9 Jan 2026
Week in review
Greetings,
Cyber security researchers have uncovered two malicious browser extensions in the Chrome Web Store, with a combined installation base of more than 900,000 users. These extensions were quietly harvesting sensitive data, including chat logs from popular AI services such as ChatGPT and DeepSeek, along with users’ browsing activity.
These extensions, such as Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI, and Claude, posed as helpful AI tools, but they were engaging in what experts are calling “Prompt Poaching.” This tactic stealthily collects and exfiltrates user conversations and tab URLs to attacker-controlled servers every 30 minutes, after users granted what seemed like innocuous permissions.
Once installed, the malicious add-ons scraped conversation content by scanning page elements and stored that data for later transmission to remote command-and-control domains. Researchers noted that the extensions even impersonated a legitimate extension from AITOPIA to appear trustworthy, and that their underlying infrastructure used third-party platforms to host deceptive privacy policies and disguise their real intent. The exposure of internal corporate URLs and browsing activity significantly increases the risk of this data being weaponised for identity theft, corporate espionage, and targeted phishing.
Users who have installed these add-ons are urged to review and remove suspicious extensions and exercise caution before installing any browser tools or add-ons.
Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Date: 2026-01-07
Author: The Hacker News
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances.
The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been acknowledged for discovering and reporting the flaw on November 9, 2025.
Veeam issues patch to close critical remote code execution flaw
Date: 2026-01-07
Author: Cyber Scoop
Veeam has released an update to fix a security flaw in its Backup & Replication software that could let certain users run code on affected systems.
The main issue, tracked as CVE-2025-59470, affects all Veeam Backup & Replication version 13 builds, according to a security advisory released Tuesday. Veeam said older product lines, including 12.x and earlier, are not affected by the vulnerabilities listed.
CISA orders feds to patch MongoBleed flaw exploited in attacks
Date: 2025-12-30
Author: Bleeping Computer
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to secure their systems against a high-severity MongoDB flaw that is actively being exploited in attacks.
Dubbed MongoBleed and tracked as CVE-2025-14847, this vulnerability was patched on December 19, 2025, and it stems from how MongoDB Server processes network packets using the zlib library for data compression.
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Date: 2026-01-02
Author: Bleeping Computer
Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability.
Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn't immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts targeting their devices.
The biggest cybersecurity and cyberattack stories of 2025
Date: 2026-01-01
Author: Bleeping Computer
2025 was a big year for cybersecurity, with major cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day vulnerabilities exploited in incidents.
Some stories, though, were more impactful or popular with our readers than others.
Below are fifteen of what BleepingComputer believes are the most impactful cybersecurity topics of 2025, with a summary of each. These stories are in no particular order.
ESB-2026.0001 – webkit2gtk3: CVSS (Max): 8.8
Red Hat has released an important webkit2gtk3 security update addressing multiple high-severity WebKitGTK vulnerabilities that are being actively exploited in the wild.
ESB-2026.0136 – Net-SNMP: CVSS (Max): 9.8
Ubuntu fixed a Net-SNMP vulnerability that could allow specially crafted input to crash the service, leading to a denial-of-service condition across multiple Ubuntu releases.
ESB-2026.0141 – GitLab Community and Enterprise Edition: CVSS (Max): 8.7*
GitLab released patch versions 18.7.1, 18.6.3 and 18.5.5 containing important security and bug fixes for both Community and Enterprise Editions.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
