π¨ Zoom and GitLab shipped urgent security fixes.
β€ Zoom patched a critical RCE (CVSS 9.9) in Node MMRs that could let a meeting participant run code.
β€ GitLab fixed high-severity bugs enabling unauthenticated DoS and a 2FA bypass.
π Details on affected versions and patches β https://thehackernews.com/2026/01/zoom-and-gitlab-release-security.html
β€ Zoom patched a critical RCE (CVSS 9.9) in Node MMRs that could let a meeting participant run code.
β€ GitLab fixed high-severity bugs enabling unauthenticated DoS and a 2FA bypass.
π Details on affected versions and patches β https://thehackernews.com/2026/01/zoom-and-gitlab-release-security.html
π₯12π3
π§βπ» North Korean actors behind the Contagious Interview campaign targeted 3,136 IPs, researchers say.
The activity hit AI, crypto, finance, and software firms across Europe, Asia, and the Middle East.
πΌ Hiring processes were the entry point.
π Learn more β https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html
The activity hit AI, crypto, finance, and software firms across Europe, Asia, and the Middle East.
πΌ Hiring processes were the entry point.
π Learn more β https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html
π9π7
π¨ Cisco fixed an actively exploited zero-day in its voice and collaboration stack.
CVE-2026-20045 allows unauthenticated attackers to run commands and escalate to root on exposed Unified CM and Webex Calling systems.
πDetails β https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html
CVE-2026-20045 allows unauthenticated attackers to run commands and escalate to root on exposed Unified CM and Webex Calling systems.
πDetails β https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html
π₯9π€7π4π2β‘1
π¨ Fortinet FortiGate under automated SSO abuse.
Attackers exploit CVE-2025-59718/59719 to add admin users, enable VPN access, and export firewall configs within seconds, per Arctic Wolf.
π Learn whatβs happening and what to disable β https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html
Attackers exploit CVE-2025-59718/59719 to add admin users, enable VPN access, and export firewall configs within seconds, per Arctic Wolf.
π Learn whatβs happening and what to disable β https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html
π€8β‘5π4
Model Context Protocol (MCP) connects AI models directly to live enterprise systems.
One compromised MCP server can expose data, tokens, and APIs at scale.
Most existing security tools have little to no visibility into this layer.
π MCP risks and why they matter β https://thehackernews.com/expert-insights/2026/01/do-you-really-know-your-ai-landscape.html
One compromised MCP server can expose data, tokens, and APIs at scale.
Most existing security tools have little to no visibility into this layer.
π MCP risks and why they matter β https://thehackernews.com/expert-insights/2026/01/do-you-really-know-your-ai-landscape.html
π₯9β‘5π2
π¨ SmarterMail flaw is under active attack within 48 hours of patching.
The bug lets attackers bypass auth, reset the admin password, then abuse built-in admin features to run OS commands as SYSTEM.
Activity points to patch reverse-engineering.
π Details β https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html
The bug lets attackers bypass auth, reset the admin password, then abuse built-in admin features to run OS commands as SYSTEM.
Activity points to patch reverse-engineering.
π Details β https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html
π8π4π±3β‘1
π¨ Fake SymPy on PyPI is targeting Linux devs. The package sympy-dev clones the real project text, poses as a dev build, and has 1,100+ downloads since Jan 17.
It activates only when certain math functions run, then loads an XMRig miner fully in memory to avoid traces.
π Learn how the loader works β https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html
It activates only when certain math functions run, then loads an XMRig miner fully in memory to avoid traces.
π Learn how the loader works β https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html
π€―7β‘1
Learn cybersecurity risk management from the experts at Georgetown. Attend our webinar on TBD.
Sign up - https://thn.news/risk-mgmt-insight
Sign up - https://thn.news/risk-mgmt-insight
π6
β οΈπ§ Email is still the easiest way in.
In Google Workspace, BEC attacks often carry no links or malware, so native defenses miss them. One compromised inbox can expose years of sensitive email and files.
Hardening helps, but blind spots remain.
π Gmail limits, real attack paths β https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html
In Google Workspace, BEC attacks often carry no links or malware, so native defenses miss them. One compromised inbox can expose years of sensitive email and files.
Hardening helps, but blind spots remain.
π Gmail limits, real attack paths β https://thehackernews.com/2026/01/filling-most-common-gaps-in-google.html
π8
Behind every bar in this report is time won, money saved, or risk stopped.
