Cyberattack in the fast lane.

Jaguar Land Rover reveals the fiscal results of last year’s cyberattack. A Texas gas station chain suffers a data spill. Taiwan tracks China’s energy-sector attacks. Google and Veeam push patches. Threat actors target obsolete D-Link routers. Sedgwick Government Solutions confirms a data breach. The U.S. Cyber Trust Mark faces an uncertain future. Google looks to hire humans to improve AI search responses. Our guest is Deepen Desai, Chief Security Officer of Zscaler, discussing what’s powering enterprise AI in 2026. AI brings creative cartography to the weather forecast.

Today is Wednesday January 7th, 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Jaguar Land Rover reveals the fiscal results of last year’s cyberattack. 

Jaguar Land Rover has reported sharply weaker preliminary results for its fiscal third quarter ended December 31, underscoring the far-reaching impact of a major cyberattack. Wholesale volumes fell 43.3 percent year on year to 59,200 vehicles, while retail sales declined 25.1 percent to 79,600. The company said a September cyber incident forced weeks-long production stoppages and delayed global distribution, with manufacturing only returning to normal levels by mid-November.

The disruption compounded other pressures, including the planned wind-down of legacy Jaguar models and newly imposed US tariffs. The impact was global, with wholesale volumes down more than 60 percent in North America and steep declines across Europe and China. Even the UK saw a modest drop.

The attack, claimed by Scattered Lapsus$ Hunters, prompted £1.5 billion in UK government support and contributed to slower UK economic growth, according to the Bank of England. Tata Motors estimates the incident cost around £1.8 billion, while the Cyber Monitoring Centre warned of wider economic damage.

A Texas gas station chain suffers a data spill. 

Gulshan Management Services, Inc., a Texas-based operator of roughly 150 gas stations and convenience stores, has disclosed a major data breach affecting more than 377,000 people. The incident was revealed through filings with the Maine Attorney General and the Texas Attorney General. Attackers accessed an external system between September 17 and September 27, 2025, with the breach discovered on the final day.

Initial disclosures cited exposure of names and personal identifiers, while later filings indicated the compromised data may also include Social Security numbers, driver’s license or government ID details, and financial information. Affected individuals were not notified until January 5, 2026, more than three months after the breach period. The company, Gulshan Management Services, Inc., now faces class action lawsuits and investigations alleging inadequate security controls and delayed notification, highlighting ongoing risks in highly interconnected retail fuel operations.

Taiwan tracks China’s energy-sector attacks. 

Taiwan’s National Security Bureau reports that cyberattacks linked to China against Taiwan’s energy sector surged tenfold in 2025 compared to the previous year. Overall, incidents attributed to China rose 6 percent, targeting nine critical sectors. Energy infrastructure saw the most dramatic increase, with attacks up 1,000 percent, while emergency services and hospitals rose 54 percent and communications increased 6.7 percent. Other sectors, including finance and water resources, declined.

The NSB says many attacks coincided with military activity and sensitive political events. The most common techniques exploited hardware and software vulnerabilities, alongside distributed denial-of-service attacks, social engineering, and supply-chain compromises. Energy-sector attacks focused on industrial control systems and malware insertion during software upgrades. The activity was attributed to Chinese-linked groups including BlackTech, APT41, and others.

Google and Veeam push patches. 

Google has released an urgent security update for its Chrome browser to fix a high-severity flaw tracked as CVE-2026-0628. The issue affects Chrome’s WebView component, which lets apps display web content inside native interfaces. Insufficient policy enforcement could allow attackers to bypass security controls. Google has pushed patched versions to all desktop platforms and Android through the Stable channel. Users are urged to update promptly, as Google is limiting technical details until most systems are patched.

Veeam has released an update for its Backup & Replication software to fix multiple vulnerabilities that could enable remote code execution. The flaws affect version 13.0.1.180 and earlier and are resolved in version 13.0.1.1071. The issues require highly privileged roles, such as backup or tape operator, which led Veeam to rate them high severity rather than critical. The company says the bugs were found internally and have not been exploited. Still, organizations are urged to patch promptly, as Veeam products are frequent targets in ransomware attacks, and past vulnerabilities have appeared in CISA’s Known Exploited Vulnerabilities catalog.

