CVEs Don't Sleep

Quick Summary

This CyberWire Daily episode covers January 2026's critical cybersecurity developments, including Microsoft's massive Patch Tuesday release addressing 113 vulnerabilities, China's directive to sideline Western security vendors, and a critical flaw exposing industrial switches to remote takeover. The episode also features an in-depth discussion on AI supply chain security with Palo Alto Networks' Ian Swanson and highlights an embarrassing incident where UK police cited a non-existent soccer match in an AI-generated security report.

Key Topics

• Patch Tuesday January 2026: Microsoft addresses 113 vulnerabilities including a zero-day actively being exploited; Adobe patches critical Apache Tika flaw; Fortinet releases critical security updates
• China's Western Vendor Restrictions: Beijing instructs domestic companies to cease using cybersecurity software from U.S. and Israeli vendors (VMware, Palo Alto Networks, Fortinet, Checkpoint) citing national security concerns
• Industrial Control System Vulnerability: Critical flaw in Moxa industrial Ethernet switches enables unauthenticated remote code execution via SSH agent forwarding
• AI Supply Chain Security: Comprehensive discussion on hidden risks in machine learning models, data pipelines, and the lack of visibility into deployed AI systems
• Real-World Incidents: Ransomware attack on Belgian hospital, Betterment crypto scam breach, Eurail data breach, and offensive cyber policy debate

Main Points

• Patch Tuesday's Critical Scope: Microsoft's January update addresses at least 113 vulnerabilities across Windows and supported software, including eight critical flaws and one confirmed zero-day (Windows Desktop Window Manager) already under active exploitation. Despite a relatively low CVSS score, the zero-day can undermine core protections like address space layout randomization (ASLR) and be chained with other vulnerabilities. Adobe released fixes for 25 vulnerabilities across 11 products, with the most severe being an XML external entity (XXE) injection bug in Apache Tika modules that enables remote code execution through malicious PDFs. Fortinet patched six vulnerabilities including two critical flaws: an unauthenticated OS command injection in FortiSIEM and a configuration exposure vulnerability in Fortifone.
• China's Cybersecurity Vendor Purge: According to Reuters sources, Chinese authorities have instructed domestic companies to stop using cybersecurity software from approximately a dozen U.S. and Israeli vendors, including major players like VMware, Palo Alto Networks, Fortinet, and Checkpoint Software. Beijing's stated concern is that foreign security tools could collect and transmit sensitive data overseas, representing an escalation in China's broader effort to replace Western technology with domestic alternatives amid rising U.S.-China tensions. This move reflects long-standing Chinese concerns about potential espionage or sabotage capabilities embedded in foreign security infrastructure.
• Industrial Switch Critical Vulnerability: Moxa warned of a critical vulnerability in its industrial Ethernet switches (EDS and RKS models) that allows unauthenticated remote code execution when SSH agent forwarding is abused. The flaw stems from improper handling of a third-party OpenSSH library. Until patched firmware is deployed, operators must isolate vulnerable devices from the internet and restrict access to trusted networks only—a significant operational challenge for critical infrastructure operators.
• AI Supply Chain Security Risks: Ian Swanson from Palo Alto Networks highlighted that organizations typically perceive having hundreds of machine learning models deployed, but the actual number often reaches tens of thousands or hundreds of thousands. The AI supply chain encompasses three critical components: data (the "fuel"), machine learning models (the "engine"), and the applications built upon them. Risks include malicious code, unsafe operators, and neural backdoors embedded in models. Swanson cited a real-world example where attackers created name-squatting attacks on open-source model repositories (like Hugging Face), with malicious models downloaded tens of thousands of times and designed to steal cloud credentials upon deserialization.
• Real-World Breach Impacts: A ransomware attack on AZ Monaco Hospital in Belgium forced the shutdown of all servers across multiple campuses, resulting in cancelled surgeries, reduced emergency services, and the transfer of seven critically ill patients. The hospital's proactive server shutdown prevented patient data compromise but severely disrupted care delivery. Betterment (digital investment advisor) confirmed a breach of a third-party marketing platform that allowed attackers to send fraudulent crypto-scam emails to customers, exposing names, contact details, addresses, and dates of birth. Eurail (European rail pass provider) disclosed a data breach affecting customer information including names, contact details, dates of birth, and passport information, with DiscoverEU program participants potentially having ID copies, health data, and bank references exposed.
• Offensive Cyber Policy Debate: Cyber policy analysts testified before Congress that China and other adversaries conduct persistent large-scale cyber campaigns against U.S. critical infrastructure with minimal cost or risk. Experts argued current U.S. authorities are outdated and overly restrictive, limiting offensive cyber operations that could deter adversaries. They advocated for clearer interagency roles, faster information sharing with industry, and a shift from reactive responses to sustained "defend-forward" operations, citing attacks on U.S. water systems and China's Volt Typhoon campaign as evidence of growing civilian risk.
• CISA Leadership Renewal: President Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency, reviving a nomination that stalled in the Senate last year. Plankey's earlier advancement through committee was blocked by Senate holds tied to unrelated disputes, leaving CISA without permanent leadership throughout 2025. The administration has signaled this confirmation remains a priority for stable leadership at the nation's lead civilian cyber defense agency.
• AI Hallucination in Law Enforcement: In a cautionary tale about AI reliability, UK police cited a soccer match between Maccabee Tel Aviv and West Ham that never actually happened in a security assessment report recommending Maccabee Tel Aviv fans be banned from attending a match against Aston Villa. Chief Constable Craig Guilford initially denied using AI, claiming reliance on social media scraping and Google searches, but later admitted in writing that Microsoft Copilot generated the error. The incident highlights the risks of deploying AI systems for critical decision-making without proper validation mechanisms.

