Jan 19, 2026

I just heard that China has taken a significant step in its tech decoupling efforts by ordering domestic companies to stop using cybersecurity software from over a dozen U.S. and Israeli vendors, including major players like VMware, Palo Alto Networks, Fortinet, and CrowdStrike. This move is motivated by national security concerns that foreign cybersecurity tools might leak sensitive data abroad. It marks a clear escalation in geopolitical tensions and signals a push by Beijing to strengthen its own cybersecurity and tech sectors. Organizations that operate in or with China need to urgently reassess their supply chains and compliance strategies to avoid disruptions.

On the threat landscape, a China-linked advanced persistent threat group is exploiting a zero-day vulnerability in the Sitecore content management system to maintain long-term access to enterprise networks. Simultaneously, the Devixor Android Trojan is actively targeting banking and cryptocurrency users by stealing credentials and capturing screens, posing a significant risk to fintech platforms and their customers. In the U.S., federal agencies have been directed by CISA to urgently patch a remote code execution flaw in the Gogs Git service due to confirmed active exploitation. This highlights the immediate need for organizations, especially those involved in software development, to prioritize patch management.

Ransomware continues to be a serious problem, as evidenced by a recent attack on South Korea’s Kyowon Group, which disrupted their operations. This incident underscores how large conglomerates with complex supply chains remain vulnerable. Meanwhile, Monroe University disclosed a data breach impacting over 320,000 individuals, exposing sensitive personal information, and Canada’s investment regulator also confirmed a data breach affecting confidential data. These breaches reinforce the ongoing vulnerabilities in the education and financial sectors that demand stronger security controls.

Europol issued a warning about a scam pretending to offer rewards for information on the Qilin ransomware group, which is actually designed to harvest sensitive data from victims or researchers—demonstrating how deception tactics within ransomware ecosystems continue to evolve. Additionally, Spanish authorities arrested members of the Black Axe cybercrime network involved in fraud and money laundering across Europe and Africa. There was also a keylogger campaign uncovered targeting employees at a major U.S. bank, potentially enabling attackers to steal credentials and infiltrate internal financial systems. This incident calls for immediate reinforcement of endpoint security measures and increased employee vigilance.

Lastly, cybersecurity agencies in the U.S. and allied countries have issued warnings about rising reconnaissance and intrusion attempts targeting industrial control systems in critical sectors like energy and water. While no immediate disruptions have been reported, these developments suggest potential future attacks, making it essential for operators of critical infrastructure to enhance monitoring and incident response capabilities. Overall, the current cyber threat landscape is intensifying, with urgent priorities including patch management, endpoint defense, and securing supply chains.

Stay Well!