Patch Tuesday notes.

Summary

By the CyberWire staff

Patch Tuesday notes.

Microsoft yesterday issued patches for 114 vulnerabilities, including three zero-days, BleepingComputer reports. One of the zero-days is actively exploited, while two are publicly disclosed. The actively exploited vulnerability (CVE-2026-20805) is an information disclosure flaw in the Desktop Windows Manager. One of the publicly disclosed flaws (CVE-2023-31096) is a privilege escalation bug in Agere Soft Modem drivers, while the other (CVE-2026-21265) is a security feature bypass vulnerability related to expiring Secure Boot certificates.

Adobe released fixes for 25 vulnerabilities across multiple products, including a critical Apache Tika flaw in ColdFusion that could be exploited via XFA files inside PDF documents, SecurityWeek reports.

Fortinet patched six vulnerabilities in its products, including two critical flaws in FortiFone and FortiSIEM. Horizon3.ai published a report on the more severe of these bugs, a command injection flaw tracked as CVE-2025-64155.

Meter: the end-to-end, secure enterprise network

Fragmented networks create security blind spots that are hard to patch. Meter takes a different approach, with an integrated enterprise networking architecture designed for security at the core, the edge, and everywhere in between. Learn how Meter protects every site by default at meter.com/security.

China tells domestic companies to stop using US- and Israeli-made cybersecurity software.

Reuters reports that Beijing has told Chinese companies to cease using cybersecurity software from about a dozen US and Israeli firms due to national security concerns. The banned security providers include VMware, Palo Alto Networks, Fortinet, and Check Point. Sources told Reuters that Beijing is concerned that the software could be used for espionage. The Chinese government hasn't responded to Reuters's request for a comment.

Reuters notes, "Fortinet has three offices in mainland China and one in Hong Kong, according to its website. Check Point’s website lists support addresses in Shanghai and Hong Kong. Broadcom lists six China locations, while Palo Alto lists five local offices in China, including one in Macau."

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

Spanish police arrest dozens of alleged Black Axe members.

The Spanish National Police, supported by Europol and the Bavarian State Criminal Police Office, have arrested 34 individuals accused of association with the Black Axe criminal gang, CyberScoop reports. According to Europol, Black Axe is a Nigerian organization with a global presence, known for conducting "cyber-enabled fraud, drug trafficking, human trafficking and prostitution, kidnapping, armed robbery, and fraudulent spiritual practices." Authorities believe this Spain-based contingent was responsible for scams and fraud leading to losses of nearly six million euros.

Notes.

Today's issue includes events affecting China, Germany, Israel, Nigeria, Spain, and the United States.

Attacks, Threats, and Vulnerabilities

Betterment confirms data breach after wave of crypto scam emails (BleepingComputer) U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers.

Passports, bank details compromised in Eurail data breach (The Register) : Travel biz tells customers to change passwords beyond its own services

Trends

Threat Spotlight: How phishing kits evolved in 2025 (Barracuda) The top phishing themes, teams and tactics of the last 12 months

Legislation, Policy, and Regulation

Lawmakers Urged to Let US Take on 'Offensive' Cyber Role (BankInfoSecurity) Cyber policy analysts told lawmakers that the United States' cyber deterrence efforts are failing, allowing China and others to embed in critical infrastructure

Sean Plankey re-nominated to lead CISA (CyberScoop) President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey’s bid for the position ended last year stuck in the Senate.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SpaceCom | Space Congress: The Global Conference & Expo for the Commercial Space Industry (Orlando, Florida, USA, Jan 28 - 30, 2026) SpaceCom | Space Congress is where the business of space gets done. As the flagship event of Commercial Space Week—co-located with the Space Mobility Conference and the GSA Spaceport Summit—this event unites aerospace, defense, and commercial leaders for three days of deal-making, partnership building, and technology discovery on the expo floor, in the conference program, and through curated networking that drives real results.

HIP Europe 26 (Frankfurt, Germany, Feb 10, 2026) Get ready to elevate your identity security skills at HIP Europe — your gateway to becoming a Hybrid Identity Protection (HIP) Hero. With the departure of original Active Directory experts and the rise of identity as the primary attack surface, the need for identity threat detection and response (ITDR) talent has never been greater. This event is the perfect opportunity to enhance your (or your team's) ITDR strategy and strengthen your organization's operational resilience.

Wild West Hackin’ Fest @ Mile High 2026 (Denver, Colorado, USA, Feb 11 - 13, 2026) More than just a conference, Wild West Hackin’ Fest (WWHF) is committed to offering high quality information security education to beginners and seasoned professionals alike. With reasonably priced training, conferences, hands-on labs, and workshops, WWHF lowers the barrier to entry for those seeking to enter into the world of information security. WWHF also offers a venue for those already established in the industry to share ideas, give back, and continue learning.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 01.14.26

Top stories.

Patch Tuesday notes.

China tells domestic companies to stop using US- and Israeli-made cybersecurity software.

Spanish police arrest dozens of alleged Black Axe members.

Notes.

Attacks, Threats, and Vulnerabilities

Trends

Legislation, Policy, and Regulation

Events