themissingsunday
#tech-news

Weekly Scan: Cloud, Cybersecurity, AI News — Jan 23, 2026

Weekly Scan: Cloud, Cybersecurity, AI News — Jan 23, 2026

⚠️ Audio playback is not supported in your browser. Please try Chrome, Edge, or Safari for the best experience.

#This Week in Security: Your News Briefing

Welcome to your weekly security roundup. We’ve tracked down the 10 most important stories this week—the ones everyone’s talking about, from critical threats to emerging trends that could shape your security posture. Leading the news this week is Appsec Roundup - June 2025, which has sparked conversation across 9 sources. Meanwhile, the industry is closely tracking Secure By Design roundup - November 2025 with 5 mentions, along with emerging details on CVE-2026-24407 | InternationalColorConsortium iccDEV up to…, ON SemiconductorのQCS-AX2-A12 ファームウェア等の複数製品における引数の挿入または変更に関する脆弱性, and CVE-2025-59718. Here’s the full breakdown of what you need to know.

#🚨 Critical Threats This Week

First, the stories that demand your immediate attention:

  1. Appsec Roundup - June 2025 Mentioned across 9 industry sources this week. Lots of fascinating threat model-related advances, new risk management tools, games, and more!. Get the details →

  2. CVE-2026-24407 | InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2 icSigCalcOp denial of service (ID 481) Mentioned across 5 industry sources this week. A vulnerability identified as problematic has been detected in InternationalColorConsortium iccDEV up to 2. Get the details →

  3. CVE-2025-59718 Mentioned across 3 industry sources this week. Currently trending CVE - Hype Score: 21 - A improper verification of cryptographic signature vulnerability in Fortinet F. Get the details →

#🛠️ Tools, Updates & Releases

New capabilities and releases worth knowing about:

  1. Secure By Design roundup - November 2025 Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, po. Referenced in 5 stories this week. Explore →

  2. ON SemiconductorのQCS-AX2-A12 ファームウェア等の複数製品における引数の挿入または変更に関する脆弱性 QuantennaのWi-Fiチップセットには、ローカル制御スクリプトであるrouter_command. Referenced in 4 stories this week. Explore →

  3. Meeting Third-Party Risk Requirements of DORA in 2026 | UpGuard Learn how to achieve compliance with the third-party risk management standards of the Digital Operat. Referenced in 3 stories this week. Explore →

#What You Should Do Next

Monitor these in your environment next week:

  • Any new CVE announcements related to systems you operate
  • Emerging attack techniques being discussed in the community
  • Updates and patches for tools your team uses

Have a look at the full deep-dives in the trending stories below. Each one provides context that could inform your security decisions this week.

  1. Key Threat Intel & Vulnerability Stories (13 mentions) This week’s critical security updates and vulnerability disclosures:

  2. Appsec Roundup - June 2025 (9 mentions) Lots of fascinating threat model-related advances, new risk management tools, games, and more! Read more

  3. Secure By Design roundup - November 2025 (5 mentions) Perspective on CISOs as facilitators, a deep dive into the types of diagrams for medical devices, poetry, Chinese LLMs, Chinese drones and Chinese routers. Do any of them contain secrets? Read more

  4. ON SemiconductorのQCS-AX2-A12 ファームウェア等の複数製品における引数の挿入または変更に関する脆弱性 (4 mentions) QuantennaのWi-Fiチップセットには、ローカル制御スクリプトであるrouter_command.sh(get_syslog_from_qtn引数内)にコマンドインジェクションの脆弱性があります。これはCWE-88「コマンド内の引数区切り記号の不適切な無害化(引数インジェクション)」の一例であり、CVSS 7.7(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)と評価されています。本脆弱性は、最新SDKのバージョン8.0.0.28までのQu… Read more

  5. MedDream PACS Premium sendOruReport reflected cross-site scripting (XSS) vulnerability (3 mentions) Read more

  6. Meeting Third-Party Risk Requirements of DORA in 2026 | UpGuard (3 mentions) Learn how to achieve compliance with the third-party risk management standards of the Digital Operational Resilience Act (DORA) Read more

  7. Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION (2 mentions) A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international pre… Read more

#Article Summary

Total Articles Scanned: 595

#AI & LLM

  • Inside Praktika’s conversational approach to language learning How Praktika uses GPT-4.1 and GPT-5.2 to build adaptive AI tutors that personalize lessons, track progress, and help learners achieve real-world language fluency Read more

  • Inside GPT-5 for Work: How Businesses Use GPT-5 A data-driven report on how workers across industries use ChatGPT—covering adoption trends, top tasks, departmental patterns, and the future of AI at work. Read more

  • How Higgsfield turns simple ideas into cinematic social videos Discover how Higgsfield gives creators cinematic, social-first video output from simple inputs using OpenAI GPT-4.1, GPT-5, and Sora 2. Read more

  • Introducing ChatGPT Go, now available worldwide ChatGPT Go is now available worldwide, offering expanded access to GPT-5.2 Instant, higher usage limits, and longer memory—making advanced AI more affordable globally. Read more

  • Netomi’s lessons for scaling agentic systems into the enterprise How Netomi scales enterprise AI agents using GPT-4.1 and GPT-5.2—combining concurrency, governance, and multi-step reasoning for reliable production workflows. Read more

