Weekly Cybersecurity Roundups Highlighting New Vulnerabilities and Incidents

Timeline

1. Jan 25, 2026

   UK NCSC warns of Russia-linked hacktivist DDoS activity

   The UK's National Cyber Security Centre warned about Russia-linked hacktivist distributed denial-of-service activity. The warning underscored ongoing geopolitical cyber disruption risks.

2. Jan 25, 2026

   CISA adds more vulnerabilities to KEV in late-January update

   CISA added several additional vulnerabilities to its Known Exploited Vulnerabilities catalog in late January 2026. The update was referenced alongside multiple vendor advisories as exploitation activity continued to expand.

3. Jan 25, 2026

   Access broker Feras Khalil Ahmad Albashiti pleads guilty

   Feras Khalil Ahmad Albashiti pleaded guilty to selling access to at least 50 corporate networks as an initial access broker. The plea was highlighted as a significant cybercrime law-enforcement outcome.

4. Jan 25, 2026

   Researchers report patched FortiGate devices still being compromised

   Security reporting said some fully patched FortiGate firewalls were still being compromised, possibly in connection with CVE-2025-59718. The development raised concerns that fixes or post-exploitation persistence issues were not fully resolved.

5. Jan 25, 2026

   Attackers probe Cisco RCE CVE-2026-20045 in the wild

   By late January, reporting indicated active probing of critical Cisco remote code execution flaw CVE-2026-20045. The activity suggested attackers were rapidly testing exposure before broad remediation could occur.

6. Jan 22, 2026

   Talos and vendors patch Foxit, Epic Games Store, and MedDream flaws

   Cisco Talos disclosed multiple vulnerabilities affecting Foxit PDF Editor, Epic Games Store, and MedDream PACS, and vendors issued patches. The flaws included privilege escalation, use-after-free, and cross-site scripting issues that could enable code execution or unauthorized access.

7. Jan 21, 2026

   Dutch police run fake ticket site for anti-scam awareness

   Dutch police were reported to be operating a fake ticket website as a public anti-scam education effort. The initiative was presented as a proactive law-enforcement awareness campaign.

8. Jan 21, 2026

   Slack publishes agentic SOC triage architecture

   Slack published the design of an internal multi-agent triage system intended to reduce investigation time while preserving quality checks before human escalation. The architecture was highlighted as a notable security operations engineering development.

9. Jan 19, 2026

   Google and Mandiant release Net-NTLMv1 rainbow tables

   Google and Mandiant released Net-NTLMv1 rainbow tables to accelerate pressure for deprecating the weak authentication scheme. The release was framed as a defensive move to expose the protocol's continued risk.

10. Jan 19, 2026

    AWS CodeBuild misconfiguration 'CodeBreach' is reported

    Researchers reported 'CodeBreach,' an AWS CodeBuild misconfiguration that could have enabled supply-chain compromise of AWS GitHub repositories. The issue was highlighted as a cloud and software supply-chain risk.

11. Jan 19, 2026

    CyberArk hijacks StealC operators via XSS in control panel

    CyberArk researchers exploited a cross-site scripting flaw in the StealC malware control panel to observe and hijack operator sessions. The work demonstrated offensive counterintelligence opportunities against criminal infrastructure.

12. Jan 19, 2026

    Researchers disclose WhisperPair flaws in Google Fast Pair devices

    Academic researchers disclosed 'WhisperPair' vulnerabilities affecting Google Fast Pair audio accessories from multiple major vendors. The flaws raised concerns about the security of widely used Bluetooth pairing ecosystems.

13. Jan 19, 2026

    Qilin claims Moen as ransomware victim

    The Qilin ransomware group claimed Moen as a victim, though reporting said no proof of exfiltration was provided. The claim was included in roundup coverage of current ransomware activity.

14. Jan 19, 2026

    Grubhub confirms unauthorized access amid extortion claims

    Grubhub confirmed unauthorized access to internal systems while extortion claims circulated involving Salesforce and Zendesk-related data. The company acknowledgment marked the incident as an active enterprise breach response.

15. Jan 19, 2026

    CIRO discloses August 2025 breach affecting 750,000 people

    CIRO publicly disclosed that the August 2025 phishing attack exposed personal information belonging to roughly 750,000 individuals. The organization said some systems were shut down, but critical operations were not affected.

16. Jan 19, 2026

    Researchers describe VoidLink Linux malware framework

    Threat researchers published analysis of VoidLink, a China-affiliated cloud-native Linux malware framework designed for stealthy long-term access. Coverage noted the framework's capabilities even though no confirmed infections were reported.

17. Jan 19, 2026

    WordPress plugin flaw enables unauthenticated admin takeover

    Reporting highlighted active exploitation or disclosure of a WordPress plugin vulnerability, tracked in one roundup as CVE-2026-23550, that allowed unauthenticated administrator takeover. The issue was treated as a high-risk web application threat.

18. Jan 19, 2026

    Check Point reports HPE OneView flaw exploited by RondoDox

    Researchers reported active exploitation of CVE-2025-37164, a critical HPE OneView remote code execution flaw, by the RondoDox botnet. The vulnerability was also noted as added to CISA's KEV catalog.

