Incident: Microsoft Windows users impacted by CVE-2026-20805 causing memory information disclosure
Date of Incident (ET): Unknown
Date of Disclosure (ET): Jan. 13, 2026
Summary: Microsoft addressed a zero-day vulnerability in Desktop Window Manager actively exploited to leak sensitive memory addresses. CISA added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by Feb. 3.
Source: www.theregister.com/2026/01/1…
Incident: Nissan Motor Corporation impacted by Everest ransomware causing data extortion threat
Date of Incident (ET): Jan. 10, 2026
Date of Disclosure (ET): Jan. 13, 2026
Summary: The Everest ransomware group listed Nissan on its leak site, claiming the theft of 900 gigabytes of data. The group has threatened to release dealership orders, sales records, and internal business communications if demands are unmet.
Source: www.scworld.com/brief/eve…
Incident: Polish power system impacted by Russian-linked actor causing attempted disruption
Date of Incident (ET): December 2025
Date of Disclosure (ET): Jan. 13, 2026
Summary: Poland’s energy minister confirmed the country repelled a massive cyberattack targeting communications between renewable installations and distribution operators. Officials attributed the failed attempt to disrupt critical infrastructure to Russian military intelligence actors.
Source: www.straitstimes.com/world/eur…
Incident: Gogs repository service impacted by CVE-2025-8110 causing remote code execution
Date of Incident (ET): Unknown
Date of Disclosure (ET): Jan. 13, 2026
Summary: CISA warned of active exploitation of a high-severity path traversal flaw in the Gogs Git service. The vulnerability allows attackers to overwrite sensitive files and achieve code execution; approximately 700 instances have been compromised.
Source: thehackernews.com/2026/01/c…
Incident: Betterment customers impacted by social engineering causing unauthorized PII access
Date of Incident (ET): Jan. 9, 2026
Date of Disclosure (ET): Jan. 12, 2026
Summary: Fintech firm Betterment confirmed a breach of third-party marketing systems via social engineering. Attackers accessed customer names and contact details to distribute fraudulent cryptocurrency scam notifications to users, though core accounts remained secure.
Source: techcrunch.com/2026/01/1…
