News
-
Multi-stage AitM phishing and BEC campaign abused SharePoint to target energy organisations
Microsoft flagged a multi-stage AitM phishing and BEC campaign using SharePoint links and inbox rules to persist. One observed case sent over 600 phishing messages. Mitigation requires revoking session cookies and deleting attacker-created rules.
-
Critical GNU InetUtils telnetd flaw allows remote root login
A critical CVE-2026-24061 in GNU InetUtils telnetd allows remote authentication bypass and potential root login on versions 1.9.3 through 2.7 rated 9.8 CVSS. Administrators are urged to patch or disable telnetd.
-
GDPR fines pass £1 billion as daily breach reports top 400
Europe’s GDPR fines topped £1 billion in 2025 and authorities recorded an average of 443 breach notifications a day, a 22 percent rise and the first time daily reports passed 400 since GDPR took effect.
-
Malicious PyPI package sympy-dev impersonates SymPy to install XMRig miner
A malicious PyPI package named sympy-dev impersonates the SymPy library to deliver an XMRig cryptocurrency miner on Linux. The package has been downloaded over 1,100 times since January 17 2026 and remains available.
-
SmarterMail authentication bypass exploited days after patch enables admin reset and RCE
An authentication bypass in SmarterMail that allows resetting administrator passwords and enabling system-level command execution was exploited two days after a vendor patch. A watchTowr Labs technical analysis describes the vulnerability and exploitation timeline.
-
NIST enters 2026 with staff cuts, tighter budget and cryptography validation backlog
NIST begins 2026 with over 700 positions shed, a smaller labs budget and a cryptographic module validation backlog that averaged 348 days per recent projects, even as the agency tests post-quantum modules and seeks automation.
-
Mass spam wave uses unsecured Zendesk ticket systems to send hundreds of automated emails
A global spam wave beginning January 18 used unsecured Zendesk ticket systems to deliver hundreds of automated confirmation emails that bypassed filters and confused recipients. The advisory urges restricting ticket creation to verified users and removing open placeholders.
-
Two high severity flaws in Chainlit allow file theft and SSRF in cloud deployments
Two high severity Chainlit vulnerabilities allow arbitrary file reads and SSRF that can expose secrets and internal services. Patches were released in Chainlit 2.9.4 on December 24, 2025. Upgrades are recommended.
-
Android click-fraud trojans use TensorFlow.js to tap hidden browser ads
Android click-fraud trojans using TensorFlow.js analyze hidden WebView screenshots to tap ads. Infected apps were distributed through Xiaomi GetApps and third-party APK sites, causing battery drain and increased mobile data charges.
-
Report: North Korean-linked PurpleBravo targeted 3,136 IPs and 20 companies
Recorded Future’s technical analysis found PurpleBravo targeted 3,136 IPs and claimed 20 potential victim companies across multiple regions from August 2024 to September 2025, using infostealers and backdoors to create supply-chain risk.
