54/69 Wednesday, January 28, 2026 Cybersecurity researchers from Blackpoint Cyber have identified an attack campaign that uses fake CAPTCHA prompts to install the Amatera Stealer infostealer malware. Instead of asking users to select images as in legitimate CAPTCHA challenges, the malicious website instructs victims to press Windows Key + R, paste a command, and press […]
53/69 Wednesday, January 28, 2026 Microsoft has released an out-of-band security update to address an actively exploited zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509. The vulnerability affects multiple Office versions, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise. According to Microsoft, the flaw is classified […]
52/69 Wednesday, January 28, 2026 Cloudflare has released details about a BGP route leak that occurred on January 22, impacting IPv6 traffic for approximately 25 minutes. The incident caused significant network congestion and packet loss, with traffic drops reaching up to 12 Gbps. The impact was not limited to Cloudflare customers but also affected interconnected […]
51/69 Tuesday, January 27, 2026 Researchers from Varonis have identified a new Malware-as-a-Service (MaaS) toolkit named Stanley, which is being advertised for sale on cybercrime forums for approximately USD 2,000–6,000. A key feature of Stanley is its ability to create malicious Chrome extensions that can reportedly pass Google’s review process and be published on the […]
50/69 Tuesday, January 27, 2026 Nike has confirmed that it is investigating a potential cybersecurity incident after the cybercriminal group WorldLeaks claimed it had accessed and stolen data from the company’s systems. Nike stated that it has launched an investigation to assess the impact and verify the legitimacy of the claims, emphasizing that protecting consumer […]
49/69 Tuesday, January 27, 2026 Check Point Research has reported the discovery of a new wave of cyberattacks by the Konni hacking group (also known as Earth Imp / Opal Sleet), which has expanded its targeting beyond its traditional focus on South Korea and Russia to software developers and engineering teams in the blockchain sector […]
48/69 Monday, January 26, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware vCenter Server, tracked as CVE-2024-37079 (CVSS score 9.8), to its Known Exploited Vulnerabilities (KEV) Catalog after confirming real-world exploitation. The vulnerability is caused by a heap-overflow flaw in the DCERPC protocol handling, which allows network-accessible […]
47/69 Monday, January 26, 2026 Researchers from Symantec and VMware Carbon Black have identified a new ransomware strain named Osiris, which was used in attacks in November 2025 against a major food franchise operator in Southeast Asia. The attackers leveraged a Bring Your Own Vulnerable Driver (BYOVD) technique using a malicious driver known as POORTRY […]
46/69 Monday, January 26, 2026 In late December 2025, a cyberattack targeted Poland’s energy infrastructure. According to an investigation by ESET, the operation has been attributed to the state-sponsored Sandworm group, also known as APT44, UAC-0113, and Seashell Blizzard. What makes this incident particularly notable is the use of a newly identified data-wiping malware called […]
45/69 Friday, January 23, 2026 Researchers from Dr.Web have discovered a new strain of Android malware that elevates traditional attack techniques by leveraging machine learning, specifically through the TensorFlow.js library, to conduct ad click-fraud. The malware spreads through Xiaomi’s GetApps app store, as well as via APK files from third-party sources, including modded app websites […]
