👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Fortinet Fixes FortiSIEM RCE Flaw

Fortinet has issued critical security updates to address a severe operating system injection vulnerability in FortiSIEM that allows unauthenticated attackers to execute remote code. This flaw, identified as CVE-2025-64155, impacts specific versions of the platform and can lead to a total system takeover if not patched immediately.

2. Web Skimming Campaign Steals Credit Cards

Cybersecurity researchers recently uncovered a long-running web skimming operation that has targeted major global payment networks since early 2022. The campaign utilizes malicious JavaScript injected into e-commerce portals to stealthily harvest credit card data and personal information from unsuspecting customers during the checkout process.

3. ServiceNow Patches AI Impersonation Flaw

ServiceNow has addressed a critical security vulnerability, known as BodySnatcher, which allowed unauthenticated attackers to impersonate any user on its AI platform. By exploiting a flaw in account-linking logic, hackers could bypass security protocols like multi-factor authentication to execute unauthorized actions with administrative privileges.

For more alerts click here!

Subscribe

💥 Cyber Incidents

4. Pax8 Exposes Data Of 1800 MSP Partners

Pax8, a major cloud marketplace provider, recently confirmed that it accidentally emailed a spreadsheet containing sensitive internal business and Microsoft licensing data to a small group of UK partners. The leaked file included information belonging to roughly 1,800 partners, such as customer names and specific license counts, though the company stated the error only reached fewer than 40 recipients.

5. Target Dev Server Offline After Hack

Target staff have validated the legitimacy of leaked source code samples following the appearance of stolen data repositories on a public platform. This confirmation comes alongside internal notices detailing immediate changes to the company’s system access protocols in response to the security incident.

6. Bad Actor Hijacks Apex Legends Matches

Recent disruptions in Apex Legends saw players lose control of their characters and face server disconnections as external actors hijacked live matches. Respawn has since addressed the situation, stating that while player inputs were remotely manipulated, their investigation found no evidence of a deep system compromise or malware infection.

For more incidents click here!

Get Help

📢 Cyber News

7. Windows Updates Replace Secure Boot Certs

Microsoft has begun the automatic replacement of expiring Secure Boot certificates on compatible Windows 11 24H2 and 25H2 devices. This proactive measure ensures that systems remain protected against rootkits and unauthorized bootloaders before the current security credentials begin to expire in mid-2026.

8. Cyber Fraud Overtakes Ransomware Risks

The World Economic Forum’s 2026 Global Cybersecurity Outlook report reveals that CEOs now prioritize cyber-enabled fraud over ransomware as their primary digital concern. This shift reflects a growing focus on financial loss prevention and internal data exposure risks rather than purely operational disruptions.

9. McConaughey Trademarks Name To Fight AI

Matthew McConaughey is pursuing a unique legal strategy to protect his identity from unauthorized artificial intelligence replicas by filing for personal trademarks. His legal team has successfully secured eight trademarks covering his facial expressions and voice to prevent AI platforms from generating unpermitted simulations of the actor.

For more news click here!

Register Here

📈Cyber Stocks

On Wednesday, 14th January, cybersecurity stocks traded mixed as broader market caution and profit-taking tempered sector performance. Continued enterprise demand for cloud, identity and perimeter security provided underlying support, but rotation out of growth names and macro uncertainty kept broad gains in check. Platform consolidation and acquisition activity also remained a key narrative for investors evaluating long-term sector leadership.

• Okta closed at 94.88 dollars and moved higher, supported by ongoing enterprise focus on identity and access management amid persistent identity-centric threat growth.

• Zscaler closed at 213.72 dollars and dipped modestly, with broader selling pressure tempering recent gains even as enterprise adoption of cloud-delivered security and zero-trust architectures remained robust.

• Fortinet closed at 78.03 dollars and eased, as broader tech volatility and rotation influenced performance despite steady interest in zero-trust and network-security solutions.

• Check Point Software Technologies closed at 183.71 dollars and moved lower, reflecting profit-taking and mixed sentiment in defensive names even though demand for perimeter and firewall defenses persisted.

• SentinelOne closed at 14.50 dollars and declined, with broader market pressure weighing on high-growth endpoint detection and response names.

💡 Cyber Tip

📧 Web Skimming Campaign Steals Credit Cards

A long-running Magecart-style attack is stealing credit card and personal data by injecting malicious JavaScript into online checkout pages.

🔐 What You Should Do

• Regularly scan e-commerce sites for unauthorized JavaScript changes

• Implement content security policies (CSP) and file integrity monitoring

• Keep CMS, plugins, and payment integrations fully patched and updated

• Monitor outbound connections from checkout pages for suspicious activity

⚠️ Why This Matters
Client-side skimming silently steals payment data in real time, exposing customers to fraud while damaging merchant trust and compliance.

Visit BookClub

📚 Cyber Book

Human Hacking by Christopher Hadnagy and Seth Schulman

Get Book

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium