Cybersecurity News | Daily Recap [31 Jan 2026]

hendryadrian.com

hendryadrian.com

OT & Power

• A December 2025 campaign used default credentials, exposed FortiGate VPNs and misconfigured OT devices to compromise ~30 Polish wind and solar sites, exfiltrate credentials, and deploy wipers that bricked ICS equipment attributed to Static Tundra/DynoWiper with links to Electrum/Sandworm reporting – Poland Grid, Poland ICS

Vulnerabilities & Patches

• Two critical Ivanti EPMM zero-days (including CVE-2026-1281) were exploited in the wild allowing unauthenticated code execution and prompting emergency mitigations and a CISA Known Exploited Vulnerability directive – Ivanti EPMM, Ivanti Zero-day
• SolarWinds released patches for six Web Help Desk flaws, including four critical RCE issues (fixed in version 2026.1), urging immediate updates despite no public exploit reports – SolarWinds Patch
• Microsoft linked recent Windows 11 boot failures to devices left in an “improper state” after a failed December 2025 update, with a partial fix forthcoming but no recovery for already-unbootable systems – Windows 11

AI & LLM Abuse

• Researchers found roughly 175,000 exposed Ollama hosts (≈23,000 driving most activity across 130 countries and 4,032 ASNs), many unauthenticated and capable of code execution or API access, enabling spam, phishing, and disinformation abuse – Ollama Hosts
• Threat actors abused Hugging Face to host and distribute Android RATs and thousands of Android malware variants via trojanized models and repos, amplifying mobile-targeted malware distribution – HuggingFace RAT, HuggingFace Malware

Industry & Trends

• SecurityWeek’s weekly roundup highlights acquisitions, phishing waves (including LastPass targeting), Google’s $68M voice-recording settlement, CISA RSA withdrawal and post‑quantum guidance, the FBI seizure of RAMP, and other sector moves – In Other News
• The Cyber Express weekly roundup covers major incidents, zero-day patches, the rise of ad fraud, and regulatory trends including a disruptive attack on Russian firm Delta and the ShadowHS framework discovery – Cyber Express
• Aisy emerged from stealth with $2.3M seed funding for an AI-assisted vulnerability management platform that maps attacker paths and chains alerts to prioritize remediation (no autonomous fixes) – Aisy Launch
• Ad fraud is surging, with mobile fraud up 21% in 2024 and programmatic losses near $50 billion, with experts urging independent verification and real-time auditing to restore trust – Ad Fraud

Disruptions & Takedowns

• Google’s Threat Intelligence Group and partners disrupted the IPIDEA residential proxy operation, takedown of domains and intel sharing followed after covert enrollment of millions of devices via trojanized apps to sell proxy access to 550+ threat groups – IPIDEA Takedown

Breaches & Fines

• Match Group confirmed a breach after the ShinyHunters leak of ~1.7 GB of files from Hinge, Tinder, OkCupid and Match, blaming a compromised Okta SSO account and reporting limited exposed user data – Match Breach
• Marquis attributes an August 2025 ransomware incident affecting U.S. banks to stolen firewall backups from SonicWall’s MySonicWall cloud (later confirmed to impact all cloud backup customers), with Mandiant linking the compromise to state‑sponsored actors – Marquis / SonicWall
• France’s CNIL fined €5 million on France Travail after a 2024 breach exposed 20 years of job-seeker records due to social engineering, weak auth, excessive permissions and poor monitoring, and ordered corrective measures under threat of daily penalties – France CNIL Fine

Cybersecurity News | Daily Recap – hendryadrian.com