Threat actors target obsolete D-Link routers. 

Threat actors are actively exploiting a newly disclosed command injection flaw affecting several end-of-life D-Link DSL routers. The vulnerability, tracked as CVE-2026-0625, stems from improper input sanitization in the dnscfg.cgi endpoint, allowing unauthenticated attackers to execute remote commands via DNS configuration parameters. The issue was reported by VulnCheck after exploitation attempts were observed by The Shadowserver Foundation.

D-Link confirmed that multiple DSL router models are affected, all of which have been unsupported since 2020 and will not receive patches. While exploitation details remain unclear, D-Link and VulnCheck warn that identifying all impacted devices is complex due to firmware variations. Users are strongly advised to retire and replace affected routers, as end-of-life devices no longer receive security updates and pose ongoing risk.

Sedgwick Government Solutions confirms a data breach. 

Sedgwick has confirmed a security breach affecting its federal contracting subsidiary, Sedgwick Government Solutions, which provides services to more than 20 government agencies. The parent company, Sedgwick, says the incident was limited to an isolated file transfer system and did not impact its broader corporate network or claims management servers. Sedgwick has notified law enforcement and engaged external cybersecurity experts to investigate.

Clients of the subsidiary include major US agencies such as Cybersecurity and Infrastructure Security Agency and the Department of Homeland Security. While Sedgwick did not publicly attribute the attack, the TridentLocker ransomware group has claimed responsibility, alleging the theft of 3.39 gigabytes of data and publishing samples online. The investigation is ongoing, and Sedgwick says services remain operational.

The U.S. Cyber Trust Mark faces an uncertain future. 

The U.S. Cyber Trust Mark is a voluntary consumer labeling program designed to help Americans identify smart devices that meet baseline cybersecurity standards. Launched by the Federal Communications Commission during the Biden administration, the initiative was created to address long-standing concerns that consumer internet-of-things products often ship with weak security and limited accountability after vulnerabilities emerge.

That program now faces uncertainty after UL Solutions formally withdrew as its lead administrator. UL notified the FCC in late December that it was stepping down effective immediately, saying it had completed foundational work such as convening stakeholders and helping develop technical and governance recommendations. The departure leaves no clear entity overseeing day-to-day operations of the program.

While UL described the move as a natural transition, the timing follows an internal national security review ordered last summer by FCC Chairman Brendan Carr, which examined potential foreign influence in program management. It remains unclear whether the FCC plans to appoint a replacement administrator.

Google looks to hire humans to improve AI search responses. 

Google is signaling a renewed push to improve the reliability of its AI-generated search responses as it expands AI Overviews across Google Search. A new job listing shows the company is hiring engineers for an “AI Answers Quality” role, focused on verifying and improving the accuracy of AI Overviews and AI Mode responses. In the listing, Google acknowledges the need to solve complex challenges while reimagining how users search for information.

The move is notable as Google continues to push AI-generated answers more aggressively, including into its Discover feed, sometimes rewriting news headlines. Despite recent improvements, AI Overviews still produce contradictory or fabricated answers, even when citing sources that do not support the claims. Media scrutiny has intensified, with The Guardian reporting misleading health advice generated by AI Overviews. The hiring effort appears to be Google’s first indirect admission that answer quality remains a serious issue.

AI brings creative cartography to the weather forecast. 

At first, the wind forecast for Camas Prairie, Idaho looked routine. Hold onto your hats, the graphic suggested, especially if you lived in places like “Orangeotild” or “Whata Bod.” Minor complication, those towns do not exist.

The National Weather Service later confirmed the map’s misspelled and imaginary locations were the result of an experiment with generative AI. The agency said the image was quickly corrected and the post removed, stressing that AI is not commonly used for public-facing forecasts, though it is not prohibited either.

The episode comes as the Weather Service, part of National Oceanic and Atmospheric Administration, explores AI for everything from forecasting to graphics, while also dealing with staffing losses that have stretched resources thin. Experts warned that even small errors can chip away at public trust, especially when they come from an authoritative source. As one observer noted, AI can help fill gaps, but inventing towns is probably not the kind of innovation anyone had in mind.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.