Critical Moxa switch flaw CVE-2024-12297 permits authentication bypass via flawed authorization logic; vendor updates required.

CVE-2025-14740: Docker Desktop for Windows installer miscreates C:\ProgramData\DockerDesktop allowing TOCTOU and pre-create ownership attacks leading to potential code execution.

Autodesk Arnold USD functionality vulnerable to OOB write (CVE-2026-0659) enabling code execution with user interaction; patches available.

Autodesk published fixes for multiple 3ds Max vulnerabilities (several CVEs) that could lead to code execution requiring user interaction.

NGINX OSS/Plus vulnerability CVE-2026-1642 can enable upstream MITM to inject plaintext into proxied responses under specific configurations; update recommended.

Cisco AsyncOS DVS engine vulnerability lets crafted archive files bypass anti-malware scanning on Secure Web Appliance devices; fixes available.

Cisco Meeting Management Certificate Management flaw (CVE-2026-20098) allows authenticated users with video-operator role to upload files and achieve root-level code execution.

Cisco Prime Infrastructure authenticated stored XSS (CVE-2026-20111) could allow code execution in admin browser sessions; requires valid admin credentials.

Cisco reports CVE-2026-20119: crafted text rendering can trigger a denial-of-service (device reload) on TelePresence CE and RoomOS devices.

DEAD#VAX deploys obfuscated scripts and IPFS-hosted VHD phishing files to stage in-memory AsyncRAT, avoiding disk artifacts.

Cisco warns CVE-2026-20123: EPNM and Prime Infrastructure input validation flaw enabling HTTP redirect to attacker pages; patch available.

Analysis finds Nitrogen's ESXi-targeting ransomware corrupts public key material, making decryption impossible even if ransom paid.

F5 advises CVE-2026-20732: an undisclosed BIG-IP configuration utility page allows an attacker to spoof error messages; apply fixes.

Finland's finance industry reports €70M+ stolen last year via phishing, investment scams and account takeover; banks recovered or blocked over half.

Samsung published January 2026 mobile security updates covering numerous CVEs across device firmware and platform components; apply vendor advisories.

F5 warns CVE-2026-22548: certain WAF/ASM policies can cause the BIG-IP bd process to terminate, creating DoS conditions; patch recommended.

Two critical Looker flaws allow cross-tenant remote code execution and exfiltration of secrets, affecting thousands of enterprise customers.

F5 reports CVE-2026-20730 in BIG-IP Edge Client and browser VPNs for Windows allowing potential access to sensitive information; apply updates.

CVE-2025-22225 (ESXi arbitrary kernel write) now observed used by ransomware gangs to escape VM sandbox and attack hosts.

F5 discloses CVE-2026-22549: excessive permissions in Container Ingress Services may allow reading of cluster secrets; apply vendor fix.

Amaranth Dragon (linked to APT41) exploited CVE-2025-8088 in WinRAR to deliver Amaranth Loader and encrypted payloads to regional government and law-enforcement targets.

Unauthenticated endpoint in Apache Answer disclosed full revision history for deleted content (CVE-2026-24735); upgrade to 2.0.0 fixes the issue.

RSAC 2026 registration and programme listing available for the security industry conference in March 2026.

Poll and industry commentary show attack-surface visibility, cloud/hybrid security and identity controls as key 2026 infrastructure security priorities.

CSO outlines seven core cybersecurity projects for 2026, including IAM modernisation, email security, AI vulnerability discovery and zero-trust.

Argus v2.0, a Python reconnaissance toolkit consolidating 135 modules, is released as an open-source platform to support OSINT and attack-surface discovery.

Firmware vulnerabilities in multiple Redmi Buds models let attackers access call data or trigger firmware crashes, impacting device confidentiality and availability.

Authorities added the alleged Black Basta organiser to EU Most Wanted and INTERPOL Red Notice; two suspects identified in Ukraine.

Cross-site scripting in the StealC stealer panel allowed researchers to observe system fingerprints, sessions and operator activity for an active threat actor.

Infoblox researchers used lame nameserver delegation to intercept millions of malicious push ads and gain visibility into an affiliate ad network without compromising systems.