@anyrun_app helps businesses boost DR by 36% & reduce MTTR by 21 minutes with better attack visibility for SOC & MSSP teams.
See how it can support your org in 2026 π https://thn.news/threat-intel-hub
@anyrun_app helps businesses boost DR by 36% & reduce MTTR by 21 minutes with better attack visibility for SOC & MSSP teams.
See how it can support your org in 2026 π https://thn.news/threat-intel-hub
π₯8
π₯ ThreatsDay Bulletin β Get this weekβs active threat landscape...
π Zero-click Pixel exploit
𧱠EU moves to lock down the tech supply chain
π·οΈ Mass WordPress plugin reconnaissance
π’ Malvertising β infostealers & RATs
π§Ύ Fake invoices, loans, and proxyware abuse
π 18,000+ active C2 servers exposed
πΈ Crypto scams racing past $17B
π§ ATM malware ring dismantled
π Read all 20 updates β https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html
π Zero-click Pixel exploit
𧱠EU moves to lock down the tech supply chain
π·οΈ Mass WordPress plugin reconnaissance
π’ Malvertising β infostealers & RATs
π§Ύ Fake invoices, loans, and proxyware abuse
π 18,000+ active C2 servers exposed
πΈ Crypto scams racing past $17B
π§ ATM malware ring dismantled
π Read all 20 updates β https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html
π4π€4β‘2π2
π¨ An 11-year-old critical flaw in GNU InetUtils telnetd lets attackers log in as root with no password.
Tracked as CVE-2026-24061 (CVSS 9.8), it affects all versions 1.9.3β2.7 due to an unsanitized USER environment value passed to login.
β οΈ Exploitation has already been observed in the wild.
π Read βhttps://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html
Tracked as CVE-2026-24061 (CVSS 9.8), it affects all versions 1.9.3β2.7 due to an unsanitized USER environment value passed to login.
β οΈ Exploitation has already been observed in the wild.
π Read βhttps://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html
π€―18π±4π₯2β‘1π1
β οΈ Osiris ransomware hit a major food service operator in Southeast Asia, researchers say.
The attack used a custom POORTRY driver to shut down security tools, then encrypted systems and exfiltrated data to cloud storage.
π Details here β https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html
The attack used a custom POORTRY driver to shut down security tools, then encrypted systems and exfiltrated data to cloud storage.
π Details here β https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html
π12π±7π₯2β‘1
π οΈβ οΈ Attackers are abusing trusted IT tools, not deploying malware.
A new campaign steals email logins, then installs legitimate RMM software for silent, long-term access.
Because the tools are signed and allowed, many security controls donβt trigger.
π Details β https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html
A new campaign steals email logins, then installs legitimate RMM software for silent, long-term access.
Because the tools are signed and allowed, many security controls donβt trigger.
π Details β https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html
π5π3π±3β‘2
πΊπΈ TikTok confirmed a new U.S. joint venture to stay operational in the country.
ByteDance will reduce its stake to 19.9%, giving majority control to U.S. investors.
U.S. user data and algorithms will move to Oracleβs U.S. cloud with third-party security audits.
π Read β https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html
ByteDance will reduce its stake to 19.9%, giving majority control to U.S. investors.
U.S. user data and algorithms will move to Oracleβs U.S. cloud with third-party security audits.
π Read β https://thehackernews.com/2026/01/tiktok-forms-us-joint-venture-to.html
π9π±5π€3π€―1
π¨ Fortinet confirms active exploitation of CVE-2025-59718 / 59719, allowing FortiGate FortiCloud SSO bypass β even on fully patched devices.
Attackers abuse crafted SAML logins to gain admin access, add persistent accounts, enable VPN, and steal configs. Disabling FortiCloud SSO is advised.
π Details β https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html
Attackers abuse crafted SAML logins to gain admin access, add persistent accounts, enable VPN, and steal configs. Disabling FortiCloud SSO is advised.
π Details β https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html
π8π±5β‘1
π¨ CISA added four exploited vulnerabilities to its KEV list, impacting Zimbra, Versa SD-WAN, Vite, and a compromised npm package linked to a supply-chain attack.
β³ U.S. federal agencies must apply fixes by Feb 12 under BOD 22-01.
π CVEs, fixes, and deadlines β https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html
β³ U.S. federal agencies must apply fixes by Feb 12 under BOD 22-01.
π CVEs, fixes, and deadlines β https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html
π₯7π3β‘1