Daily Brief

Radware researchers identified ongoing vulnerabilities in OpenAI's ChatGPT, allowing exfiltration of personal data through indirect prompt injection attacks. Initial flaw, ShadowLeak, exploited AI's inability to differentiate between system instructions and malicious content, affecting services like Gmail and Google Drive. OpenAI's initial fix restricted ChatGPT's URL modification capabilities, but attackers bypassed this with a new method, ZombieAgent, using static URLs. ZombieAgent attack persists by exploiting ChatGPT's memory feature, allowing data exfiltration one character at a time, complicating defense efforts. OpenAI's attempts to block connectors and memory usage in the same session were circumvented, highlighting persistent structural weaknesses in AI platforms. Radware's findings stress the critical need for enterprises to gain visibility into AI agent actions and content interpretation to mitigate security risks. The vulnerabilities pose significant risks, including potential data leaks and incorrect decision-making, impacting sensitive systems and enterprise operations.

Cisco has issued updates to fix a medium-severity vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) following a public proof-of-concept exploit release. The vulnerability, identified as CVE-2026-20029 with a CVSS score of 4.9, affects the licensing feature and could expose sensitive information to authenticated, remote attackers with administrative privileges. The flaw arises from improper XML parsing in the web-based management interface, potentially allowing attackers to upload malicious files and access restricted operating system files. Cisco has acknowledged the discovery by Bobby Gould of Trend Micro Zero Day Initiative and confirmed no current exploitation in the wild, despite the availability of exploit code. In addition to this, Cisco addressed two other medium-severity bugs related to Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests, which could impact Snort 3 Detection Engine's availability. Users are advised to immediately update to the latest software versions to mitigate risks, as Cisco products are often targeted by cybercriminals. These updates underscore the ongoing need for vigilance and timely patch management to protect organizational assets from potential threats.

Cybersecurity researchers discovered three npm packages distributing NodeCordRAT malware, targeting cryptocurrency users with data-stealing capabilities. The packages were removed by November 2025. The malicious packages, named bitcoin-main-lib and bitcoin-lib-js, executed a postinstall script to install the NodeCordRAT payload through a package called bip40. NodeCordRAT is a remote access trojan that steals Google Chrome credentials, API tokens, and cryptocurrency wallet seed phrases, posing a significant threat to digital asset security. The malware exploits npm for propagation and utilizes Discord servers for command-and-control communications, creating a covert channel for data exfiltration. The threat actor mimicked legitimate bitcoinjs project repositories, misleading users into downloading the malicious packages. NodeCordRAT operates across Windows, Linux, and macOS, generating unique identifiers for infected hosts and using Discord's API to send stolen data to a private channel. The incident underscores the importance of rigorous scrutiny of third-party packages and highlights the evolving tactics of cybercriminals in targeting cryptocurrency environments.

Cybersecurity experts identified 11 critical vulnerabilities in Coolify, an open-source platform, posing risks of authentication bypass and remote code execution on self-hosted instances. Approximately 52,890 Coolify hosts are exposed globally, with significant concentrations in Germany, the U.S., and France, heightening the potential impact. The identified flaws could allow attackers to gain full control over affected servers, emphasizing the urgent need for remediation. No current evidence suggests active exploitation of these vulnerabilities, but the severity necessitates prompt action from users. Users are strongly advised to apply available patches immediately to mitigate potential security threats and protect their systems. The disclosure serves as a reminder of the importance of regular security audits and timely patch management for open-source platforms.

Logitech users faced disruptions when an expired developer certificate caused malfunctioning of their macOS mouse applications, impacting various settings and custom configurations. Affected applications included G HUB and Logi Options+, essential for managing Logitech accessories like mice, keyboards, and webcams. Users experienced issues such as altered scroll directions and non-functional mapped buttons, leading to widespread frustration on social media. Logitech acknowledged the oversight, apologizing for the inconvenience and committed to improving communication and internal processes. A manual patch was released to resolve the issue, requiring users to download and install updates to restore functionality. The expired certificate affected inter-process communications, preventing software from starting successfully, unrelated to internet connectivity. Logitech faced criticism for delayed communication and inadequate customer service response, pledging to enhance their incident response protocols.

Cisco has addressed a critical vulnerability in its Identity Services Engine (ISE), identified as CVE-2026-20029, which could be exploited by attackers with administrative privileges. The flaw arises from improper XML parsing in the web-based management interface, allowing attackers to upload malicious files and access sensitive system data. Though no active exploitation has been reported, a proof-of-concept exploit is publicly available, increasing the risk for unpatched systems. Cisco advises immediate software upgrades to mitigate the vulnerability, as temporary workarounds are not deemed sufficient for long-term protection. Additional vulnerabilities in Cisco's IOS XE were also patched, addressing potential denial-of-service attacks and unauthorized data access. Past incidents include a zero-day exploit in Cisco ISE (CVE-2025-20337) used to deploy malware, highlighting the ongoing threat landscape for Cisco products. Customers are urged to follow Cisco's guidance on securing systems, including restricting access and employing firewalls, until all patches are applied.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical vulnerability in HPE OneView as actively exploited, urging immediate action to mitigate risks. Tracked as CVE-2025-37164, this flaw affects all OneView versions prior to v11.00, allowing unauthenticated attackers to execute remote code via low-complexity code-injection. HPE issued security patches in mid-December, advising customers to upgrade to OneView v11.00 or later, as no workarounds or mitigations exist for this vulnerability. CISA added the flaw to its catalog of actively exploited vulnerabilities, mandating Federal Civilian Executive Branch agencies to secure systems by January 28th under BOD 22-01. While BOD 22-01 targets federal agencies, CISA recommends all organizations, including private sector entities, to patch their systems promptly to prevent exploitation. HPE's previous warnings include hardcoded credentials in Aruba Access Points and multiple vulnerabilities in its StoreOnce solution, emphasizing the need for rigorous security practices. HPE, with revenues of $30.1 billion and over 61,000 employees, serves over 55,000 organizations globally, including 90% of Fortune 500 companies, highlighting the widespread impact of such vulnerabilities.

OpenAI has launched ChatGPT Health, a secure platform for health-related conversations, integrating with medical records and wellness apps for personalized user interactions. The service is available to ChatGPT users outside the European Economic Area, Switzerland, and the U.K., offering tailored health insights and advice. ChatGPT Health incorporates advanced privacy and security measures, including purpose-built encryption and data isolation, to protect user health information. OpenAI emphasizes that ChatGPT Health is designed to support medical care, not replace professional diagnosis or treatment. The AI model behind ChatGPT Health has been evaluated against clinical standards using HealthBench to ensure safety and clarity in its health-related tasks. This launch comes amidst scrutiny of AI tools in healthcare, with previous reports of misinformation and legal challenges related to AI-driven health advice. OpenAI's initiative aims to enhance user experience by providing accessible explanations of lab results, preparing questions for medical appointments, and summarizing care instructions.

Cloudflare addressed claims of a cyberattack on Venezuela's telecoms, suggesting a BGP leak rather than a coordinated cyber-strike by the USA. The theory arose after unusual routing patterns were observed on January 2nd, involving Venezuela's state-owned telco, CANTV, and international carriers. Cloudflare's analysis indicated a BGP leak, a common routing issue, as the likely cause, dismissing it as a viable method for a man-in-the-middle attack. The incident coincided with U.S. military actions in Venezuela, but Cloudflare found no evidence linking the routing anomalies to these operations. BGP leaks are frequent in South America, with AS8048 experiencing several in recent months, suggesting non-malicious causes for the traffic irregularities. Cloudflare recommends adopting RFC 9234 standards to reduce the prevalence of such leaks, which often result from suboptimal export policies. The exact nature of the U.S. actions in Venezuela remains undisclosed, with BGP issues cited as a recurring problem in the region.

CISA has added vulnerabilities in Microsoft Office and HPE OneView to its Known Exploited Vulnerabilities catalog, indicating active exploitation risks. The HPE OneView flaw, CVE-2025-37164, affects all software versions before 11.00, with hotfixes available for versions 5.20 through 10. eSentire reported a proof-of-concept exploit for CVE-2025-37164, raising the threat level for organizations using older software versions. The exact scope and origin of attacks exploiting these vulnerabilities remain unclear, with no public exploitation reports currently available. Federal Civilian Executive Branch agencies are urged to implement updates by January 28, 2026, as per Binding Operational Directive 22-01. Organizations are advised to prioritize patching to mitigate potential exploitation risks and secure their networks against these active threats.

A new GoBruteforcer botnet wave is attacking databases of cryptocurrency and blockchain projects, exploiting exposed servers configured with AI-generated examples. This Golang-based malware targets FTP, MySQL, PostgreSQL, and phpMyAdmin services, leveraging compromised Linux servers for brute-force login attacks. Check Point researchers identify over 50,000 internet-facing servers potentially vulnerable to these attacks, often due to weak default passwords on XAMPP configurations. Attackers gain access through standard accounts with weak passwords, uploading web shells to webroot directories via misconfigured services. The malware initiates activity with a delay, launching up to 95 brute-forcing threads, avoiding private networks, AWS, and U.S. government ranges. Recent campaigns are driven by AI-generated server configurations, leading to predictable default usernames, and outdated server stacks like XAMPP with open FTP services. Compromised hosts have been infected with TRON wallet-scanning tools, targeting approximately 23,000 TRON addresses to drain wallets with non-zero balances. Administrators are advised to avoid AI-generated deployment guides, use strong, unique passwords, and replace outdated software stacks to mitigate risks.

Security researchers have discovered vulnerabilities in IBM's AI agent Bob, allowing prompt injection attacks that could lead to malware execution during its closed beta testing phase. Bob, designed as a software development partner, is available as a command line interface and an integrated development environment, both susceptible to security flaws. The vulnerabilities enable attackers to bypass Bob's defenses, potentially executing harmful scripts and compromising systems through manipulated commands. PromptArmor researchers demonstrated how Bob can be tricked into running malicious code by exploiting the agent's approval process for command execution. IBM's current security measures, such as disallowing command substitution, are insufficient to prevent process substitution and command chaining vulnerabilities. The vulnerabilities pose significant risks to developer workflows that handle untrusted data, potentially leading to ransomware attacks or data theft. PromptArmor's findings highlight the need for human oversight in AI agent operations to mitigate risks associated with automated command approvals. IBM has been notified of these vulnerabilities, though the company has yet to publicly respond with remediation plans or updates.

A critical vulnerability in the jsPDF library, CVE-2025-68428, allows attackers to access sensitive local files through generated PDF documents. The flaw, affecting versions before 4.0, involves local file inclusion and path traversal, with a severity score of 9.2. jsPDF, widely used with over 3.5 million weekly npm downloads, is primarily impacted in its Node.js builds. Exploitation risk is reduced when file paths are hardcoded or come from trusted sources, as noted by Endor Labs. The issue was addressed in jsPDF version 4.0.0 by restricting filesystem access and utilizing Node.js permission mode. Developers are advised to sanitize user inputs and consider updating to Node.js versions 22.13.0 or later for enhanced security. Broad deployment of jsPDF increases the likelihood of active exploitation, necessitating prompt updates and security measures.

The European Space Agency (ESA) experienced a significant data breach, with cybercriminals stealing 500 GB of sensitive data, including operational procedures and proprietary contractor information. Initial access to ESA's servers was gained by exploiting a public CVE, allowing ongoing access to live systems, posing a continued security risk. Stolen data involves critical details from ESA partners such as SpaceX, Airbus Group, and Thales Alenia Space, affecting mission and spacecraft documentation. ESA has initiated a criminal investigation by informing judicial authorities, though specific questions regarding the breach remain unanswered. This breach follows a December incident where 200 GB of ESA data was listed for sale on BreachForums, highlighting ongoing security challenges. Past incidents, including a 2024 online store attack and previous domain compromises, indicate a pattern of security vulnerabilities within ESA. The breach underscores the need for ESA to strengthen its cybersecurity measures to protect sensitive space program data and contractor information.

A critical vulnerability, CVE-2026-21858, named "Ni8mare," affects n8n workflow automation platform, allowing remote attackers to gain control of servers without authentication. The flaw, rated 10 out of 10 in severity, affects over 100,000 n8n servers, posing significant risks to organizations utilizing this popular open-source tool. Ni8mare arises from content-type confusion in data parsing, enabling attackers to manipulate file paths and access sensitive server files. Potential exploits include exposure of sensitive data, session cookie forgery, and execution of arbitrary commands, compromising the integrity of automated workflows. n8n developers recommend updating to version 1.121.0 or later, as no official workaround exists, to mitigate risks associated with this vulnerability. Organizations are advised to restrict or disable publicly accessible webhook and form endpoints to reduce exposure to potential attacks. The vulnerability underscores the critical need for regular updates and security assessments for open-source tools integrated into business operations.