👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Critical TP Link VIGI Camera Takeover

TP-Link has addressed a critical security vulnerability affecting more than 32 models of its VIGI C and VIGI InSight professional surveillance cameras. The flaw allowed attackers on a local network to bypass authentication by exploiting a weakness in the password recovery process, potentially giving them full administrative control over the devices.

2. ACF Plugin Bug Grants Admin Access

A critical vulnerability in the Advanced Custom Fields: Extended WordPress plugin allows unauthenticated attackers to remotely gain administrative access to affected websites. The flaw exists in versions 0.9.2.1 and earlier and can lead to total site takeover if certain form configurations are present.

3. Arctic Wolf Sees FortiGate Attack Surge

Arctic Wolf has identified a new surge of automated attacks targeting Fortinet FortiGate devices to modify firewall configurations without authorization. These intrusions involve the creation of persistent accounts and the theft of device settings, likely building upon exploits of critical authentication bypass flaws first observed in late 2025.

For more alerts click here!

RSVP Here

💥 Cyber Incidents

4. Zendesk Ticket Systems Hijacked Globally

A massive spam wave is currently exploiting unsecured Zendesk support systems to flood global inboxes with hundreds of automated ticket confirmations. Although these emails often feature alarming or bizarre subject lines, they appear to be a high-volume trolling campaign rather than a direct phishing threat.

5. Minnesota DHS Data Breach Hits 300K

The Minnesota Department of Human Services recently notified nearly 304,000 residents that their demographic and personal data were compromised due to unauthorized system access by an affiliated user. While the breach involved sensitive information such as Medicaid IDs and partial Social Security numbers for over 1,200 individuals, state officials report no current evidence of data misuse.

6. Key Apple Nvidia Tesla Supplier Breached

Apple supplier Luxshare has reportedly fallen victim to a ransomware attack by a group called RansomHub, which claims to have stolen sensitive product designs and employee data. The attackers are threatening to leak 3D models and internal timelines unless the company pays a ransom to prevent the public disclosure of these confidential files.

For more incidents click here!

Get Help

📢 Cyber News

7. Tesla Hacked At Pwn2Own Automotive 2026

Security researchers successfully breached the Tesla Infotainment System and secured $516,500 in prizes after exploiting 37 zero-day vulnerabilities during the opening of the Pwn2Own Automotive 2026 competition. Various hacking teams demonstrated multiple exploits against vehicle charging stations and navigation systems, leading to significant cash awards and a 90-day window for vendors to patch the discovered flaws.

8. Greek Police Arrest Fake Cell Tower Gang

Greek authorities recently dismantled a sophisticated mobile scam operation that utilized a deceptive cellular transmitter concealed within a vehicle to target residents in Athens. The criminal group specialized in sending mass phishing messages by tricking nearby mobile devices into connecting to their illicit equipment.

9. Snapchat Expands Parental Contact Insights

Snapchat is expanding its Family Center features to provide parents with specific context about their children’s new connections, such as mutual friends or shared school communities. These updates also include a detailed breakdown of how much time teenagers spend across various sections of the app like messaging, the map, and video features.

For more news click here!

Register Here

📈Cyber Stocks

Thursday trading on 22nd January saw cybersecurity equities hold mostly steady after a bout of short-term volatility in the broader tech sector. Investor focus continues to balance strong enterprise demand for security solutions with rotation pressures affecting growth names. Cloud-centric and identity security stocks showed resilience while more cyclical or legacy-oriented names experienced modest softness.

• Okta closed at roughly 88.94 dollars and moved up, with identity and access management stocks showing relative strength in a mixed session.

• Zscaler closed near 208.66 dollars and was modestly higher, reflecting ongoing demand for zero-trust cloud security offerings despite broader market sluggishness.

• Fortinet finished around 75.75 dollars and held near flat, with network security hardware and services maintaining steady demand.

• Check Point Software Technologies closed near 174.36 dollars and was lower, with legacy firewall and threat prevention names lagging modestly relative to cloud-centric peers.

• SentinelOne closed at approximately 13.80 dollars and ticked up, as smaller AI-driven endpoint security stocks showed selective buying interest.

  

💡 Cyber Tip

🧩 ACF Plugin Bug Grants Admin Access

A critical flaw in the Advanced Custom Fields: Extended WordPress plugin allows unauthenticated attackers to gain full administrator access on vulnerable sites. The issue affects older versions and can be exploited when user-facing forms allow role assignment without proper server-side validation, leading to complete site takeover.

🔐 What You Should Do

• Update the plugin immediately to the latest patched version

• Audit all user registration and profile update forms

• Remove any public facing role selection fields

• Monitor logs for unusual account creation or role changes

• Keep all WordPress plugins and themes up to date

⚠️ Why This Matters
Admin access means total control. Even a single vulnerable form can let attackers take over a website, inject malware, steal data, or lock out legitimate owners. Prompt patching and form reviews are essential defenses.

Visit BookClub

📚 Cyber Book

Cybersecurity Education for Awareness and Compliance by Ismini Vasileiou , Steven Furnell

Get Book

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium