HOT NEWS 2026 JANUARY January(58) February(0) March(0) April(0) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0) | HOT NEWS 2026 HOT NEWS 2025 HOT NEWS 2024
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 10.1.26 | RustyWater | Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | MALWARE | RAT |
| 10.1.26 |
BlueDelta’s Persistent Campaign Against UKR.NET |
Between June 2024 and April 2025, Recorded Future’s Insikt
Group identified a sustained credential-harvesting campaign targeting users of UKR.NET, a widely used Ukrainian webmail and news service |
REPORT | REPORT |
| 10.1.26 |
GRU-Linked BlueDelta Evolves Credential Harvesting |
Between February and September 2025, Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). | REPORT | REPORT |
| 10.1.26 | GRU-Linked BlueDelta Evolves Credential Harvesting | Between February and September 2025, Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). | BIGBROTHER | BIGBROTHER |
| 10.1.26 | CVE-2025-69258 | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | VULNEREBILITY | VULNEREBILITY |
| 10.1.26 | CVE-2025-69260 | (CVSS score: 7.5) - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations | VULNEREBILITY | VULNEREBILITY |
| 10.1.26 | CVE-2025-69259 | (CVSS score: 7.5) - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations | VULNEREBILITY | VULNEREBILITY |
| 9.1.26 | Recent Linux-based activities of the UAT-7290 threat group | Cisco Talos has identified a new campaign attributed to threat actor tracked as UAT-7290. The group primarily targets critical infrastructure and telecommunications providers in South Asia, though recent activity indicates a possible expansion into Southeastern Europe. | ALERTS | GROUP |
| 9.1.26 | PHALT#BLYX malicious campaign | A new malware distribution campaign, tracked under the name PHALT#BLYX, is targeting European hospitality firms using phishing emails that impersonate Booking.com reservation cancellation requests. As reported by Securonix, the operation employs a "ClickFix" social engineering tactic: victims who click the email link are shown a fake Windows Blue Screen of Death (BSOD) and are tricked into opening the Windows Run prompt and pasting a malicious PowerShell command to "resolve" the error. | ALERTS | CAMPAIGN |
| 9.1.26 | CVE-2025-52691 - SmarterTools SmarterMail vulnerability | CVE-2025-52691 is a recently disclosed critical (CVSS score 10.0) arbitrary file upload vulnerability affecting SmarterTools SmarterMail software, which is an email, groupware, and collaboration server designed as an alternative to enterprise collaboration solutions such as Microsoft Exchange. | ALERTS | VULNEREBILITY |
| 9.1.26 | Kimwolf Android botnet | Kimwolf botnet has been reported to have infected more than 2 million Android devices by tunneling through residential proxy networks. According to researchers from XLab the malware is a strain of the AISURU botnet family and has been active on the threat landscape since at least August 2025. The malware has the capability for various DDoS attacks, proxy forwarding, reverse shell and file management, among others. | ALERTS | BOTNET |
| 9.1.26 | TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service | A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. | ALERT | ALERT |
| 9.1.26 | Vulnerable Python version used in Forcepoint One DLP Client | A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. | ALERT | ALERT |
| 8.1.26 | Boto-Cor-de-Rosa | Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil | CAMPAIGN | CAMPAIGN |
| 8.1.26 | CVE-2025-66209 | (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated user with database backup permissions to execute arbitrary commands on the host server, resulting in container escape and full server compromise | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66210 | (CVSS score: 10.0) - An authenticated command injection vulnerability in the database import functionality allows attackers to execute arbitrary commands on managed servers, leading to full infrastructure compromise | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66211 | (CVSS score: 10.0) - A command injection vulnerability in the PostgreSQL init script management allows authenticated users with database permissions to execute arbitrary commands as root on the server | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66212 | (CVSS score: 10.0) - An authenticated command injection vulnerability in the Dynamic Proxy Configuration functionality allows users with server management permissions to execute arbitrary commands as root on managed servers | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-66213 | (CVSS score: 10.0) - An authenticated command injection vulnerability in the File Storage Directory Mount functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-64419 | (CVSS score: 9.7) - A command injection vulnerability via docker-compose.yaml that enables attackers to execute arbitrary system commands as root on the Coolify instance | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-64420 | (CVSS score: 10.0) - An information disclosure vulnerability that allows low-privileged users to view the private key of the root user on the Coolify instance, allowing them to gain unauthorized access to the server via SSH and authenticate as the root user using the key | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-64424 | (CVSS score: 9.4) - A command injection vulnerability was found in the git source input fields of a resource, allowing a low-privileged user (member) to execute system commands as root on the Coolify instance | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59156 | (CVSS score: 9.4) - An operating system command injection vulnerability that allows a low-privileged user to inject arbitrary Docker Compose directives and achieve root-level command execution on the underlying host | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59157 | (CVSS score: 10.0) - An operating system command injection vulnerability that allows a regular user to inject arbitrary shell commands that execute on the underlying server by using the Git Repository field during deployment | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59158 | (CVSS score: 9.4) - An improper encoding or escaping of the data that allows an authenticated user with low privileges to conduct a stored cross-site scripting (XSS) attack during project creation that's automatically executed in the browser context when an administrator later attempts to delete the project or its associated resource | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | RedLeaves | VULNEREBILITY | VULNEREBILITY | |
| 8.1.26 | UAT-7290 | UAT-7290 targets high value telecommunications infrastructure in South Asia | MALWARE | RAT |
| 8.1.26 | CVE-2026-20029 | A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | NodeCordRAT | Malicious NPM Packages Deliver NodeCordRAT | MALWARE | RAT |
| 8.1.26 | CVE-2025-37164 | (CVSS score: 10.0) - A code injection vulnerability in HPW OneView that allows a remote unauthenticated user to perform remote code execution | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2009-0556 | (CVSS score: 8.8) - A code injection vulnerability in Microsoft Office PowerPoint that allows remote attackers to execute arbitrary code by means of memory corruption | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2026-21858 | A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2026-21877 | Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59469 | (CVSS score: 7.2) - A vulnerability that allows a Backup or Tape Operator to write files as root | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59468 | (CVSS score: 6.7) - A vulnerability that allows a Backup Administrator to perform RCE as the postgres user by sending a malicious password parameter | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-55125 | (CVSS score: 7.2) - A vulnerability that allows a Backup or Tape Operator to perform RCE as root by creating a malicious backup configuration file | VULNEREBILITY | VULNEREBILITY |
| 8.1.26 | CVE-2025-59470 | Resolved in Veeam Backup & Replication 13.0.1.1071 | VULNEREBILITY | VULNEREBILITY |
| 7.1.26 | CVE-2026-0625 | Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. | VULNEREBILITY | VULNEREBILITY |
| 7.1.26 | Prompt poaching | Prompt poaching runs rampant in extensions | HACKING | AI |
| 7.1.26 | CVE-2025-65606 | TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service | VULNEREBILITY | VULNEREBILITY |
| 7.1.26 | UAC-0184 | UAC-0184 | GROUP | GROUP |
| 7.1.26 | Kimwolf | A Broken System Fueling Botnets | BOTNET | BOTNET |
| 7.1.26 | CVE-2025-68668 | n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide | VULNEREBILITY | VULNEREBILITY |
| 5.1.26 | VVS Discord | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | MALWARE | STEALER |
| 4.1.26 | Datebug APT campaign targeting governmental organizations in India | Researchers from Cyfirma have identified a targeted cyber espionage campaign attributed to Datebug APT group (aka APT36, Transparent Tribe). The campaign utilizes a deceptive delivery mechanism involving a weaponized Windows shortcut (LNK) files concealed within a ZIP archive, masquerading as a legitimate PDF to trick victims. | ALERTS | APT |
| 3.1.26 | OWASP Top 10 For Agentic Applications 2026 | The information provided in this document does not, and is not intended to, constitute legal advice. | REPORT | REPORT |
| 3.1.26 | CVE-2020-12812 | An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | VULNEREBILITY | VULNEREBILITY |
| 3.1.26 | MongoDB Unauthenticated Attacker Sensitive Memory Leak | The Situation: A major vulnerability allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. No login is required. | HACKING | HACKING |
| 2.1.26 | CVE-2025-59230 | An elevation-of-privilege (EoP) vulnerability in Windows’ Remote Access Connection Manager (RasMan) service. A locally authenticated attacker could exploit improper access control to escalate their privileges to SYSTEM level on affected Windows installations. | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | CVE-2025-10294 | A critical authentication bypass in the OwnID Passwordless Login plugin for WordPress. Due to improper validation of a shared secret, unauthenticated attackers could log in as arbitrary users, including administrators, without credentials. | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | CVE-2025-59295 | A heap-based buffer overflow in the Windows MSHTML/Internet Explorer component, enabling arbitrary code execution via specially crafted data sent over the network. | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | CVE-2025-14847 | Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions | VULNEREBILITY | VULNEREBILITY |
| 2.1.26 | APT36 | APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities | APT | APT |
| 2.1.26 | RondoDoX Botnet | RondoDoX Botnet Weaponizes React2Shell | BOTNET | BOTNET |
| 2.1.26 | Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection | This report describes a phishing campaign in which attackers impersonate legitimate Google generated messages by abusing Google Cloud Application Integration to distribute malicious emails that appear to originate from trusted Google infrastructure. | PHISHING | PHISHING |
|
|
|
|
|
|