56/69 Thursday, January 29, 2026 Shadowserver has reported the detection of more than 6,000 SmarterMail servers that are exposed to the internet and are likely affected by a critical authentication bypass vulnerability, tracked as CVE-2026-23760. The vulnerability was disclosed by cybersecurity firm watchTowr on January 8, 2026, and was patched by SmarterTools on January 15, […]
55/69 Thursday, January 29, 2026 Cybersecurity experts are warning that a high-severity vulnerability in WinRAR, tracked as CVE-2025-8088, continues to be actively exploited by a wide range of threat actors, including state-sponsored groups and financially motivated cybercriminals. The flaw is a path traversal vulnerability that abuses Alternate Data Streams (ADS) to write malicious files to […]
54/69 Wednesday, January 28, 2026 Cybersecurity researchers from Blackpoint Cyber have identified an attack campaign that uses fake CAPTCHA prompts to install the Amatera Stealer infostealer malware. Instead of asking users to select images as in legitimate CAPTCHA challenges, the malicious website instructs victims to press Windows Key + R, paste a command, and press […]
53/69 Wednesday, January 28, 2026 Microsoft has released an out-of-band security update to address an actively exploited zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509. The vulnerability affects multiple Office versions, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise. According to Microsoft, the flaw is classified […]
52/69 Wednesday, January 28, 2026 Cloudflare has released details about a BGP route leak that occurred on January 22, impacting IPv6 traffic for approximately 25 minutes. The incident caused significant network congestion and packet loss, with traffic drops reaching up to 12 Gbps. The impact was not limited to Cloudflare customers but also affected interconnected […]
51/69 Tuesday, January 27, 2026 Researchers from Varonis have identified a new Malware-as-a-Service (MaaS) toolkit named Stanley, which is being advertised for sale on cybercrime forums for approximately USD 2,000–6,000. A key feature of Stanley is its ability to create malicious Chrome extensions that can reportedly pass Google’s review process and be published on the […]
50/69 Tuesday, January 27, 2026 Nike has confirmed that it is investigating a potential cybersecurity incident after the cybercriminal group WorldLeaks claimed it had accessed and stolen data from the company’s systems. Nike stated that it has launched an investigation to assess the impact and verify the legitimacy of the claims, emphasizing that protecting consumer […]
49/69 Tuesday, January 27, 2026 Check Point Research has reported the discovery of a new wave of cyberattacks by the Konni hacking group (also known as Earth Imp / Opal Sleet), which has expanded its targeting beyond its traditional focus on South Korea and Russia to software developers and engineering teams in the blockchain sector […]
48/69 Monday, January 26, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware vCenter Server, tracked as CVE-2024-37079 (CVSS score 9.8), to its Known Exploited Vulnerabilities (KEV) Catalog after confirming real-world exploitation. The vulnerability is caused by a heap-overflow flaw in the DCERPC protocol handling, which allows network-accessible […]
47/69 Monday, January 26, 2026 Researchers from Symantec and VMware Carbon Black have identified a new ransomware strain named Osiris, which was used in attacks in November 2025 against a major food franchise operator in Southeast Asia. The attackers leveraged a Bring Your Own Vulnerable Driver (BYOVD) technique using a malicious driver known as POORTRY […]
