50/69 Tuesday, January 27, 2026 Nike has confirmed that it is investigating a potential cybersecurity incident after the cybercriminal group WorldLeaks claimed it had accessed and stolen data from the company’s systems. Nike stated that it has launched an investigation to assess the impact and verify the legitimacy of the claims, emphasizing that protecting consumer […]
49/69 Tuesday, January 27, 2026 Check Point Research has reported the discovery of a new wave of cyberattacks by the Konni hacking group (also known as Earth Imp / Opal Sleet), which has expanded its targeting beyond its traditional focus on South Korea and Russia to software developers and engineering teams in the blockchain sector […]
48/69 Monday, January 26, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware vCenter Server, tracked as CVE-2024-37079 (CVSS score 9.8), to its Known Exploited Vulnerabilities (KEV) Catalog after confirming real-world exploitation. The vulnerability is caused by a heap-overflow flaw in the DCERPC protocol handling, which allows network-accessible […]
47/69 Monday, January 26, 2026 Researchers from Symantec and VMware Carbon Black have identified a new ransomware strain named Osiris, which was used in attacks in November 2025 against a major food franchise operator in Southeast Asia. The attackers leveraged a Bring Your Own Vulnerable Driver (BYOVD) technique using a malicious driver known as POORTRY […]
46/69 Monday, January 26, 2026 In late December 2025, a cyberattack targeted Poland’s energy infrastructure. According to an investigation by ESET, the operation has been attributed to the state-sponsored Sandworm group, also known as APT44, UAC-0113, and Seashell Blizzard. What makes this incident particularly notable is the use of a newly identified data-wiping malware called […]
45/69 Friday, January 23, 2026 Researchers from Dr.Web have discovered a new strain of Android malware that elevates traditional attack techniques by leveraging machine learning, specifically through the TensorFlow.js library, to conduct ad click-fraud. The malware spreads through Xiaomi’s GetApps app store, as well as via APK files from third-party sources, including modded app websites […]
44/69 Friday, January 23, 2026 Zoom has released security updates to address multiple vulnerabilities, including a critical flaw in Zoom Node Multimedia Routers (MMRs) tracked as CVE-2026-22844 with a CVSS score of 9.9. The vulnerability is a command injection issue that could allow a meeting participant with network access to execute remote code (RCE) on […]
43/69 Friday, January 23, 2026 Cisco has issued a security advisory and released software updates to address CVE-2026-20045, a critical Remote Code Execution (RCE) vulnerability affecting its enterprise communications products, including Cisco Unified Communications Manager (Unified CM), Unified CM SME, Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. Cisco’s Product […]
42/69 Thursday, January 22, 2026 Cybersecurity researchers have disclosed a data-stealing malware campaign dubbed Evelyn Stealer, which specifically targets software developers by spreading through malicious extensions on Visual Studio Code (VS Code). Once a victim installs a compromised extension, the malware downloads a malicious DLL and executes its primary payload using process injection, embedding itself […]
41/69 Thursday, January 22, 2026 Cybersecurity researchers have disclosed a critical security vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress, which could allow unauthenticated remote attackers to escalate their privileges to Administrator level. The vulnerability, tracked as CVE-2025-14533, affects ACF Extended versions 0.9.2.1 and earlier. The plugin is reportedly installed on […]
