Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.
So much for easing into the new year
January usually begins with a fresh start for many. Unfortunately, that’s not the case for cybersecurity. The new year brought continued pressure from maximum-severity vulnerabilities, sophisticated malware, and the continued abuse of AI and CI/CD infrastructure. Here’s how the year began for defenders:
Jan 7: Ni8mare CVE-2026-21858
- Ni8mare is a maximum-severity vulnerability that impacts locally deployed instances of the open source workflow automation tool n8n.
- Initially, more than 100,000 n8n servers were deemed vulnerable to the data parsing flaw, but exploitation first requires network accessibility.
- A successful attack allows threat actors to read arbitrary files from the host, escalate to full remote code execution, and obtain full server takeover.
- Patching to the highest version of n8n is the best mitigation strategy. Otherwise, organizations should restrict or disable publicly accessible webhooks and form endpoints from untrusted paths.
Jan 13: VoidLink malware
- VoidLink is a Chinese-developed Linux malware framework that targets cloud and container environments.
- The malware is written in Zig programming language and shows strong signs of LLM-assisted code generation.
- This is the first report of a C2 server building kernel modules on-demand. This technique has been dubbed serverside rootkit compilation (SRC) by the Sysdig Threat Research Team (TRT).
- VoidLink is highly sophisticated, including techniques to minimize its on-disk footprint, evade detection tools, and rootkit deployment that varies based on kernel versions.
- Sysdig’s response: The Sysdig TRT published an in-depth analysis of the malware framework on January 16. It highlights several rules for Sysdig Secure customers and threat hunting techniques for detecting VoidLink.
Jan 20: ChainLeak AI vulnerabilities
- ChainLeak is the culmination of two vulnerabilities in the open source AI framework Chainlit that impact internet-facing applications.
- CVE-2026-22218 allows attackers to copy arbitrary server files into their session with validation, therefore leaking sensitive data like API keys, credentials, source code, and more.
- CVE-2026-22219 is a server-side request forgery (SSRF) flaw that allows attackers to make arbitrary HTTP requests. When combined with the file read vulnerability, SSRF will help move laterally and reach internal services or cloud endpoints.
- Vulnerable organizations should upgrade to the most recent version of Chainlit and/or remove public accessibility, rotate exposed credentials, and monitor for unexpected internal requests.
Additional Sysdig TRT findings
The team witnessed an increasing amount of GitHub Actions abuse in 2025 and reported on multiple instances throughout the year. On January 13, the Sysdig TRT published an in-depth technical blog detailing how threat actors are weaponizing self-hosted GitHub Actions runners as persistent backdoors. This technique allows threat actors to blend into CI/CD workflows while executing malicious code and masking C2 activity. The blog includes a real-world case study and detection and mitigation techniques for defenders.
Also in the news
- Attack on Polish energy grid: Poland’s Computer Emergency Response Team (CERT) released a report on 30 January about the late December Russian attacks on more than 30 Polish energy facilities and a manufacturing company. These well-thought-out and deliberately destructive attacks on both IT and physical OT permanently damaged some equipment, but failed to disrupt power.
- New AI compliance framework: The European Telecommunications Standards Institute (ETSI) published a new Technical Specification on 29 January called Securing Artificial Intelligence (SAI): Baseline Cyber Security Requirements for AI Models and Systems. This European Standard aligns with the EI AI Act to provide organizations with a baseline of cybersecurity requirements tailored specifically to AI models and systems.
- LLMjacking is back: In fact, it never left – it expanded. The Sysdig TRT first reported on and coined the term LLMjacking in May 2024, with two additional reports since. The Pillar Security Research Team just reported on a large-scale LLMjacking campaign on January 28 called Operation Bizarre Bazaar, complete with commercial monetization. LLMjacking is the new cryptomining.
Closing thoughts
January reinforced a familiar reality. While this may garner several eyerolls from readers, attackers are continuing to get faster, more creative, and they are increasingly comfortable operating in and around the tools defenders and developers rely on most. From automation platforms to CI/CD pipelines and cloud infrastructure, trust is the most abused control.
There are three things to look out for as we move deeper into 2026:
- Relentless exploitation of open source software.
- Rapid maturation of cloud-native and Linux malware.
- AI systems firmly planted in both attack chains and the attack surface.
Expect a small margin of error this year and prepare accordingly.