Critical ServiceNow flaw tracked as CVE-2025-12420 ('BodySnatcher') lets unauthenticated attackers impersonate any user and execute privileged AI agents, bypassing MFA and SSO in some configurations.

Canadian Investment Regulatory Organization detected a cybersecurity threat on Aug 11, 2025; some member firm and registrant data may have been affected.

GhostPoster extensions (17 discovered) amassed 840,000+ installs across Chrome/Firefox/Edge and were used to quietly harvest user data over years.

KongTuke distributed malicious browser extensions impersonating adblockers to show fake crash warnings that trick users into running PowerShell, delivering a Python RAT (ModeloRAT).

Microsofts January update KB5074109 (13 Jan 2026) introduced an authentication regression causing immediate sign-in failures in some Remote Desktop/Azure Virtual Desktop environments.

Critical Kerberos relay vulnerability abuses DNS CNAME responses to coerce service ticket requests, enabling credential relay even with NTLM disabled.

A revised licensing policy would permit sales of Nvidia H200 chips to Chinese firms, prompting congressional concern over national security implications.

Experts say Lt. Gen. Joshua Rudd's Indo-Pacific command experience strengthens US cyber posture in relation to China.

GitHub's December availability report describes five incidents that degraded performance across services and outlines corrective actions.

Kyowon Group disclosed operational disruption and possible customer data exposure following a ransomware-related incident.

Main Street businesses across Australia, New Zealand and the South Pacific experienced increased cyberattacks last year, hitting retail and construction sectors hard.

Government advisory AV26-032 for Palo Alto Networks posted; administrators should consult vendor guidance and apply updates where required.

World Economic Forum survey: AI security is the top cyber concern among 800+ cybersecurity leaders, with data leaks and adversarial misuse flagged as major risks.

VoidLink is a cloud-native Linux malware with 30+ plugins enabling reconnaissance, credential theft, lateral movement and container abuse.

CastleLoader, a stealthy loader first seen in early 2025, is being used for initial access against US federal agencies, IT firms and critical infrastructure.

Microsoft seized RedVDS infrastructure used to supply disposable VMs to criminals; RedVDS activity linked to ~ $40M in reported fraud losses in the U.S.

DHS is finalising ANCHOR to restart government-industry critical infrastructure security talks, with changes to liability and engagement rules.

Public exploit code and a POC were published for CVE-2025-64155 (Fortinet FortiSIEM command injection, CVSS 9.4); vendor advisory FG-IR-25-772 issued.

Pentagon is pursuing seven AI projects to speed military AI adoption, shifting emphasis from ethics debates to operational acceleration.

Tenzai testing found AI coding platforms produced 69 vulnerabilities across test apps, including critical API auth and business logic flaws.

Red Hat published security advisory AV26-031; administrators should review vendor guidance and apply patches or mitigations.

Kimwolf rapidly grew to roughly 2 million compromised devices by abusing residential proxy networks and unofficial Android TV devices.

GreyNoise/Ollama honeypot telemetry captured 91,403 attack sessions (Oct 2025Jan 2026) focused on AI infrastructure, showing systematic campaigns against LLM deployments.

Six months after a cyberattack, JLR reports updates and a material impact on Q3 wholesales, citing remediation and business effects.

FBI warns North Korean state-linked actors embed malicious QR codes in spear-phishing lures targeting think tanks, academics and government entities (2025 activity).

Cisco small business switches entered reboot loops worldwide due to fatal DNS client errors on Jan 8, 2026, impacting CBS250, C1200, CBS350, SG350 and SG550X models.

Analysis of cloud AI deployments, developer expectations and security/operational risks for new AI runtimes and tooling.

Ghost Tap Android campaigns exploit NFC to perform unauthorised tap-to-pay transactions; researchers attribute large fraud totals and Chinese threat actor activity.

Microsoft will require multi-factor authentication for all accounts accessing the Microsoft 365 admin center, ending password-only admin logins; enforcement completes 9 Feb 2026.

CISA announced retirement of 10 Emergency Directives issued between 2019 and 2024, indicating required actions complete or covered by Binding Operational Directive 22-01.

