Daily Security Briefing #129
- DjediTech
- Security , Newsletter
- January 9, 2026
Table of Contents
January 9, 2026 | Read Online
IoT security risks at CES 2026, VMware ESXi zero-day exploited by China-linked hackers, and new Microsoft Teams admin role unveiled…
Executive Summary
Today’s cybersecurity landscape is marked by increased activity from nation-state actors and evolving threats targeting enterprise infrastructure. Chinese-linked hackers exploited VMware ESXi zero-day vulnerabilities to attempt virtual machine escapes, highlighting ongoing risks to critical cloud environments. The expanding IoT ecosystem, showcased at CES 2026, presents new and complex security challenges as connected devices deeply integrate into daily life. Meanwhile, Microsoft enhances Teams security with a specialized external collaboration administrator role to better manage delegated permissions. Additional concerns include credential theft campaigns, increased ransomware incidents, and persistent state-sponsored phishing operations.
Top Articles
Beyond the Device: Exploring the New Security Risks of Interconnected IoT at CES 2026
At CES 2026, the rapid growth of IoT technologies across consumer and enterprise sectors was highlighted, showcasing how deeply embedded smart devices have become in infrastructure. This expanding interconnected environment introduces new security challenges that organizations must address as risks extend beyond individual devices to entire ecosystems.
Rapid7
China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines
Chinese-speaking threat actors exploited compromised SonicWall VPN appliances to launch VMware ESXi zero-day exploits, aiming to escape virtual machines and potentially deploy ransomware. Security researchers detected and halted these activities in December 2025, emphasizing the persistent threat landscape targeting virtualization layers in cloud and enterprise environments.
TheHackerNews
Microsoft Introduces Teams External Collaboration Administrator Role
Microsoft is rolling out a new Teams-specific administrative role designed to delegate management of external collaboration without granting full admin permissions. The Teams External Collaboration Administrator role will begin deployment in late January 2026, offering organizations finer control over external access while maintaining security and compliance.
GBHackers
OWASP CRS Vulnerability Enables Charset Validation Bypass
A newly identified vulnerability in the OWASP Core Rule Set (CVE-2026-21876) allows attackers to bypass charset validation in web application firewalls, enabling cross-site scripting and other encoding-based attacks. Administrators are urged to patch immediately and audit recent logs for malicious multipart requests to mitigate potential breaches.
GBHackers
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations
Russian state-sponsored APT28 has launched new credential harvesting operations against personnel tied to Turkish energy and nuclear research agencies, European think tanks, and organizations in North Macedonia and Uzbekistan. This sustained campaign aims to infiltrate sensitive policy and energy sectors through targeted attacks.
TheHackerNews
Opening the Automation Garden: API Request & Webhook Trigger in Infinity Playblocks
Checkpoint introduces enhancements to Infinity Playblocks, adding API request and webhook trigger capabilities to streamline security automation. These new features promote open, flexible workflows essential for modern multi-tool security environments, helping teams better integrate alerts and responses across platforms.
Checkpoint
Friday Squid Blogging: The Chinese Squid-Fishing Fleet off the Argentine Coast
Bruce Schneier’s latest “Friday Squid Blogging” post touches on a variety of current security stories, including geopolitical cyber concerns and additional topics beyond his regular coverage, maintaining his unique blend of security insight and broader news commentary.
Schneier
In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails, IDHS Breach Impacts 700k
Recent reports reveal over 8,000 ransomware attacks, significant espionage involving Chinese cyberattacks on U.S. government emails, and a data breach affecting 700,000 records at IDHS. Additional developments include a decline in Jaguar Land Rover sales and multiple violations concerning generative AI data policies.
SecurityWeek
Deepfake Fraud Tools Are Lagging Behind Expectations
While deepfakes become increasingly convincing and widespread, defensive tools designed to detect fraudulent deepfake content have not kept pace. Fortunately, defenders still maintain an overall advantage in this ongoing technological arms race.
DarkReading
Illicit Crypto Economy Surges as Nation-States Join in the Fray
Cybercriminal activities involving cryptocurrency surged to billions of dollars in 2025, significantly driven by sanctioned nation-states including Russia and Iran. This escalation complicates efforts to track illicit finance and enforce regulatory measures.
DarkReading
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The FBI warns of spear-phishing campaigns by the North Korean group Kimsuky targeting government bodies, think tanks, and academia using malicious QR codes. These attacks exploit unsuspecting victims by embedding malware payloads accessed through QR scanning.
SecurityWeek
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.