Meta is rolling out “Strict Account Settings” on WhatsApp to provide lockdown-style protections for journalists, public figures, and other high-risk users against sophisticated threats like spyware and zero-click exploits. The opt-in feature applies extreme controls from a user’s primary device—enabling two-step verification, blocking unknown media and calls, disabling link previews, and locking profile and presence data—as WhatsApp also migrates parts of its codebase to Rust for added resilience. #WhatsApp #NSOGroup
Tag: ZERO-DAY
The GTIG reported widespread exploitation of CVE-2025-8088 in WinRAR using Alternate Data Streams and path traversal to drop payloads into the Windows Startup folder for persistence across state-sponsored and financially motivated campaigns. Defenders are urged to patch immediately and hunt for indicators such as malicious RAR archives, LNK/HTA/BAT/CMD payloads, and the provided SHA-256 hashes. #CVE-2025-8088 #WinRAR
Fortinet confirmed an actively exploited critical FortiCloud single sign-on (SSO) authentication bypass tracked as CVE-2026-24858 and mitigated attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware. Attackers abused FortiCloud SSO to gain administrative access to FortiOS, FortiManager, and FortiAnalyzer devices—creating rogue local admin accounts from accounts such as [email protected] and exfiltrating firewall configurations—while Fortinet disabled abusive FortiCloud accounts, globally restricted SSO, and is developing patches. #FortiCloud #FortiGate
Ransomware in 2025 has evolved from a file-encryption problem into systematized extortion that weaponizes stolen data, legal liability, and psychological pressure. Defenders must shift from backup-driven recovery to legal and communications readiness, intelligence-driven vulnerability prioritization, and targeted configuration audits to detect and mitigate data exposure. #SafePay #Cl0p
Multiple state-sponsored and financially motivated actors are actively exploiting the high‑severity CVE-2025-8088 WinRAR path‑traversal vulnerability to gain initial access and deliver varied malicious payloads. The flaw leverages Alternate Data Streams to hide and extract LNK/HTA/BAT/CMD/script files (often into Startup folders) for persistence, with exploitation observed since July 18, 2025, including zero‑day use by RomCom. #CVE-2025-8088 #RomCom
Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509 that bypasses OLE security protections and affects multiple Office versions. Exploitation requires convincing a user to open a malicious Office file, and mitigations include a service-side fix for Office 2021 and later plus registry-based or…
CISA added five vulnerabilities to its Known Exploited Vulnerabilities catalog, including two Linux flaws: a critical GNU Inetutils telnetd authentication bypass (CVE-2026-24061) and a kernel integer overflow (CVE-2018-14634). Exploit activity was observed for the telnetd bug and CISA urged federal agencies to remediate all five issues — which also include two…
Microsoft has released patches for a newly disclosed Office zero-day, CVE-2026-21509, which it says is being actively exploited and was discovered by its own researchers. The flaw bypasses OLE mitigations and requires a user to open a malicious Office file, suggesting targeted espionage, and CISA has added CVE-2026-21509 to its KEV…
Microsoft released emergency out-of-band updates to address a high-severity Microsoft Office zero-day vulnerability tracked as CVE-2026-21509 that bypasses OLE/COM mitigations. The flaw affects multiple Office editions (including Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise), with patches for Office 2016 and 2019 not yet available and registry-based mitigations and a service-side fix provided for other versions. #CVE-2026-21509 #MicrosoftOffice
CISA has flagged a critical VMware vCenter Server vulnerability (CVE-2024-37079) as actively exploited and ordered federal civilian agencies to secure affected systems within three weeks. The June 2024 patch fixes a DCERPC heap overflow that allows low-complexity, unauthenticated remote code execution, and Broadcom confirmed active exploitation with no available mitigations beyond applying the update. #CVE-2024-37079 #VMwarevCenter
Pwn2Own Automotive 2026 in Tokyo awarded security researchers $1,047,000 after they exploited 76 zero-day vulnerabilities across in-vehicle infotainment systems, EV chargers, and car operating systems. Team Fuzzware.io topped the leaderboard with $215,000, followed by Team DDOS and Synactiv, and vendors have 90 days to patch reported zero-days before public disclosure. #Pwn2OwnAutomotive2026 #Fuzzwareio
Threat actors began exploiting an authentication bypass in SmarterTools SmarterMail roughly two days after patches were released, allowing unauthenticated password resets of administrator accounts and takeover of vulnerable instances. The flaw (CVE-2026-23760) can lead to full remote code execution via the Volume Mount Command and has seen widespread exploitation after the…
![Cybersecurity News | Daily Recap [22 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 Jan 2026]")
Daily Recap, Active, high-risk flaws are being patched across vendors, including Cisco’s actively exploited CVE-2026-20045 in Webex, post-exploit activity on SmarterMail, FortiCloud SSO abuse to alter FortiGate configs, and several third-party dependency and RCE/2FA issues affecting major collaboration platforms. AI framework and toolchain vulnerabilities (Chainlit, Anthropic fixes) continue to surface, with coordinated patches from Atlassian, GitLab, Zoom and a Microsoft workaround for Outlook freezes after Windows updates. #Cisco #Chainlit
This week’s incidents show attackers exploiting ordinary files, trusted services, and routine workflows to gain control without relying on exotic exploits. From targeted spear-phishing that delivered the FALSECUB backdoor to malvertising and droppers seeding infostealers like TamperedChef, adversaries favor low-friction, large-scale, and patient operations. #FALSECUB #TamperedChef…
Cisco patched a critical zero-day remote code execution vulnerability tracked as CVE-2026-20045 (CVSS 8.2) that is being actively exploited and affects Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. An unauthenticated remote attacker can send crafted HTTP requests to the web management interface to…