Cybersecurity News | Daily Recap [15 Jan 2026]

Daily Recap, The latest funding rounds show Depthfirst raising $40 million, Novee securing $51.5 million, and isVerified entering stealth with voice-deepfake detection, signaling ongoing investor interest in vulnerability management and identity assurance. It further catalogs vulnerabilities, breaches, and attacks across FortiSIEM, Desktop Windows Manager, Node.js async_hooks, c-ares, Belgian Hospital, Monroe University, Pax8, Victorian Department of Education, RedVDS, Predator spyware, PLUGGYAPE, ConsentFix, Reprompt, third-party risk, and Windows 365/Cloud PC service disruptions. #Depthfirst #Novee #isVerified #FortiSIEM #DesktopWindowsManager #NodeJS #async_hooks #c-ares #BelgianHospital #MonroeUniversity #Pax8 #VictorianDepartmentOfEducation #RedVDS #PredatorSpyware #PLUGGYAPE #ConsentFix #Reprompt #Windows365 #CloudPC

Depthfirst raised $40 million to expand its vulnerability management platform – Depthfirst $40M
Novee emerged from stealth with $51.5 million in funding to build its security offering – Novee $51.5M
isVerified launched from stealth with apps to detect voice deepfakes – isVerified Deepfake

Fortinet patched a critical FortiSIEM RCE flaw while MS‑ISAC flagged additional high‑risk Fortinet vulnerabilities – FortiSIEM Fix, Fortinet Risks
Federal agencies were ordered to patch a Desktop Windows Manager vulnerability added to CISA’s list – DWM Patch
A critical Node.js vulnerability in async_hooks can cause server crashes via stack overflow – Node.js Bug
Attackers abused c-ares DLL side‑loading to bypass defenses and deploy malware – c-ares Bypass

A cyberattack forced a Belgian hospital to transfer critical care patients, disrupting services in Belgium – Belgian Hospital
A 2024 cyberattack on Monroe University exposed personal, financial, and health data of 320,000 people – Monroe Breach
Cloud marketplace Pax8 accidentally exposed data on 1,800 MSP partners – Pax8 Exposure
Victoria’s Department of Education notified parents after hackers stole students’ data in Australia – Victorian Breach

RedVDS cybercrime service was disrupted by Microsoft and law enforcement to curb rented botnet infrastructure – RedVDS Disrupted
Analysis shows Predator spyware uses granular anti‑analysis features that turn failed attacks into intelligence for future exploits – Predator Spyware
PLUGGYAPE malware leveraged Signal and WhatsApp to target Ukrainian defense forces with covert payload delivery – PLUGGYAPE Malware

The ConsentFix OAuth phishing technique tricks users into granting excessive permissions to attackers – ConsentFix Debrief
A reprompt attack allowed hackers to hijack Microsoft Copilot sessions by forcing credential reuse and session takeover – Reprompt Hijack

New research found 64% of third‑party applications access sensitive data without justification, highlighting supply‑chain privacy risks – Third‑Party Risk

A Windows 365 update blocked access to some Cloud PC sessions, impacting remote work continuity – Windows 365 Block