Daily Recap, phishing activity escalates with an AiTM campaign abusing SharePoint to steal Microsoft credentials, compromise inboxes, and bypass MFA in the energy sector, while vishing kits synchronize fake login pages with live calls targeting Google, Microsoft, and Okta. Ransomware and exploits dominate the headlines, from Osiris using POORTRY to disable protections and exfiltrate data to Wasabi, to INC recovery of encrypted data and Ploutus ATM jackpotting linked to Tren de Aragua, alongside critical vulnerabilities in FortiCloud SSO, SmarterMail, InetUtils telnetd, and widespread security updates from GitLab, Outlook iOS, curl, and Teams. #SharePoint #AiTM #Microsoft #Google #Okta #Osiris #POORTRY #Wasabi #INC #Ploutus #TrenDeAragua #FortiCloudSSO #FortiOS #SmarterMail #InetUtils #telnetd #GitLab #Outlook #curl #Teams #Pwn2OwnAuto #FALSECUB #TamperedChef #NetNTLMv1 #MnCHOICES #ActiveDirectory
Category: Daily Recap
![Cybersecurity News | Daily Recap [24 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [24 Jan 2026]")
Daily Recap, Active, high-risk flaws are being patched across vendors, including Cisco’s actively exploited CVE-2026-20045 in Webex, post-exploit activity on SmarterMail, FortiCloud SSO abuse to alter FortiGate configs, and several third-party dependency and RCE/2FA issues affecting major collaboration platforms. AI framework and toolchain vulnerabilities (Chainlit, Anthropic fixes) continue to surface, with coordinated patches from Atlassian, GitLab, Zoom and a Microsoft workaround for Outlook freezes after Windows updates. #Cisco #Chainlit
Daily Recap, WordPress ACF plugin vulnerabilities put thousands of sites at risk, with one add-on affecting 100,000 sites and another flaw giving admins access on 50,000 sites. The roundup also notes patches for Zoom and GitLab addressing RCE and a high-severity 2FA bypass, a Cloudflare WAF bypass via the ACME path, AI-generated threats like VoidLink, and malware campaigns such as PDFSider and LinkedIn RAT. #VoidLink #PDFSider
Daily Recap, The daily cybersecurity recap emphasizes proactive defence for 2026 with CISOs prioritizing attack surface visibility and threat hunting, while noting the ETSI AI security standard and Olympics-linked cyber risk as more connected environments emerge. The summary also highlights high-profile items across malware and threats, including Black Basta leadership and an INTERPOL Red Notice, the LOTUSLITE backdoor tied to a Mustang Panda campaign targeting the U.S. government, and notable vulnerabilities and incidents such as StealC, TamperedChef ads, RondoDox using an HPE OneView flaw, Windows Cloud PC bugs, GhostPoster extensions, the CIRO data breach, a Supreme Court hack, Iran TV hijack, and OpenAI ads. #BlackBasta #MustangPanda
![Threat Research | Weekly Recap [18 Jan 2026]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [18 Jan 2026]")
Cybersecurity Threat Research ‘Weekly’ Recap. The report highlights a surge in encryptionless extortion and the rise of new RaaS groups such as Qilin, Akira, and LockBit 5.0, tracks the December 2025 ransomware activity, surveys infostealers, phishing campaigns, RATs and loaders, and web skimming, notes notable vulnerabilities like MongoBleed (CVE-2025-14847), CVE-2020-8554 and CVE-2017-11882, and points to defense tools such as Landlock telemetry and AuraInspector along with AI/LLM attack surface insights and Validin’s research. #Qilin #Akira #LockBit5_0 #Sicarii #CrazyHunter #Medusa #Remcos #AsyncRAT #CastleLoader #VoidLink #KONGTUKE #LOTUSLITE #AshTag #AshenLepus #RustDesk #Winos4_0 #RedVDS #Magecart #SilentPush #MongoBleed #CVE2025_14847 #CVE2020_8554 #CVE2017_11882 #SolyxImmortal #ACRStealer #LummaC2 #Stealc #MonetaStealer #MEXCApiAutomator #MustangPanda
Daily Recap, Gootloader now uses 1,000-part ZIP archives to evade detection and deliver payloads, while the Kimwolf botnet has infected roughly 2 million devices. Daily Recap, DeadLock leverages Polygon smart contracts to rotate proxies and obscure infrastructure, with further coverage on Modular DS WordPress exploits, AWS CodeBuild misconfigurations, StackWarp on AMD processors, Reprompt attacks against Microsoft Copilot, RedVDS seizures, Grubhub breach, and leadership shifts around the RSA Conference. #Gootloader #DeadLock
Daily Recap, AI & ML security dominates the recap with threats ranging from voice cloning, PLC vulnerabilities, and poisoned dependencies to privilege escalation via AI agents and escalating workflow risks. The report highlights a mix of incidents, patches, and enforcement actions across vendors, botnets, data breaches, and regulatory penalties, underscoring the need to secure workflows, access controls, and AI governance. #VoidLink #Kimwolf #Aisuru #FortiSIEM #PLUGGYAPE #GrokBlock #GrokProbe #Eurail #Kyowon #FreeMobile #RedVDS #Verizon #Uganda #Siemens #Schneider #Aveva #PhoenixContact #Tines #Aikido #CrowdStrike #FTC #GM
