Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [21 Jan 2026]

admin
Cybersecurity News | Daily Recap [21 Jan 2026]

Daily Recap, WordPress ACF plugin vulnerabilities put thousands of sites at risk, with one add-on affecting 100,000 sites and another flaw giving admins access on 50,000 sites. The roundup also notes patches for Zoom and GitLab addressing RCE and a high-severity 2FA bypass, a Cloudflare WAF bypass via the ACME path, AI-generated threats like VoidLink, and malware campaigns such as PDFSider and LinkedIn RAT. #VoidLink #PDFSider

WordPress

  • ACF plugin vulnerabilities put thousands of sites at risk β€” researchers say one add-on affects 100,000 sites while another bug gives admins on 50,000 sites – ACF Flaw, ACF Flaw

Vulnerabilities & Patches

  • Zoom and GitLab released security updates addressing RCE, DoS and a high-severity 2FA bypass β€” admins should patch immediately – Zoom/GitLab, Zoom/GitLab
  • Microsoft offers a workaround for Outlook freezes caused by a recent Windows update while users await a full fix – Outlook Freeze
  • A Cloudflare zero-day allowed WAF bypass via the ACME certificate validation path, enabling potential bypasses of web protections – Cloudflare WAF
  • Three flaws in Anthropic’s MCP Git server can enable file access and code execution, exposing source and build artifacts – Anthropic Flaws

Malware & Campaigns

  • The APT-grade PDFSider tool is being reused by ransomware groups to deliver malicious payloads via weaponized PDFs – PDFSider
  • Cloud-based VoidLink malware shows signs of being AI-generated, signaling evolving adversary tooling in cloud environments – VoidLink
  • Threat actors are spreading RATs via LinkedIn messages using DLL sideloading techniques to bypass detections and deliver remote access payloads – LinkedIn RAT

AI & LLM Security

  • Flaws in the Chainlit AI framework (file-read and SSRF bugs) can enable data theft and sensitive information leaks from model deployments – Chainlit Flaws, Chainlit Flaws
  • Researchers tricked Google’s Gemini assistant into leaking Google Calendar data, highlighting how language prompts can become an attack surface – Gemini Leak, Gemini Leak

Developer & DevTools Attacks

  • North Korea-linked groups are targeting developers with malicious VS Code projects to supply malware through dev tooling ecosystems – Malicious VS Code
  • Attackers exploited security-testing apps and exposure assessment platforms to breach Fortune 500 firms, signaling abuse of security tooling and shift in emphasis toward attack surface management risks – Testing Apps, Exposure Platforms

Identity & Authentication

  • Experts urge moving beyond password+MFA: organizations should adopt phishing-resistant methods and identity threat detection (e.g., FIDO2, YubiKey) as MFA alone is insufficient against modern social engineering – Beyond MFA, Identity Strategy

Phishing & Fraud

  • LastPass users are being targeted with backup-themed phishing emails designed to steal credentials and account data β€” users should verify links and enable phishing-resistant auth – LastPass Phish
  • Behavioral research and reporting remind defenders that humans remain highly susceptible to phishing, reinforcing training and technical controls as complementary defenses – You Got Phished
  • Greek police arrested scammers using a hidden cell-tower rig (IMSI-catcher) in a car trunk to intercept and defraud victims, highlighting physical-layer mobile fraud – Fake Cell Tower

Policy & Regulation

  • The EU unveiled proposals to phase out and restrict high-risk telecom suppliers like Huawei and ZTE, prompting China to allege protectionism as member states push network security reforms – EU Telecom, EU Telecom, EU Telecom
  • The UK is considering a social-media ban for children, drawing on the Australian model as ministers weigh tighter youth protections online – UK Ban, UK Ban
  • The U.S. Supreme Court will consider whether geofence warrants are constitutional, a key privacy ruling that could shape law enforcement digital search practices – Geofence Case
  • Lawmakers moved to extend two federal cyber programs in a funding proposal, continuing short-term extensions of critical cybersecurity initiatives – Congress Funding

Events & Research

  • At Pwn2Own Automotive 2026 researchers demonstrated exploits on Tesla and revealed 37 zero-days, underscoring automotive attack surface risks – Pwn2Own Auto

    • <liMITRE published a new security framework for embedded systems to guide secure design and testing across IoT and industrial devices – MITRE Embedded

  • SecurityWeek’s Cyber Insights warns that API security will be harder to secure in 2026 and impossible to ignore as APIs remain a primary attack vector – API Insights
  • Webinars highlight operational topics: MSSPs using AI to boost margins and aligning cybersecurity purchases with SOC needs to improve buying decisions – MSSP Webinar, SOC Webinar

Tools & Industry

  • Two security startups emerged from stealth: aiFWall unveiled an AI firewall while Asymmetric Security announced $4.2 million in seed funding, signaling investor appetite for AI-driven security tooling – aiFWall, Asymmetric Security
  • Microsoft PowerToys added a new CursorWrap mouse β€œteleport” tool for improved desktop navigation and productivity – PowerToys

Industry Trends

  • UK corporate leaders cite cyber breaches, compliance and reputational risk as top concerns for the year, influencing board priorities and security investment plans – UK Concerns

Cybersecurity News | Daily Recap – hendryadrian.com