ThaiCERT

45/69 Friday, January 23, 2026 Researchers from Dr.Web have discovered a new strain of Android malware that elevates traditional attack techniques by leveraging machine learning, specifically through the TensorFlow.js library, to conduct ad click-fraud. The malware spreads through Xiaomi’s GetApps app store, as well as via APK files from third-party sources, including modded app websites […]

44/69 Friday, January 23, 2026 Zoom has released security updates to address multiple vulnerabilities, including a critical flaw in Zoom Node Multimedia Routers (MMRs) tracked as CVE-2026-22844 with a CVSS score of 9.9. The vulnerability is a command injection issue that could allow a meeting participant with network access to execute remote code (RCE) on […]

43/69 Friday, January 23, 2026 Cisco has issued a security advisory and released software updates to address CVE-2026-20045, a critical Remote Code Execution (RCE) vulnerability affecting its enterprise communications products, including Cisco Unified Communications Manager (Unified CM), Unified CM SME, Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. Cisco’s Product […]

42/69 Thursday, January 22, 2026 Cybersecurity researchers have disclosed a data-stealing malware campaign dubbed Evelyn Stealer, which specifically targets software developers by spreading through malicious extensions on Visual Studio Code (VS Code). Once a victim installs a compromised extension, the malware downloads a malicious DLL and executes its primary payload using process injection, embedding itself […]

41/69 Thursday, January 22, 2026 Cybersecurity researchers have disclosed a critical security vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress, which could allow unauthenticated remote attackers to escalate their privileges to Administrator level. The vulnerability, tracked as CVE-2025-14533, affects ACF Extended versions 0.9.2.1 and earlier. The plugin is reportedly installed on […]

40/69 Thursday, January 22, 2026 Security researchers from Huntress have identified a new cyberattack campaign linked to a threat group known as KongTuke, which primarily targets corporate networks. The attackers use a technique dubbed “CrashFix.” The attack begins by luring users into installing a fake ad-blocking browser extension on Google Chrome called NexShield, which is […]

39/69 Wednesday, January 21, 2026 TP-Link has released a security update to address a high-severity vulnerability, tracked as CVE-2026-0629, affecting more than 32 models of VIGI C and VIGI InSight surveillance cameras. The flaw is an authentication bypass vulnerability related to the password recovery function in the device’s web-based management interface, which is widely used […]

38/69 Wednesday, January 21, 2026 Ingram Micro, a global technology distributor and supply chain services provider, disclosed that it detected a ransomware-related cyberattack on July 3, 2025. The investigation revealed that unauthorized actors accessed and exfiltrated files from the company’s internal systems between July 2 and July 3, 2025. As a result of the incident, […]

37/69 Wednesday, January 21, 2026 Cybersecurity researchers from Resecurity have identified a new malware strain named PDFSider while investigating a security incident at a Fortune 100 financial company. The malware has reportedly been used by multiple threat actors-including the Qilin ransomware group-to gain initial access and maintain long-term persistence within compromised environments. The attack chain […]

36/69 Tuesday, January 20, 2026 Microsoft has released out-of-band (OOB) updates for Windows 10, Windows 11, and Windows Server to address two critical issues introduced by the January 2026 security updates. The first issue affects Microsoft 365 Cloud PC, Remote Desktop services, and Azure Virtual Desktop, where some users experience credential prompt failures, preventing them […]