Weekly round-up summarising multiple security incidents, vulnerabilities, and threat reports published Jan 8, 2026.

Ubiquiti patched a vulnerability in the airMAX Wireless Protocol that could be exploited by an attacker in WiFi range to achieve remote code execution on affected models.

A flaw in Mastodon 4.3's severed-relationship notification export allowed any local user to access lists of lost followers/followed users for any severance event; fixed in v4.3.17+.

Trend Micro released hotfixes addressing a LoadLibraryEX RCE and two DoS bugs affecting Apex Central on-premise; CVE identifiers and patch build provided.

Researcher used Gephi and Kibana/ELK exports to map relationships between source IPs, filenames and sensors from 30 days of DShield data for threat analysis.

Ansible Automation Platform Gateway enforcement bypass lets read-only scoped OAuth2 tokens perform write operations on backend services, limited by RBAC but enabling unauthorized actions.

A modular Go botnet (GoBruteforcer) brute-forces FTP, MySQL, PostgreSQL and phpMyAdmin, leveraging AI-generated deployment defaults; estimated 50,000+ vulnerable servers and campaigns targeting crypto projects.

OWASP Core Rule Set fixed a bug in rule 922110 that missed malicious charsets in earlier multipart parts; patched in CRS 4.22.0 and 3.3.8 (CVE-2026-21876).

A trojanised WinRAR installer distributed via unofficial/Chinese sites contains multi-stage payloads that profile Windows systems, exfiltrate Windows Profiles data and fetch best-fit malware.

GISEC GLOBAL 2026, billed as the Middle East & Africa's largest cybersecurity event, is scheduled for May 5, 2026.

SQLite versions before 3.50.2 could allow aggregate terms to exceed available columns, potentially causing errors; update advised.

Bukovyna law enforcement arrested an individual who ran a bot farm of ~5,000 profiles and sold stolen account credentials.

An improper verification of cryptographic signatures (CWE-347) allows unauthenticated bypass of FortiCloud SSO in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager.

Patch corrects skb_segment zero-copy ordering before using skbuff frags to avoid memory corruption or logic errors.

Operators exploited the React2Shell RSC flaw to install EtherRAT, a Linux RAT that uses Ethereum smart contracts for C2 and multiple persistence mechanisms.

Microsoft released December 9, 2025 Patch Tuesday addressing 56 vulnerabilities across Windows and other products, including three zero-days.

Researchers detail incidents where attackers deliver a pre-built VM into an environment after aggressive spam-bombing to establish stealthy persistence.

Kernel pstore/ram initialization now checks empty przs start to prevent errors; patch resolves CVE-2023-53331.

iputils ping prior to 20250602 is vulnerable to a crafted ICMP Echo Reply that can cause application errors or incorrect data collection (DoS).

Makop (Phobos family) actors combine brute-force RDP, privilege escalation and anti-AV tools to compromise organizations, with RDP seen in the majority of incidents.

Attackers poison search results to promote a fake Microsoft Teams site and deliver ValleyRAT via a trojanised installer, active since November 2025.

Ivanti released updates for Endpoint Manager addressing one critical and three high-severity vulnerabilities that could enable code execution, file writes, or bypasses.

Hundreds of Porsche vehicles in Russia were rendered immobile when a satellite outage tripped vehicle immobilizers; manufacturer says cars are secure but owners were stranded.

Pay transparency regulations require security teams to disclose salaries, impacting recruitment, compliance and risk management for employers.

Sen. Wyden and Sen. Warner urged DHS and ODNI to publish a delayed 2022 report on telecom sector cyber vulnerabilities, citing national security risks.

Telemetry shows Lumma Stealer activity resurged week of Oct 20, 2025 with browser fingerprinting and stealthy C2 communications.

DoorDash reported a data breach in October; impacted customers and employees are being notified as investigation continues.

Attackers disguise DarkComet RAT as cryptocurrency tools to trick users into installing remote-access malware that steals credentials and funds.

