Monthly Archives: January 2026

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the...

27
Jan
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put...

27
Jan
Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited...

27
Jan
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor...

26
Jan
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are...

26
Jan
Why Non-Punitive Cultures Strengthen Your Security Program

Every company has a unique work culture. You may have heard various cultures referred to...

26
Jan
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits...

26
Jan
Winning Against AI-Based Attacks Requires a Combined Defensive Approach

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of...

26
Jan
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated...

26
Jan
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and...

24
Jan
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Russian nation-state hacking group known as Sandworm has been attributed to what has been...

24
Jan
Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows,...

24
Jan
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw...

24
Jan
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to...

23
Jan
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass...

23
Jan
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok on Friday officially announced that it formed a joint venture that will allow the...

23
Jan
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to...

23
Jan
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign...

23
Jan
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a...

22
Jan
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that...

22
Jan
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems...

22
Jan
Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without...

22
Jan
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

A new malicious package discovered in the Python Package Index (PyPI) has been found to...

22
Jan
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in...

22
Jan
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a “new cluster of automated malicious activity” that...

22
Jan
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released fresh patches to address what it described as a “critical” security vulnerability...

22
Jan
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview...

21
Jan
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that...

21
Jan
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Every managed security provider is chasing the same problem in 2026 — too many alerts,...

21
Jan
Exposure Assessment Platforms Signal a Shift in Focus

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the...

21
Jan