Top stories.
- Cambodia extradites alleged scam kingpin to China.
- US withdraws from Global Forum on Cyber Expertise.
- NSA's cyber directorate is reportedly getting new leadership.
- Maximum-severity flaw allows full compromise of n8n instances.
- Jaguar Land Rover reports a 43% drop in wholesale volumes following September cyberattack.
- Attackers are exploiting a critical flaw affecting discontinued D-Link devices.
Cambodia extradites alleged scam kingpin to China.
Cambodia has extradited to China a billionaire businessman who allegedly headed a major fraud syndicate that ran forced-labor scam compounds in Cambodia, the BBC reports. 38-year-old Chen Zhi is a Chinese national who became a Cambodian citizen in 2014, although his Cambodian citizenship has since been revoked. The US Justice Department indicted Chen last year and seized $15 billion worth of his bitcoin. Chen's company, Prince Group, was also sanctioned by the US and the UK.
The New York Times says the extradition is a sign that Cambodia is beginning to bend to international pressure, particularly from China, to address the country's cyberscam industry. The US alleged that Chen had ties to Chinese state officials, and these allegations may have spurred China to exert pressure on Cambodia. The Times notes that a broader crackdown on the Cambodian cyberscam industry is unlikely, as the industry has become a pillar of the country's economy.
US withdraws from Global Forum on Cyber Expertise.
The Trump administration is withdrawing the US from two cybersecurity-focused international organizations, as part of a broader withdrawal from multilateral institutions, the Record reports. President Trump this week signed an executive order directing the US to exit 66 international bodies, on the grounds that continued participation is contrary to US interests. Among these institutions are the Global Forum on Cyber Expertise and the European Centre of Excellence for Countering Hybrid Threats. Federal agencies have been instructed to end participation and funding where legally permitted.
US Secretary of State Marco Rubio said in an accompanying statement that the administration "has found these institutions to be redundant in their scope, mismanaged, unnecessary, wasteful, poorly run, captured by the interests of actors advancing their own agendas contrary to our own."
NSA's cyber directorate is reportedly getting new leadership.
The Record reports that David Imbordino, who currently serves as the US National Security Agency's (NSA's) deputy chief, will be named acting head of NSA's cyber directorate at the end of the month. Additionally, Holly Baroody, who has previously served as executive director at Cyber Command, will return from her current post in the UK to serve as the directorate's acting deputy. The directorate's leadership will be in an acting capacity until a permanent NSA director is confirmed.
An NSA spokesperson told the Record that the agency "cannot confirm or deny any potential personnel changes."
Maximum-severity flaw allows full compromise of n8n instances.
Researchers at Cyera have discovered a maximum-security remote code execution flaw (CVE-2026-21858) in the open-source workflow automation platform n8n. The vulnerability, which Cyera calls "Ni8mare," can enable unauthenticated, remote attackers "to access files on the underlying server through execution of certain form-based workflows." This can lead to "exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage."
Cyera estimates that the issue affects approximately 100,000 servers globally. No workaround is available, and users are urged to update to n8n version 1.121.0.
Jaguar Land Rover reports a 43% drop in wholesale volumes following September cyberattack.
Jaguar Land Rover (JLR) has released sales results for its fiscal third quarter that ended December 31st, revealing the impact of a disruptive cyberattack the company sustained at the beginning of September 2025. The company's wholesale volumes fell by 43% year-on-year, and were down 10.6% compared to the previous quarter. The company stated, "Production returned to normal levels only by mid‑November post the cyber incident. Due to this and also the time required to distribute vehicles globally once produced, wholesale and retail volumes reduced on a quarter‑on‑quarter and year‑on‑year basis."
Tata Motors, which owns JLR, estimated that the attack cost at least £1.8 billion ($2.35 billion). The Register notes that the Bank of England cited the attack as a factor in slowing the UK's economic growth in calendar Q3.
Attackers are exploiting a critical flaw affecting discontinued D-Link devices.
Threat actors are exploiting a critical flaw in discontinued D-Link gateway devices that can allow unauthenticated attackers to achieve remote code execution, SecurityWeek reports. The flaw (CVE-2026-0625) is "a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameter."
The vulnerability affects devices that reached end-of-support more than five years ago, and no patches are forthcoming. D-Link advises customers to retire these devices and replace them with newer models that receive regular updates.
