Cybersecurity News | Daily Recap [27 Jan 2026]

hendryadrian.com

hendryadrian.com

News:

Vulnerabilities & Patches

• Microsoft released emergency fixes for an actively exploited Office zero-day that bypasses OLE mitigations — CVE-2026-21509 — and provided mitigations while urging rapid remediation – Office Zero-day, Office Patch
• Researchers warn a critical VMware vCenter DCERPC bug (out-of-bounds write, CVE-2024-37079, 9.8 CVSS) is being exploited in the wild despite patches released last year – vCenter Bug
• Security firm SEC Consult disclosed more than 20 flaws in Dormakaba Exos access-management systems that could let attackers remotely open doors and retrieve PINs; patches and hardening guidance are available – Dormakaba Flaws

Malware & Phishing Services

• A new malware-as-a-service called Stanley offers malicious Chrome extensions that auto-install and overlay full-screen iframes for credential theft, with publishing support to the Chrome Web Store and geo-targeting features – Stanley Service
• Attackers are using a signed App-V script and the social-engineering ClickFix method (fake CAPTCHA, Run commands, CDN-hosted stego PNGs) to deliver the Amatera infostealer via in-memory PowerShell stages – ClickFix Campaign

Data Breaches & Extortion

• Nike is investigating claims by the WorldLeaks group that it published 1.4 TB of alleged internal data on the dark web amid extortion attempts, with investigations ongoing into the scope and impact – Nike Probe, Nike Claim
• Threat actor ShinyHunters says it leaked partial databases totalling tens of millions of records from SoundCloud, Crunchbase and Betterment after failed extortion, and researchers are tracking the circulating data – ShinyHunters Leak

Nation‑state & Critical Infrastructure

• Security firm ESET attributes a failed December attempt to disrupt parts of Poland‘s power grid to Russia’s Sandworm unit, linking the operation to destructive DynoWiper malware while officials say defenses prevented outages – DynoWiper Attack

Network & Infrastructure Incidents

• Cloudflare disclosed a 25-minute BGP route leak that affected IPv6 traffic, causing congestion, packet loss and roughly 12 Gbps of dropped traffic after an accidental router policy export; the change was reverted and safeguards are planned – BGP Leak

AI, Privacy & Regulation

• Canada‘s Privacy Commissioner used Data Privacy Week 2026 to push for privacy-by-design, modernization of laws (including a proposed right to data mobility) and warned about risks from generative AI and deepfakes citing cases like Aylo, 23andMe and TikTok – Privacy Push
• The European Commission opened a formal DSA investigation into X over its AI chatbot Grok, examining image-generation and recommender features for risks including manipulated sexual images and potential CSAM exposure and considering interim measures or enforced commitments – Grok Probe

Vulnerabilities & Patches

• Microsoft released emergency fixes for an actively exploited Office zero-day that bypasses OLE mitigations — CVE-2026-21509 — and provided mitigations while urging rapid remediation – Office Zero-day, Office Patch
• Researchers warn a critical VMware vCenter DCERPC bug (out-of-bounds write, CVE-2024-37079, 9.8 CVSS) is being exploited in the wild despite patches released last year – vCenter Bug
• Security firm SEC Consult disclosed more than 20 flaws in Dormakaba Exos access-management systems that could let attackers remotely open doors and retrieve PINs; patches and hardening guidance are available – Dormakaba Flaws

Malware & Phishing Services

• A new malware-as-a-service called Stanley offers malicious Chrome extensions that auto-install and overlay full-screen iframes for credential theft, with publishing support to the Chrome Web Store and geo-targeting features – Stanley Service
• Attackers are using a signed App-V script and the social-engineering ClickFix method (fake CAPTCHA, Run commands, CDN-hosted stego PNGs) to deliver the Amatera infostealer via in-memory PowerShell stages – ClickFix Campaign

Data Breaches & Extortion

• Nike is investigating claims by the WorldLeaks group that it published 1.4 TB of alleged internal data on the dark web amid extortion attempts, with investigations ongoing into the scope and impact – Nike Probe, Nike Claim
• Threat actor ShinyHunters says it leaked partial databases totalling tens of millions of records from SoundCloud, Crunchbase and Betterment after failed extortion, and researchers are tracking the circulating data – ShinyHunters Leak

Nation‑state & Critical Infrastructure

• Security firm ESET attributes a failed December attempt to disrupt parts of Poland‘s power grid to Russia’s Sandworm unit, linking the operation to destructive DynoWiper malware while officials say defenses prevented outages – DynoWiper Attack

Network & Infrastructure Incidents

• Cloudflare disclosed a 25-minute BGP route leak that affected IPv6 traffic, causing congestion, packet loss and roughly 12 Gbps of dropped traffic after an accidental router policy export; the change was reverted and safeguards are planned – BGP Leak

AI, Privacy & Regulation

• Canada‘s Privacy Commissioner used Data Privacy Week 2026 to push for privacy-by-design, modernization of laws (including a proposed right to data mobility) and warned about risks from generative AI and deepfakes citing cases like Aylo, 23andMe and TikTok – Privacy Push
• The European Commission opened a formal DSA investigation into X over its AI chatbot Grok, examining image-generation and recommender features for risks including manipulated sexual images and potential CSAM exposure and considering interim measures or enforced commitments – Grok Probe

Cybersecurity News | Daily Recap – hendryadrian.com