US Withdraws from Global Forum on Cyber Expertise
The Trump administration is withdrawing the US from two cybersecurity-focused international organizations, as part of a broader withdrawal from multilateral institutions, the Record reports. President Trump yesterday signed an executive orderdirecting the US to exit 66 international bodies, on the grounds that continued participation is contrary to US interests. Among these institutions are the Global Forum on Cyber Expertise and the European Centre of Excellence for Countering Hybrid Threats. Federal agencies have been instructed to end participation and funding where legally permitted.
US Secretary of State Marco Rubio said in an accompanying statement that the administration "has found these institutions to be redundant in their scope, mismanaged, unnecessary, wasteful, poorly run, captured by the interests of actors advancing their own agendas contrary to our own."
Attackers are Exploiting a Critical Flaw Affecting
Discontinued D-Link Devices
Threat actors are exploiting a critical flaw in discontinued D-Link gateway devices that can allow unauthenticated attackers to achieve remote code execution, SecurityWeek reports. The flaw (CVE-2026-0625) is "a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameter."
The vulnerability affects devices that reached end-of-support more than five years ago, and no patches are forthcoming. D-Link advises customers to retire these devices and replace them with newer models that receive regular updates.
Jaguar Land Rover Cyberattack Leads to
43% Decline in Wholesale Volumes
Jaguar Land Rover (JLR) has released sales results for its fiscal third quarter that ended December 31st, revealing the impact of a disruptive cyberattack the company sustained at the beginning of September 2025. The company's wholesale volumes fell by 43% year-on-year, and were down 10.6% compared to the previous quarter. The company stated, "Production returned to normal levels only by mid-November post the cyber incident. Due to this and also the time required to distribute vehicles globally once produced, wholesale and retail volumes reduced on a quarter-on-quarter and year-on-year basis."
Tata Motors, which owns JLR, estimated that the attack cost at least £1.8 billion ($2.35 billion). The Register notes that the Bank of England cited the attack as a factor in slowing the UK's economic growth in calendar Q3.
Single Threat Actor Behind Widespread Cloud File-Sharing Breaches
Researchers at Hudson Rock have tied dozens of breaches to a single threat actor dubbed "Zestix," who appears to have compromised the ShareFile, Nextcloud, and OwnCloud instances of around fifty major companies. The threat actor harvested passwords from malware-infected machines or obtained them from logs that were aggregated on the dark web. The compromised cloud instances did not use multifactor authentication, so the threat actor only needed the passwords.
The breached organizations include Pickett, Sekisui House, IFLUSAC, Iberia Airlines, K3G Solutions, CRRC MA, GreenBills, CiberC, and many others. The threat actor is auctioning terabytes of data allegedly stolen from the affected organizations.
Maximum-Severity Flaw Allows Full Compromise of n8n Instances
Researchers at Cyera have discovered a maximum-security remote code execution flaw (CVE-2026-21858) in the open-source workflow automation platform n8n. The vulnerability, which Cyera calls "Ni8mare," can enable unauthenticated, remote attackers "to access files on the underlying server through execution of certain form-based workflows." This can lead to "exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage."
Cyera estimates that the issue affects approximately 100,000 servers globally. No workaround is available, and users are urged to update to n8n version 1.121.0.
.png)