Speaker Insights

Ian Swanson (Palo Alto Networks AI Security Leader):

• "If data is the fuel, the machine learning model is the engine to an AI application."
• Emphasized the critical gap between perceived (hundreds) and actual (tens of thousands) deployed ML models in organizations
• Highlighted that traditional software supply chain attacks (from 10-20 years ago) are now re-manifesting in the AI supply chain around data, models, and agents
• Advocated for continuous testing, benchmarking, evaluation, and red-teaming of AI applications before production deployment
• Stressed the importance of deserializing and scanning ML models for malicious code, unsafe operators, and neural backdoors

Dave Bittner (CyberWire Host):

• Provided comprehensive context on the interconnected nature of patch cycles and their operational impact
• Connected disparate incidents (hospital ransomware, data breaches, policy debates) to broader cybersecurity trends

Referenced Links

• Patch Tuesday, January 2026 Edition - Krebs on Security
• Adobe Patches Critical Apache Tika Bug in ColdFusion - SecurityWeek
• Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities - SecurityWeek
• Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM - SecurityWeek
• Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software - Reuters
• Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover - Beyond Machines
• Cyberattack forces Belgian hospital to transfer critical care patients - The Record
• Betterment confirms data breach after wave of crypto scam emails - Bleeping Computer
• Passports, bank details compromised in Eurail data breach - The Register
• Lawmakers Urged to Let US Take on 'Offensive' Cyber Role - Bank InfoSecurity
• Sean Plankey re-nominated to lead CISA - CyberScoop
• Police chief admits misleading MPs after AI used in justification for banning Maccabi Tel Aviv fans - BBC News
• Threat Vector Podcast - Full Episode - CyberWire
• CyberWire Daily Briefing - Daily intelligence roundup

Takeaways

• Patch Urgently: The Windows Desktop Window Manager zero-day is already under active exploitation despite its low CVSS score—organizations should prioritize deployment of January 2026 patches immediately, particularly for systems exposed to untrusted networks.
• Inventory Your AI Supply Chain: Organizations drastically underestimate the number of deployed ML models in production. Conduct a comprehensive audit of all data sources, models (especially open-source ones from repositories like Hugging Face), and AI applications to establish baseline visibility before implementing security controls.
• Treat ML Models Like Software Artifacts: Implement deserialization scanning, continuous testing, benchmarking, evaluation, and red-teaming of ML models before production deployment. Scan for malicious code, unsafe operators, neural backdoors, and name-squatting attacks in open-source model repositories.
• Isolate Industrial Control Systems: Organizations running vulnerable Moxa industrial switches should immediately isolate affected devices from internet connectivity and restrict access to trusted networks only until patched firmware can be deployed. This is critical for maintaining safety in industrial environments.
• Validate AI-Generated Security Recommendations: The UK police incident demonstrates that AI systems can confidently generate plausible-sounding but factually incorrect information. Implement human validation and cross-reference checks for any security decisions informed by AI tools, especially those affecting civil liberties.
• Prepare for Geopolitical Technology Fragmentation: China's directive to remove Western security vendors signals accelerating technology decoupling. Organizations with global operations should assess supply chain dependencies and develop contingency plans for vendor transitions in different geographic regions.
• Advocate for Offensive Cyber Authorities: Cybersecurity leaders should engage with policymakers on the need for updated authorities enabling sustained "defend-forward" operations rather than purely reactive responses to adversary campaigns. Current restrictions limit deterrence capabilities against state-sponsored actors.
• Monitor Third-Party Marketing Platforms: The Betterment breach demonstrates that security perimeter extends beyond core systems to third-party vendors with email infrastructure access. Implement vendor security assessments and access controls for any third party capable of leveraging your brand or customer communication channels.

---

Episode Context: This January 14, 2026 episode reflects an unusually active security landscape with simultaneous critical vulnerabilities across multiple software categories, geopolitical technology tensions, and real-world operational impacts. The emphasis on AI supply chain security signals this as an emerging priority for enterprise security teams, while the UK police AI hallucination incident serves as a cautionary tale about deploying AI for high-stakes decision-making without proper validation frameworks.