Vulnerabilities
-
Apple issues updates to fix exploited dyld zero-day across iOS, macOS and other platforms
Apple released multiple OS updates to fix an exploited dyld memory corruption zero-day, CVE-2026-20700. The advisory credits Google Threat Analysis Group. Users should install the published updates for their devices.
-
Researchers identify first malicious Outlook add-in that stole over 4,000 credentials
Researchers found the first malicious Outlook add-in in the wild, where a hijacked add-in domain hosted a fake sign in page and captured more than 4,000 credentials, exposing gaps in marketplace content monitoring.
-
New Linux botnet SSHStalker uses IRC C2 and scanned nearly 7,000 hosts
SSHStalker is a Linux botnet that uses IRC for command and control and performed nearly 7,000 SSH scans in January. It compiles C bots on infected hosts and persists via one minute cron jobs. Operators should monitor compilers and block IRC outbound traffic.
-
Reynolds ransomware bundles vulnerable driver to disable EDR tools
Researchers disclosed Reynolds ransomware that bundles a vulnerable NsecSoft NSecKrnl driver used to disable endpoint security. The driver is linked to CVE-2025-68947 with a CVSS score of 5.7.
-
Warlock ransomware breaches network through unpatched SmarterMail instance
A SmarterTools community advisory says the Warlock gang breached an unpatched SmarterMail instance on January 29, 2026, affecting about 12 Windows servers and a secondary data center. Updates and isolation were recommended to limit spread.
-
Report: Claude Desktop Extensions run unsandboxed, enabling zero-click RCE
A LayerX Security technical analysis found Claude Desktop Extensions run unsandboxed with full system privileges, enabling zero-click remote code execution via a malicious Google Calendar entry when MCP permissions are granted.
-
SecurityScorecard: 135,000 plus internet-exposed OpenClaw instances found
SecurityScorecard’s STRIKE team found more than 135,000 internet-exposed OpenClaw instances and tens of thousands vulnerable to a known RCE bug. Users are urged to restrict network bindings and limit agent access.
-
Ivanti EPMM zero-days exploited in breach affecting Dutch data protection authority
A letter to the Dutch parliament said attackers exploited Ivanti EPMM vulnerabilities on 29 January, causing a breach that affected employees at the Dutch Data Protection Authority and the Council for the Judiciary with contact details possibly exposed.
-
DKnife targets network gateways in long-running AitM campaign
DKnife is a modular adversary-in-the-middle framework that has operated on network gateways since at least 2019. It inspects and manipulates traffic to hijack updates and deliver malware to downstream devices.
-
Worm-driven TeamPCP campaign compromises cloud native infrastructure at scale
A worm-driven campaign by TeamPCP exploited exposed Docker, Kubernetes, Ray and React vulnerabilities around Dec 25, 2025 to build proxy and scanning infrastructure for data theft, extortion and cryptocurrency mining, researchers report.
