Cybersecurity Articles

48/69 Monday, January 26, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware vCenter Server, tracked as CVE-2024-37079 (CVSS score 9.8), to its Known Exploited Vulnerabilities (KEV) Catalog after confirming real-world exploitation. The vulnerability is caused by a heap-overflow flaw in the DCERPC protocol handling, which allows network-accessible […]

47/69 Monday, January 26, 2026 Researchers from Symantec and VMware Carbon Black have identified a new ransomware strain named Osiris, which was used in attacks in November 2025 against a major food franchise operator in Southeast Asia. The attackers leveraged a Bring Your Own Vulnerable Driver (BYOVD) technique using a malicious driver known as POORTRY […]

46/69 Monday, January 26, 2026 In late December 2025, a cyberattack targeted Poland’s energy infrastructure. According to an investigation by ESET, the operation has been attributed to the state-sponsored Sandworm group, also known as APT44, UAC-0113, and Seashell Blizzard. What makes this incident particularly notable is the use of a newly identified data-wiping malware called […]

45/69 Friday, January 23, 2026 Researchers from Dr.Web have discovered a new strain of Android malware that elevates traditional attack techniques by leveraging machine learning, specifically through the TensorFlow.js library, to conduct ad click-fraud. The malware spreads through Xiaomi’s GetApps app store, as well as via APK files from third-party sources, including modded app websites […]

44/69 Friday, January 23, 2026 Zoom has released security updates to address multiple vulnerabilities, including a critical flaw in Zoom Node Multimedia Routers (MMRs) tracked as CVE-2026-22844 with a CVSS score of 9.9. The vulnerability is a command injection issue that could allow a meeting participant with network access to execute remote code (RCE) on […]

43/69 Friday, January 23, 2026 Cisco has issued a security advisory and released software updates to address CVE-2026-20045, a critical Remote Code Execution (RCE) vulnerability affecting its enterprise communications products, including Cisco Unified Communications Manager (Unified CM), Unified CM SME, Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. Cisco’s Product […]

42/69 Thursday, January 22, 2026 Cybersecurity researchers have disclosed a data-stealing malware campaign dubbed Evelyn Stealer, which specifically targets software developers by spreading through malicious extensions on Visual Studio Code (VS Code). Once a victim installs a compromised extension, the malware downloads a malicious DLL and executes its primary payload using process injection, embedding itself […]

41/69 Thursday, January 22, 2026 Cybersecurity researchers have disclosed a critical security vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress, which could allow unauthenticated remote attackers to escalate their privileges to Administrator level. The vulnerability, tracked as CVE-2025-14533, affects ACF Extended versions 0.9.2.1 and earlier. The plugin is reportedly installed on […]

40/69 Thursday, January 22, 2026 Security researchers from Huntress have identified a new cyberattack campaign linked to a threat group known as KongTuke, which primarily targets corporate networks. The attackers use a technique dubbed “CrashFix.” The attack begins by luring users into installing a fake ad-blocking browser extension on Google Chrome called NexShield, which is […]

39/69 Wednesday, January 21, 2026 TP-Link has released a security update to address a high-severity vulnerability, tracked as CVE-2026-0629, affecting more than 32 models of VIGI C and VIGI InSight surveillance cameras. The flaw is an authentication bypass vulnerability related to the password recovery function in the device’s web-based management interface, which is widely used […]