Daily Recap, The latest funding rounds show Depthfirst raising $40 million, Novee securing $51.5 million, and isVerified entering stealth with voice-deepfake detection, signaling ongoing investor interest in vulnerability management and identity assurance. It further catalogs vulnerabilities, breaches, and attacks across FortiSIEM, Desktop Windows Manager, Node.js async_hooks, c-ares, Belgian Hospital, Monroe University, Pax8, Victorian Department of Education, RedVDS, Predator spyware, PLUGGYAPE, ConsentFix, Reprompt, third-party risk, and Windows 365/Cloud PC service disruptions. #Depthfirst #Novee #isVerified #FortiSIEM #DesktopWindowsManager #NodeJS #async_hooks #c-ares #BelgianHospital #MonroeUniversity #Pax8 #VictorianDepartmentOfEducation #RedVDS #PredatorSpyware #PLUGGYAPE #ConsentFix #Reprompt #Windows365 #CloudPC
Daily Recap, Attackers are targeting LLMs in a widespread campaign to manipulate model interfaces and access data. Experts warn cyber disruption is now a sovereign risk and outline what CISOs should expect through 2026. #LLMCampaign #APT28 #IranBlackouts #ArmeniaRecords #HungaryAsylum #n8n #GoBruteforcer #GogsRCE #UHCancerCenter #Instagram #Facebook #ApexLegends #PortsBreach #RotterdamPorts #AntwerpPorts
Daily Recap, State-linked APTs are in the spotlight as Kimsuky conducts quishing campaigns, UAT-7290 targets telecoms across South Asia and Europe, and MuddyWater shifts to stealthy Rust implants dubbed ‘RustyWater’. In data and privacy, breaches touch the Hawaii Cancer Center and Instagram, California bans health-data resales, Iran endures a long internet outage, and Microsoft retires the Send to Kindle feature in Word. #Kimsuky #RustyWater
Daily Recap, state-linked actors from China and Russia exploited VMware ESXi zero-days and edge-device flaws and deployed UAT-7290 Linux malware/ORB nodes to breach telecoms and energy-sector targets. Phishing and crypto-crime activities persisted, with the FBI warning of Kimsuky using malicious QR codes in spear-phishing and misconfigured email routing enabling internal-spoofed phishing, while the Astaroth worm spread in Brazil and the Truebit theft highlighted ongoing ransomware and crypto-exploitation alongside privacy and data-breach concerns. #UAT-7290 #ESXi #Astaroth #Truebit #Kimsuky #FBI #NSA #Cisco #Grok #X #ChatGPTHealth #EEOC #CPPA #CISA #PowerPoint #HPE #DNS
Daily Recap, UK unveils a new national cyber action plan to close public-sector gaps and strengthen defenses across government, while the US signals broad diplomatic shifts by exiting global cyber coalitions and dozens of international treaties. In industry and innovation, CrowdStrike will buy identity-security firm SGNL for $740 million to expand identity threat coverage, Blackbird.AI raises 28 million to grow its narrative-intelligence platform and analytics, and OpenAI launches ChatGPT Health with isolated, encrypted controls for sensitive health data to support HIPAA-style protections. #UKCyberPlan #USExit #CrowdStrike #SGNL #BlackbirdAI #OpenAIHealth #AgenticAI #ChromeExtensions #jsPDF #n8n #CiscoISE #MFA #Taiwan #China #Iberia #Prosura #MicrosoftExchangeOnline #GoBruteforcer #RustFS
Daily Recap, A wave of critical fixes and warnings dominated the period, with a CVSS 10.0 remote code execution in n8n prompting urgent remediation, alongside patches for jsPDF, Dolby decoder in Android, and Veeam backup vulnerabilities. Incidents and advisories highlighted risks across industries—from Totolink EX200 and D-Link legacy routers to Columbia Weather Systems MicroServer, a British school cyberattack, Brightspeed disruptions, Illinois data exposure, and rising telecommunication ransomware activity. #n8n #Ni8mare #jsPDF #Dolby #Veeam #Totolink #EX200 #DLink #ColumbiaWeatherSystems #Brightspeed #CrimsonCollective #BlackCat #Stalkerware #Illinois
Daily Recap, governments and industry are navigating a broad set of cyber challenges, from the UK’s £210M cyber action plan and sector funding to urgent patches for TOTOLINK EX200, D-Link DSL routers, and Dolby vulnerabilities. The landscape also features sophisticated campaigns and threats, including Kimwolf Android botnet activity, VVS Stealer targeting Discord, and hospitality-focused ClickFix delivering DCRat to hotel systems, alongside geopolitical spikes such as Taiwan’s energy-sector attacks and the Sedgwick breach. #Kimwolf #VVS_Stealer
Daily Recap, researchers spotlight a WhatsApp metadata leak as Meta begins rolling out fixes to address exposure of message metadata, while ManageMyHealth remains under investigation for a cyberattack affecting its systems and patient services, and IBM API Connect contains a critical authentication bypass that could let attackers impersonate users and access protected APIs; SlowMist flags a potential security risk at HitBTC that could threaten user funds and platform integrity. On the malware/APT front, VVS Stealer targets Discord via obfuscated Python, and Transparent Tribe (APT36) campaigns weaponize JLPT exam notifications to deliver fileless espionage tools against targets in India, with a weekly threat recap for 04 Jan 2026.
#VVSStealer #APT36