Security briefing: January 2026

This briefing summarizes January 2026 activity: a maximum-severity n8n vulnerability (Ni8mare) affecting many internet-accessible instances, Chainlit vulnerabilities (ChainLeak) enabling arbitrary file reads and SSRF leading to data exposure and lateral movement, and VoidLink—a sophisticated Chinese-developed Linux malware framework targeting cloud/container environments with on-demand kernel/rootkit compilation. The report also highlights persistent GitHub Actions abuse as backdoors, renewed large-scale LLMjacking campaigns, and destructive Russian attacks on Polish energy facilities, and provides mitigation, detection, and patching guidance for defenders.