🚨WK 03: Beijing Orders Cybersecurity Software Ban, Qilin Ransomware “Reward” Is Fake, Keylogger Campaign Targets Major U.S. Bank, Black Axe Cybercrime Network Members Arrested

China Bans Use of US/Israeli Cybersecurity Software

China has directed domestic companies to stop using cybersecurity products from more than a dozen US and Israeli vendors, including major names such as VMware (Broadcom), Palo Alto Networks, Fortinet, Check Point, CrowdStrike, Mandiant, SentinelOne, and Rapid7, citing national security concerns that foreign-made tools could collect or transmit sensitive data abroad. The move is part of Beijing’s broader strategy to reduce reliance on Western technology amid intensifying US–China tech competition and geopolitical tensions. It aligns with efforts to build stronger domestic capabilities in cybersecurity, semiconductors, and artificial intelligence. Chinese authorities have not publicly commented, and the state internet regulator and Ministry of Industry and Information Technology did not respond to requests for comment. Several affected vendors say they have little or no business in China, but the directive signals a significant escalation in technology decoupling and digital sovereignty.

Key Points

• Chinese regulators have told domestic firms to stop using cybersecurity software from about a dozen US and Israeli companies.

• Affected vendors include major brands such as VMware, Palo Alto Networks, Fortinet, Check Point, CrowdStrike, SentinelOne, Mandiant, and Rapid7.

• The action is driven by national security concerns that foreign products might transmit or expose sensitive data.

• Beijing is pushing to replace Western technology with domestic alternatives across cybersecurity and related sectors.

• The directive comes amid widening US–China technology and geopolitical competition ahead of planned diplomatic engagements.

Link: Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say

💻 Malware and Vulnerabilities

China-Linked APT Exploits Sitecore Zero-Day Vulnerability: A China-aligned threat group is actively exploiting a zero-day vulnerability in Sitecore content management software to gain persistent access to enterprise networks, continuing a pattern of targeting widely deployed commercial platforms. LINK
https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html

Devixor Android Trojan Targets Banking and Crypto Users: Researchers warn the Devixor Android trojan is stealing banking credentials and cryptocurrency assets using spyware capabilities such as screen capture and credential harvesting, posing risks to both consumers and fintech platforms. LINK
https://securityonline.info/spy-steal-lock-devixor-android-trojan-hits-banking-crypto-users/?&web_view=true

CISA Orders Emergency Patching of Gogs Zero-Day Exploited in Attacks: CISA has ordered U.S. federal agencies to urgently patch a remote code execution flaw in the Gogs Git service after confirming active exploitation, signaling elevated risk to development and CI/CD environments. LINK
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/?&web_view=true

📈 Breaches and Incidents

Ransomware Attack Disrupts South Korea’s Kyowon Group: Kyowon Group confirmed a ransomware attack that disrupted business operations, adding to concerns about ransomware targeting large Asian conglomerates with complex supply chains and limited downtime tolerance. LINK
https://securityaffairs.com/186964/data-breach/a-ransomware-attack-disrupted-operations-at-south-korean-conglomerate-kyowon.html

Monroe University Data Breach Impacts 320,000 Individuals: Monroe University disclosed a 2024 cyber incident affecting personal data of more than 320,000 people, including sensitive identifiers, highlighting ongoing cybersecurity challenges across higher education institutions. LINK
https://www.bleepingcomputer.com/news/security/monroe-university-says-2024-data-breach-affects-320-000-people/

Canadian Investment Regulator CIRO Confirms Data Breach: Canada’s investment oversight body confirmed a data breach impacting confidential information, raising concerns about cybersecurity resilience within financial regulatory institutions. LINK
https://therecord.media/canada-ciro-investing-regulator-confirms-data-breach

France’s Data Protection Authority Issues New Cybersecurity Fine: France’s privacy regulator announced a fine tied to cybersecurity failures, reinforcing strict GDPR enforcement and signaling continued regulatory scrutiny over data protection controls. LINK
https://therecord.media/france-data-regulator-fine

🚨 Threat Intel & Info Sharing

Europol Says Qilin Ransomware “Reward” Is Fake: Europol has issued a warning that a circulating offer promising financial rewards for intelligence on the Qilin ransomware group is fraudulent. Authorities say the scheme is likely designed to harvest sensitive information or exploit victims and researchers, underscoring how ransomware ecosystems increasingly leverage deception even against defenders. LINK
https://www.securityweek.com/europol-says-qilin-ransomware-reward-fake/

Chinese Intelligence Allegedly Aided Maduro’s Capture Operations: Investigative reporting suggests Chinese intelligence support enabled Venezuela’s government to track and capture political opponents, illustrating how cyber surveillance tools and digital intelligence sharing are being used to reinforce authoritarian control beyond borders. LINK
https://www.theregister.com/2026/01/15/chinese_spies_used_maduros_capture/