ShinyHunters exfiltrated documents from a decommissioned third-party cloud storage system; Checkout.com refused ransom and impacts subset of merchants.

Coordinated law-enforcement action between Europol and Eurojust disrupted multiple malware families and an Elysium botnet in November 2025.

Check Point Research tracked 1,592 new victims across 85 extortion groups in Q3 2025, a 25% year-over-year increase despite takedowns.

Google will offer an 'advanced flow' to allow experienced users to install unverified apps without ADB, relaxing new sideloading restrictions.

Active exploitation of a FortiWeb WAF zero-day enables unauthenticated attackers to create admin accounts and access manager/WebSocket interfaces; PoCs seen in October 2025.

CVE-2025-13083 may deliver private files with Cache-Control: public leading to possible information disclosure via CDNs or caches; Drupal patches advised.

Survey shows organisations shifting to passwordless approachesSSO and passkeysto reduce weak-password risk and improve authentication resilience.

SA-CORE-2025-006 documents a Drupal gadget chain that could enable RCE if insecure deserialization is present; patch guidance issued.

CISA warns federal agencies to patch CVE-2025-20362 and CVE-2025-20333 in Cisco ASA and Firepower appliances due to active exploitation.

Drupal vulnerability (CVE-2025-13080) can cause cache poisoning by overriding request attributes; vendor patches published for supported versions.

Washington Post notifies almost 10,000 staff and contractors after Oracle E-Business Suite zero-day theft exposed personal and financial data.

A digital privacy group warns agencies collect excessive data and that AI-driven analysis risks generating false links and privacy harms.

Herodotus, a new Android banking trojan sold as Malware-as-a-Service, installs via sideloaded APKs, gains full device control and evades detection.

Congressional Budget Office confirmed a breach; investigators noted possible unpatched firewall as an initial weak point.

Nevada state ransomware incident traced to an employee downloading malware; the state refused the ransom and recovered most data.

Synacktiv shows AD Site objects and replication behaviours can be abused to escalate privileges and compromise entire domains.

SecurityWeek summarises multiple noteworthy stories including a controversial ransomware report, Gootloader, AN0M-related arrests and other security developments.

OpenText survey: mature AI adopters achieve better returns; secure, well-governed information is essential to reliable AI deployments.

Government advisory AV25-730 for Microsoft Edge posted; operators should consult vendor fixes and apply updates promptly.

Broadcom/Symantec reporting attributes a campaign using legacy vulnerabilities (Log4j, IIS) to maintain long-term persistence in U.S. targets.

Norton alerts consumers to early ticketing, sweepstakes and travel scams aimed at 2026 FIFA World Cup fans across the U.S., Canada and Mexico.

Researchers demonstrated a zero-click prompt-injection attack against a Copilot Studio customer-service agent that exfiltrated CRM data, highlighting AI-agent risks.

Hillstone Networks' StoneOS 5.5R12 introduces features (External Dynamic List, simplified ops) to reduce manual firewall updates and improve connectivity resilience.

Attackers embed invisible hyphens/characters into phishing lures to bypass detection and filter rules, per SANS Internet Storm Center analysis.

Government security advisory AV25-729 for Drupal published; administrators should consult details and apply vendor fixes or mitigations.

Zscaler/CybersecurityDive report an uptick in malware targeting IoT and mobile devices, particularly in manufacturing and energy sectors.

Researchers uncovered LANDFALL spyware exploiting a Samsung zero-day to target Samsung phones in the Middle East in a prolonged campaign; attribution remains unknown.

Android/BankBot-YNRK malware is targeting users in Indonesia, suppressing alerts and stealing funds from mobile crypto wallets while posing as legitimate apps.

Microsoft released KB5067036 to address the decades-old 'Update and Shut Down' restart issue in Windows 11, plus performance and update naming changes.

Nextgov warns that government 'readiness debt' is constraining AI adoption and calls for modernization to remove legacy obstacles.

Open Systems argues that improved asset visibility and compliance controls are now central to securing cyber-physical systems in operational technology environments.

OPM said it will extend job-finding timelines for CyberCorps students post-shutdown amid concerns about tuition liabilities and limited federal cyber openings.