FBI Surveillance Systems Breached
The FBI confirmed it is investigating a breach affecting systems used to manage surveillance and wiretap warrants. This represents a significant compromise of law enforcement surveillance infrastructure.
CISA Adds Critical Hikvision and Rockwell Automation Flaws to KEV
CVE-2017-7921CISA added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including a CVSS 9.8 authentication bypass in Hikvision cameras. These flaws are being actively exploited in the wild.
Critical Cisco Firewall Vulnerabilities with CVSS 10.0 Scores
Cisco patched 48 new firewall vulnerabilities including two critical flaws with maximum CVSS scores of 10.0. These edge device vulnerabilities pose significant risk to network security infrastructure.
Microsoft February Zero-Day Vulnerabilities Under Active Attack
Microsoft released patches for six zero-day vulnerabilities that attackers are already exploiting in the wild. These critical flaws affect Windows operating systems and other Microsoft software, posing significant risk to organizations worldwide.
Kimwolf IoT Botnet Infects 2 Million Devices
The Kimwolf botnet has infected over 2 million IoT devices, conducting massive DDoS attacks and scanning corporate and government networks. The botnet exploits Android TV streaming boxes and spreads through local network scanning.
Desktop Window Manager Information Disclosure
CVE-2026-20805Actively exploited zero-day allowing attackers to read memory addresses from remote ALPC port. Added to CISA KEV catalog.
Windows LSASS Remote Code Execution
CVE-2026-20854Critical RCE vulnerability in Local Security Authority Subsystem Service allowing remote attackers to execute arbitrary code.
Microsoft Office Remote Code Execution
CVE-2026-20952Critical remote code execution vulnerability in Microsoft Office suite.
Windows Graphics Component EoP
CVE-2026-20822Critical elevation of privilege vulnerability in Windows Graphics Component.
Microsoft Excel Remote Code Execution
CVE-2026-20957Critical RCE in Excel allowing code execution through malicious spreadsheet files.
VBS Enclave Elevation of Privilege
CVE-2026-20876Critical elevation of privilege in Windows Virtualization-Based Security enclave.
Microsoft January Patch Tuesday - One Zero-Day Under Attack
Microsoft patched 113 security holes including eight critical vulnerabilities, with one zero-day being actively exploited by attackers. This represents a significant monthly security update with immediate threats.
Chrome ANGLE Out-of-Bounds Memory Access
CVE-2025-14174Out-of-bounds memory access in ANGLE graphics library actively exploited in the wild. Buffer overflow in Metal renderer could lead to code execution.
Termite Ransomware Using ClickFix and CastleRAT
The Velvet Tempest group is deploying Termite ransomware through ClickFix social engineering techniques and legitimate Windows utilities. The attacks use DonutLoader malware and CastleRAT backdoor for persistence.
TriZetto Healthcare Breach Exposes 3.4 Million Patient Records
Cognizant's TriZetto Provider Solutions suffered a data breach exposing sensitive health information of over 3.4 million patients. The breach affects a major healthcare IT provider serving insurers and healthcare organizations.
Iran's MuddyWater APT Targets US Networks with Dindoor Backdoor
Iranian state-sponsored group MuddyWater has embedded itself in several U.S. companies including banks and airports using a new Dindoor backdoor. The campaign represents ongoing nation-state targeting of critical infrastructure.
Cisco Catalyst SD-WAN Manager Vulnerabilities Actively Exploited
CVE-2026-20122Cisco confirmed active exploitation of two vulnerabilities in Catalyst SD-WAN Manager including an arbitrary file overwrite flaw. These vulnerabilities allow authenticated attackers to compromise SD-WAN infrastructure.
Chinese APT UAT-9244 Targets South American Telecoms
Chinese state hackers are targeting South American telecommunications infrastructure with new malware toolkit including TernDoor, PeerTime, and BruteEntry implants. The campaign compromises Windows, Linux, and network edge devices.
CrushFTP Bruteforce Attacks Target Known Vulnerabilities
CVE-2025-54309Attackers are conducting bruteforce scans against CrushFTP systems targeting multiple serious vulnerabilities including template injection and authentication bypass flaws. The July 2025 zero-day CVE-2025-54309 was actively exploited.
Windows Secure Boot Certificate Expiration
CVE-2026-21265Secure Boot certificates from 2011 nearing expiration. Systems not updated have increased risk of Secure Boot bypass attacks.
Agere Modem Driver Privilege Escalation
CVE-2023-31096Vulnerable third-party modem drivers exploited to gain admin privileges. Microsoft has removed agrsm64.sys and agrsm.sys in January 2026 update.