Cyber Agencies Warn of Growing Threats to Industrial Control Systems: U.S. and allied cyber agencies issued a joint warning about escalating threats to industrial control systems, citing reconnaissance and intrusion activity targeting energy, water, and manufacturing sectors. Officials say adversaries may be positioning for future disruption rather than immediate attacks. LINK
https://therecord.media/cyber-agencies-warn-of-industrial-system-threats

Malicious Chrome Extension Steals Cryptocurrency via API Keys: Security researchers uncovered a Chrome browser extension that silently exfiltrates API keys used by crypto platforms, allowing attackers to drain wallets without triggering alerts. The campaign highlights ongoing risks from browser extension supply chains. LINK
https://securityonline.info/malicious-chrome-extension-drains-crypto-via-secret-api-keys/?&web_view=true

Meta Fixes Instagram Password Reset Flaw, Denies Data Breach: Meta says it has fixed a vulnerability in Instagram’s password reset process after online claims of account compromise, stressing that no evidence of a data breach was found. Researchers say the incident reflects persistent pressure on account recovery systems. LINK
https://securityaffairs.com/186829/security/meta-fixes-instagram-password-reset-flaw-denies-data-breach.html?web_view=true

Spain Arrests Members of Black Axe Cybercrime Network: Spanish authorities announced arrests linked to the Black Axe cybercrime group, part of a wider international operation targeting fraud, romance scams, and money laundering networks operating across Europe and Africa. LINK
https://cyberscoop.com/black-axe-disruption-arrests-spain/?web_view=true

Keylogger Campaign Targets Employees at Major U.S. Bank: Investigators identified a keylogger operation aimed at bank employees, potentially enabling credential theft and access to internal financial systems. The campaign underscores continued focus on employee endpoints as high-value entry points. LINK
https://sansec.io/research/keylogger-major-us-bank-employees

⚖️ Laws, Policies and Regulations

U.S. Reviews Cyber Command–NSA Dual-Hat Leadership Model: Defense officials are reassessing the longstanding practice of one leader overseeing both Cyber Command and the NSA, amid concerns over mission scale, operational focus, and geopolitical cyber pressures. LINK
https://defensescoop.com/2026/01/15/gen-rudd-cybercom-nsa-dual-hat-cyber-force/

DHS Replaces CIPAC Framework for Critical Infrastructure Cyber Liability: DHS announced plans to restructure its approach to cybersecurity liability protections for critical infrastructure operators, aiming to improve collaboration and legal clarity for private-sector partners. LINK
https://cyberscoop.com/dhs-anchor-cipac-replacement-critical-infrastructure-cybersecurity-liability-protections/

Hacker Sentenced to Seven Years for Attacks on Major European Ports: A court sentenced a hacker to seven years in prison for cyberattacks on the ports of Rotterdam and Antwerp, which disrupted shipping logistics and highlighted vulnerabilities in maritime infrastructure. LINK
https://www.bleepingcomputer.com/news/security/hacker-gets-seven-years-for-breaching-rotterdam-and-antwerp-ports/

China Orders Firms to Stop Using U.S. and Israeli Cybersecurity Tools: Beijing has instructed Chinese companies to phase out foreign cybersecurity software, signaling deeper technology decoupling amid rising geopolitical and supply-chain tensions. LINK
https://www.reuters.com/world/china/beijing-tells-chinese-firms-stop-using-us-israeli-cybersecurity-software-sources-2026-01-14/

Australia Publishes AI Cybersecurity Guidance for Small Businesses: Australia’s government released new guidance to help small businesses adopt artificial intelligence securely, addressing data protection, governance, and cyber risk management. LINK
https://www.cyber.gov.au/business-government/secure-design/artificial-intelligence/artificial-intelligence-for-small-business

📊 Trends, Reports, Analysis

DragonForce Ransomware Targets MSPs via SimpleHelp Vulnerabilities: Sophos reports that DragonForce ransomware actors are exploiting flaws in SimpleHelp remote management software to compromise managed service providers and propagate attacks across customer networks. LINK
https://www.sophos.com/de-de/blog/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers?

RePrompt Attacks Highlight Emerging Risks in Generative AI: Varonis analysis details how attackers can manipulate AI systems through “reprompting” techniques to extract sensitive data, raising new concerns for enterprises deploying generative AI at scale. LINK
https://www.varonis.com/blog/reprompt

📅 Upcoming Events

UK Edition: Generative AI & Cybersecurity: Risks and Opportunities

Generative AI is transforming cybersecurity at unprecedented speed. For UK organisations, it represents a powerful opportunity to modernise Security Operations Centres (SOCs) through intelligent automation, predictive threat detection, and faster decision-making. At the same time, it is enabling a new class of highly sophisticated cyber threats, AI-driven phishing, adaptive malware, and LLM-engineered exploits that challenge traditional defences.

REGISTER HERE

We are looking for sponsors for our 2026 events.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.