Critical Vulnerabilities Emerge: Veeam and D-Link Under Siege
On January 7, 2026, the cybersecurity landscape was rocked by the announcement of critical vulnerabilities in Veeam's Backup & Replication software and legacy D-Link DSL routers. Veeam disclosed a remote code execution (RCE) vulnerability tracked as CVE-2025-59470, carrying a CVSS score of 9.0. This flaw poses a significant risk, allowing attackers to execute arbitrary code on systems that fail to patch immediately. Simultaneously, a command injection vulnerability (CVE-2026-0625) in D-Link routers has been identified as actively exploited, with a concerning CVSS score of 9.3. These vulnerabilities are symptomatic of a broader trend where essential software and hardware are increasingly vulnerable to sophisticated attacks. In addition, ongoing cyber incidents have highlighted the precarious state of organizational security, notably with a ransomware attack impacting ManageMyHealth, New Zealand's largest patient portal. Cybersecurity professionals must prioritize patch management and robust security measures to combat these threats effectively.
Also In Security Today
- Ransomware Hits Healthcare: ManageMyHealth, New Zealand's leading patient portal, suffered a ransomware attack, prompting extensive security reviews across healthcare practices. Ogun Security.
- Credential Theft Campaigns: A large-scale credential theft campaign has exploited the absence of enforced multi-factor authentication, resulting in breaches across approximately 50 organizations. CyberSecBrief.
- Increased Threat Activity: January has seen a surge in cyber attacks targeting government and healthcare sectors, raising alarms about the vulnerabilities inherent in these critical infrastructures. Cyber Recaps.