomware operation likely acting as a false flag with confused ideological messaging. Physical “Quishing” (QR code phishing) campaigns are surging in France, and the infamous BreachForums hacking community suffered a taste of its own medicine with a leak of its user database. Finally, strategic cooperation strengthens as the UK unveils its Government Cyber Action Plan and Germany partners with Israel to build a “Cyber Dome” defense system.

OSINT Sources:

📊 Reports, Studies & Strategies

• Kaspersky Security Bulletin 2025 : https://www.kasbersky.com/about/press-releases/2025_kaspersky-financial-sector-faced-ai-blockchain-and-organized-crime-threats-in-2025
• SecurityScorecard (via KnowBe4) : https://www.knowbe4.com/hubfs/Financial-Sector-Threats-The-Shifting-Landscape.pdf
• ENISA Threat Landscape 2025 : https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
• FS-ISAC : https://www.fsisac.com/knowledge/annual-navigating-cyber-2025-report
• RESCO Courtage : https://www.resco-courtage.com/dora-reglementation-guide-complet-2025
• NCSC UK : https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk

🛡️ Vulnerabilities, Patch Tuesday & Security Advisories

• Microsoft Security Update Guide : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0628
• CISA (CVE-2025-8110) : https://www.cisa.gov/news-events/alerts/2026/01/12/cisa-adds-one-known-exploited-vulnerability-catalog
• CISA (CVE-2026-20805) : https://www.cisa.gov/news-events/alerts/2026/01/13/cisa-adds-one-known-exploited-vulnerability-catalog
• CERT-FR (MISP) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0030/
• CERT-FR (VMware) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0029/
• CERT-FR (MariaDB) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0028/
• CERT-FR (NetApp) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0027/
• CERT-FR (Google Pixel) : https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0026/
• Krebs on Security : https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
• Cisco Talos Intelligence : https://blog.talosintelligence.com/microsoft-patch-tuesday-january-2026/
• CERT Santé : https://cyberveille.esante.gouv.fr/alertes/palo-alto-cve-2026-0227-2026-01-15
• BleepingComputer (Cisco AsyncOS) : https://www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/
• CyberPress (AWS Console) : https://cyberpress.org/aws-console-supply-chain-attack-github-hijackingcyber/

⚠️ Data Leaks, Incidents & Attacks

• BleepingComputer (BreachForums) : https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-database-leaked-exposing-324-000-accounts/
• CyberPress (Instagram) : https://cyberpress.org/instagram-data-leak/
• Cybersecurity Dive (SitusAMC) : https://www.cybersecuritydive.com/news/hackers-steal-sensitive-data-major-banking-industry-vendor-situsamc/
• BleepingComputer (Endesa) : https://www.bleepingcomputer.com/news/security/spanish-energy-giant-endesa-discloses-data-breach-affecting-customers/
• BleepingComputer (Pax8) : https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
• The Record (Anchorage Police) : https://therecord.media/anchorage-police-takes-servers-offline-after-third-party-attack

🕵️ Threat Intelligence (APT, Ransomware, Phishing)

• Planet.fr (Quishing Scam) : https://www.planet.fr/societe-arnaque-a-la-fausse-carte-bancaire-par-courrier-le-mecanisme-du-quishing-qui-vise-vos-coordonnees.2992374.29336.html
• Check Point Research (Sicarii) : https://research.checkpoint.com/2026/sicarii-ransomware-truth-vs-myth/
• Cisco Talos Intelligence (UAT-8837) : https://blog.talosintelligence.com/uat-8837/
• Malwarebytes (LinkedIn Phishing) : https://www.malwarebytes.com/blog/news/2026/01/phishing-scammers-are-posting-fake-account-restricted-comments-on-linkedin

⚖️ Regulations, Sanctions & International Cooperation

• The Record (CNIL/Free Fine) : https://therecord.media/france-data-regulator-fine
• Malwarebytes (Datamasters Fine) : https://www.malwarebytes.com/blog/news/2026/01/data-broker-fined-after-selling-alzheimers-patient-info-and-millions-of-sensitive-profiles
• The Record (Germany-Israel Deal) : https://therecord.media/germany-cyber-dome-israel

🏛️ Institutional: AMSN / Monaco Special

• AMSN : https://amsn.gouv.mc/decouvrir-l-amsn/presentation
• CERT-MC : https://amsn.gouv.mc/cert-mc
• Prince’s Government (Directory) : https://www.gouv.mc/Gouvernement-et-Institutions/Le-Gouvernement/Ministere-d-Etat/Agence-Monegasque-de-Securite-Numerique
• Légimonaco : https://legimonaco.mc/tnc/ordonnance/2015/12-23-5.664/
• ANSSI / cyber.gouv.fr : https://cyber.gouv.fr/actualites/signature-dun-nouveau-programme-de-cooperation-entre-lagence-monegasque-de-securite
• Prince’s Government (FIRST Conference) : https://www.gouv.mc/Action-Gouvernementale/La-Securite/Actualites/L-Agence-Monegasque-de-Securite-Numerique-participe-a-la-36eme-conference-annuelle-du-Forum-of-Incident-Response-and-Security-Teams

Don’t think, just patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/