January 2026 Cybersecurity Round-Up

By Editorial Team | February 10, 2026

This blog provides a useful round-up of January 2026 cybersecurity incidents. The World Economic Forum’s Global Cybersecurity Outlook 2026 opens by discussing how hybrid threats and escalating cyberattacks reflect the increasing volatility of the global environment. So, with the first month of the new year out of the way, what were the key notable attacks and CVEs? This blog provides a useful round-up of cybersecurity in January 2026.

Cyberattacks in January 2026 Cybersecurity Round-Up

Nike Data Breach

Nike confirmed it is investigating a potential massive data breach, after the WorldLeaks cybercrime group publicly claimed to have exfiltrated roughly 1.4 terabytes of internal company data. This included nearly 190,000 files, with some reportedly tied to product development, manufacturing, and operational workflows. The brand emphasized it’s still assessing the incident.

This appears to be a pure data-theft and extortion play. WorldLeaks is a relatively new but increasingly visible actor in the ‘data-exfiltration-only’ ecosystem. Rather than deploying ransomware payloads, the group focuses on breaching networks, quietly extracting large volumes of data, and leveraging leak sites for pressure. Here, detection strategies must evolve to incorporate outbound traffic analysis, behavioural baselining and privileged-account monitoring.

Zendesk Spam

On January 18th, a wave of spam messages began as attackers abused unsecured Zendesk support portals, creating fake support tickets to generate enormous volumes of automated emails. Because Zendesk automatically generates confirmation and response messages, attackers have turned legitimate customer-support infrastructure into a high-volume spam engine.

This was not a conventional breach: the spam emails contained no phishing links, and the subject lines were rather bizarre. But the incident does reveal that trusted SaaS platforms can be weaponized as amplifiers of mischief when access controls are weak.

It is interesting to consider whether this is a new tactic: flood inboxes with legitimate but weird emails to degrade trust signals. When a truly malicious follow-up arrives later, perhaps in a separate channel, users are already off balance and maybe more likely to be duped.

Belgian Hospital

The AZ Monica hospital network in Antwerp shut down all servers, cancelled surgeries and transferred patients following a cyberattack. Systems were disconnected to contain the incident. Clinical disruption followed immediately; critical-care patients had to be transferred to other hospitals.

Healthcare breaches continue to demonstrate the gap between IT resilience and operational resilience. Hospitals are dense, interdependent environments comprising scheduling, diagnostics, imaging, pharmacy systems and device management, all digitally intertwined. True resilience in healthcare must include live failover rehearsals, segmented clinical zones, and the ability to operate safely in degraded digital conditions.

Dresden State Art Collections

The Dresden State Art Collections (overseeing roughly 15 museums) suffered a cyberattack in January 2026 that disrupted digital systems, including ticketing and administrative platforms. Online ticket sales and even the shop were not available.

Cultural institutions increasingly represent low-resistance, high-symbolism targets. They often run customised or legacy systems with limited dedicated security staffing. Yet their digital presence is highly visible. Museum attacks create reputational disruption, public embarrassment and operational paralysis at relatively low technical cost.

Copec S.A.

In January, Chile’s energy and fuels conglomerate Copec S.A. suffered a cyberattack attributed to the Anubis ransomware group. Reporting indicates that Anubis operators not only encrypted systems but also exfiltrated data before detonating and then demanded ransom under threat of publishing the stolen material. The incident forced Copec to take the affected infrastructure offline and initiate containment and recovery measures across business units.

Copec is a cornerstone of Chile’s energy sector, with downstream operations in retail fuel distribution, industrial lubricants, and logistics. Vertical infrastructure companies, especially in energy and logistics, have become high-value targets because they combine essential operations with complex, interdependent IT/OT ecosystems.

Anubis has gained traction as a ransomware operation, with the gang notably using a tactic of file destruction. The use of a wiper to delete stolen files amplifies pressure on victims to pay, especially when highly valuable data is stolen.

Key CVEs in January 2026

January 2026 was also an interesting month in terms of newly disclosed vulnerabilities. Here are some of the most noteworthy:

Conclusion

January 2026’s cybersecurity incidents and CVEs exposed how modern organisations are being tested at their most trusted layers: enterprise backbones, automation platforms, AI agents and shared infrastructure. Critical sectors such as healthcare and energy continue to be targeted.

Contact us now to discover how we can strengthen your cybersecurity posture.

Posted in DIESEC™ and tagged Anubis ransomware, Copec, cyberattacks, cybersecurity round-up, hospital cyberattack, January 2026 cybersecurity, Nike data breach, Oracle CVE-2026-20805, SAP S/4HANA vulnerability, ServiceNow BodySnatcher, WorldLeaks, Zendesk spam