  • How Tolan builds voice-first AI with GPT-5.1 Tolan built a voice-first AI companion with GPT-5.1, combining low-latency responses, real-time context reconstruction, and memory-driven personalities for natural conversations. Read more

#Cloud

  • Amazon Neptune Analytics is now available in 7 additional regions Amazon Neptune Analytics is now available in US West (N. California), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Hong Kong), Europe (Stockholm), Europe (Paris), and South America (São Paulo) regions. You can now create and manage Neptune Analytics graphs in these new regions and ru… Read more

  • Amazon EC2 G7e instances are now generally available Today, Amazon announces the general availability of Amazon Elastic Compute Cloud (Amazon EC2) G7e instances, accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large lang… Read more

  • Amazon Corretto January 2026 Quarterly Updates On January 20, 2026 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482 are now available for download . Amazon Corretto is a no-cost, multi-platform, production-ready dis… Read more

  • Amazon RDS now supports the latest CU and GDR updates for Microsoft SQL Server Amazon Relational Database Service (Amazon RDS) for SQL Server now supports the latest General Distribution Release (GDR) updates for Microsoft SQL Server. This release includes support for Microsoft SQL Server 2016 SP3+GDR KB5068401 (RDS version 13.00.6475.1.v1), SQL Server 2017 CU31+GDR KB50684… Read more (Covered by: AWS News)

  • Amazon Bedrock introduces API keys to streamline development in GovCloud regions API keys for Amazon Bedrock are now available in AWS GovCloud (US) regions, expanding a feature that simplifies authentication and accelerates generative AI development. Originally launched in commercial AWS regions in July 2025, API keys for Amazon Bedrock enable developers to quickly generate a… Read more

  • ServiceNow’s Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations The critical ServiceNow Virtual Agent vulnerability highlights a vital lesson: securing agentic AI requires a return to traditional AppSec foundations. While AI can amplify risks, the root causes often stem from classic failures in authentication and authorization. Read more

#Cyber Regulatory

  • Promoting AI Security — Acting Assistant Privacy Commissioner Speaks at the GenA.I. Symposium Read more (Covered by: Hong Kong PCPD)

  • ON SemiconductorのQCS-AX2-A12 ファームウェア等の複数製品における引数の挿入または変更に関する脆弱性 A command injection vulnerability Read more (Covered by: JVN Vulnerability Notes)

  • 複数のASUSTeK COMPUTER製ルーターにおけるコマンドインジェクションの脆弱性 ASUSTeK COMPUTER INC.が提供する複数のルーターには、ルーターに搭載されたAiCloud機能において、任意のコマンドが実行される脆弱性が存在します。 コマンドインジェクション(CWE-77)- CVE-2025-2492 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方がIPAに報告し、JPCERT/CCが開発者との調整を行いました。 報告者:情報通信研究機構 サイバーセキュリティ研究所 NICTER 解析チーム Read more

  • Rockwell Automation製Verve Asset Managerにおける複数の脆弱性 Rockwell Automationが提供するVerve Asset Managerには、次の複数の脆弱性が存在します。 保存された機微な情報に対するアクセス権設定の不備(CWE-922) - CVE-2025-14376 重要な情報の平文保存(CWE-312) - CVE-2025-14377 Read more

  • 複数のSchneider Electric製品における複数の脆弱性 Schneider Electricが提供する複数の製品には、次の複数の脆弱性が存在します。 情報漏えい(CWE-200) - CVE-2018-12130 入力データの整合性検証不備(CWE-1288) - CVE-2022-47378、CVE-2022-47392、CVE-2022-47391 境界外書き込み(CWE-787) - CVE-2022-47379、CVE-2023-37557 スタックベースのバッファオーバーフロー(CWE-121) - CVE-2022-47380、 CVE-2022-47381、 CVE-2022-47382、 CVE-2022-47383、 CVE… Read more

  • PRIMERGYが搭載する「iRMC S5/S6」における不適切な権限設定の脆弱性 エフサステクノロジーズ株式会社が提供する「iRMC S5/S6」は、同社製サーバ製品PRIMERGY(プライマジー)が搭載するリモート管理モジュールです。 「iRMC S5/S6」には、次の脆弱性が存在します。 不適切な権限設定(CWE-863、 CVE-2025-65002 ) この脆弱性情報は、製品利用者への周知を目的に、開発者がJPCERT/CCに報告し、JPCERT/CCが開発者との調整を行いました。 Read more

  • Trend Micro Apex Centralにおける複数の脆弱性(2026年1月) トレンドマイクロ株式会社から、CVE-2025-69258、CVE-2025-69259、CVE-2025-69260の対策を行ったTrend Micro Apex Central向けのアップデートが公開されました。 この脆弱性情報は、製品利用者への周知を目的に、開発者がJPCERT/CCに報告し、JPCERT/CCが開発者との調整を行いました。 Read more

  • ISC BINDにサービス運用妨害(DoS)につながる脆弱性(CVE-2025-13878) ISC(Internet Systems Consortium)が提供するISC BINDには、BRID/HHITレコードの処理に問題があり、意図的にアサーション違反を発生させられる脆弱性(CWE-617、 CVE-2025-13878 )が存在します。結果としてサービス運用妨害(DoS)を引き起こされる可能性があります。 Read more

Share this post