19. Jan 18, 2026

    Lumen disrupts AISURU and Kimwolf botnet infrastructure

    Lumen reported null-routing and blocking more than 550 command-and-control servers tied to AISURU and Kimwolf botnet activity. The action was presented as a major infrastructure disruption against DDoS-related operations.

20. Jan 18, 2026

    CISA adds exploited Windows and Gogs flaws to KEV

    CISA added actively exploited vulnerabilities in Microsoft Windows and Gogs to its Known Exploited Vulnerabilities catalog. The move signaled elevated urgency for defenders to patch affected systems.

21. Jan 18, 2026

    Ukraine and Germany target Black Basta leadership

    A joint Ukraine-Germany operation targeted Black Basta leadership, with reporting also linking Black Basta to Conti through blockchain analysis. The action was highlighted in multiple weekly roundups.

22. Jan 18, 2026

    Spanish police and Europol target Black Axe network

    Spanish authorities, supported by Europol, carried out an operation against the Black Axe criminal organization. The action was cited as a significant law-enforcement move against cyber-enabled fraud.

23. Jan 18, 2026

    Eurail/Interrail breach affects travelers

    A breach affecting Eurail and Interrail travelers was reported in weekly security coverage. The incident was highlighted as a notable consumer-impacting data exposure.

24. Jan 18, 2026

    PoC exploit released for FortiSIEM CVE-2025-64155

    Public proof-of-concept exploit code was released for critical Fortinet FortiSIEM flaw CVE-2025-64155, an unauthenticated issue that could lead to remote code execution via crafted TCP requests. Multiple roundups also described thousands of internet-exposed instances at risk.

25. Jan 18, 2026

    Meta denies claimed Instagram breach

    Meta denied claims that Instagram had suffered a breach exposing data from 17.5 million accounts. The denial came amid reports that users were seeing repeated password reset prompts.

26. Jan 16, 2026

    Researchers report Google Vertex AI service-agent privilege issue

    A privilege-escalation issue involving Google Vertex AI service agents was reported in mid-January 2026. The finding was highlighted as a cloud security concern in roundup coverage.

27. Jan 16, 2026

    Researchers disclose Reprompt attack against Microsoft Copilot

    Security researchers reported the 'Reprompt' attack, which used prompt injection and URL parameter abuse to enable stealthy data exfiltration from Microsoft Copilot. Later roundup coverage noted the issue had since been fixed.

28. Jan 16, 2026

    Clop-linked breach impacts Korean Air employee records

    A separate Clop-linked breach was reported to have affected Korean Air employee records. The incident appeared in roundup reporting on notable enterprise data exposures.

29. Jan 16, 2026

    Everest claims Nissan after earlier ASUS-related breach

    The Everest ransomware group was reported as targeting Nissan following an earlier breach involving ASUS. The development was cited as part of ongoing ransomware victim disclosures.

30. Jan 16, 2026

    Nightspire claims attack on Hyatt Place New York / Chelsea

    The Nightspire ransomware group claimed it attacked the Hyatt Place New York / Chelsea Hotel. The claim was reported in a January 16 roundup of current ransomware activity.

31. Jan 16, 2026

    Microsoft and partners disrupt RedVDS cybercrime platform

    Microsoft, working with international law enforcement and through related legal action, disrupted the RedVDS cybercrime-as-a-service platform. RedVDS had been used to support large-scale phishing and fraud operations.

32. Jan 16, 2026

    Cyble reports deVixor Android banking malware targeting Iranians

    Researchers reported a new Android banking malware family, deVixor, targeting users in Iran through phishing-distributed APK files. The malware was presented as an emerging mobile banking threat.

33. Jan 16, 2026

    Endesa discloses breach affecting Energía XXI customers

    Spanish energy company Endesa disclosed a breach affecting customers of its Energía XXI unit. Subsequent reporting described the incident as a large-scale data exposure tied to Spain.

34. Jan 16, 2026

    Iran enters fourth day of nationwide internet blackout

    Iran experienced a fourth consecutive day of nationwide internet disruption during unrest linked to the collapse of the rial. The blackout was reported as a major public-stability and information-control event.

35. Jan 16, 2026

    NSA appoints Timothy Kosiba as deputy director

    The NSA named Timothy Kosiba as its 21st Deputy Director. The appointment was cited as a significant U.S. national security leadership development in mid-January 2026.

36. Jan 16, 2026

    X tightens Grok AI safeguards after abuse reports

    X, formerly Twitter, tightened controls on Grok AI to curb generation of nonconsensual sexualized images. The move followed reported abuse and investigations by U.S. and European authorities.

37. Jan 13, 2026

    Microsoft releases January Patch Tuesday fixes

    Microsoft's January 2026 Patch Tuesday addressed 114 vulnerabilities, including an actively exploited Desktop Window Manager zero-day tracked as CVE-2026-20805. The update was highlighted across multiple January security roundups.

38. Dec 1, 2025

    Late-2025 attack on Poland's power grid attributed to Sandworm

    Reporting later attributed a late-2025 cyberattack on Poland's power grid to the Russia-linked Sandworm group. The attribution appeared in January 2026 roundup coverage as a notable geopolitical development.

39. Aug 1, 2025

    CIRO phishing attack compromises personal data

    In August 2025, a sophisticated phishing attack compromised the personal information of about 750,000 individuals tied to the Canadian Investment Regulatory Organization. Some systems were shut down in response, but critical functions were reported as unaffected.