Executive Summary A critical vulnerability, CVE-2026-24002 (dubbed "Cellbreak"), has been identified in Grist-Core , a widely used programmable spreadsheet platform. This flaw enables remote code execution (RCE) through malicious spreadsheet formulas, allowing attackers to escape the Pyodide sandbox and execute arbitrary operating system commands or JavaScript on the host. Both SaaS and self-hosted deployments of Grist-Core are at risk. The vulnerability’s high severity (CV

Executive Summary A critical vulnerability, CVE-2026-24061 , has been identified in the GNU InetUtils telnetd server, exposing a vast and often-overlooked attack surface across the global internet. This authentication bypass flaw enables unauthenticated remote attackers to gain root-level access to affected systems by manipulating the USER environment variable. The vulnerability impacts a wide range of legacy Linux distributions, routers, and IoT devices, many of which are

Executive Summary The CVE-2026-21509 vulnerability represents a critical zero-day security flaw in Microsoft Office that has been actively exploited in the wild, prompting an emergency out-of-band patch from Microsoft . This vulnerability enables attackers to bypass OLE (Object Linking and Embedding) mitigations, allowing the execution of malicious COM/OLE controls through specially crafted Office documents. The attack requires user interaction, specifically opening a malic

Executive Summary ClickFix attacks have rapidly evolved into a significant threat vector, leveraging fake CAPTCHAs, Microsoft -signed scripts, and trusted web services to deliver advanced malware payloads, including information stealers and remote access tools. These campaigns are characterized by their abuse of "living-off-the-land" (LotL) techniques, sophisticated social engineering, and the exploitation of legitimate cloud and blockchain services for payload delivery and.

Executive Summary In December 2025, SoundCloud experienced a significant data breach impacting approximately 29.8 million user accounts, representing about 20% of its user base. The breach was the result of unauthorized access to an internal service dashboard, which allowed attackers to map hidden email addresses to publicly available profile data. The compromised information included email addresses, usernames, display names, avatars, follower and following counts, profile

Executive Summary The Chinese advanced persistent threat group Mustang Panda (also known as HoneyMyte , Bronze President , RedDelta , and TA416 ) has significantly escalated its cyber-espionage operations by deploying sophisticated infostealer modules through the CoolClient backdoor. This campaign, observed in 2024 and 2025, targets government, diplomatic, and critical infrastructure organizations, primarily across Asia and Eastern Europe. The latest CoolClient variant dem

Executive Summary On January 26, 2026, Microsoft released an emergency out-of-band patch to address a critical zero-day vulnerability in Microsoft Office , designated as CVE-2026-21509 . This security flaw is being actively exploited in the wild, prompting its immediate inclusion in the CISA Known Exploited Vulnerabilities (KEV) catalog. The vulnerability enables adversaries to bypass core security features in Office , specifically those related to OLE (Object Linking and Em

Executive Summary On January 10, 2026, Eurail B.V. publicly disclosed a data security incident involving unauthorized access to its IT systems, resulting in the compromise of sensitive traveler information. The breach affected both direct customers of Eurail and participants in the European Commission’s DiscoverEU program, which is funded under the Erasmus+ initiative. The types of data potentially exposed include names, contact details, passport information, and, for some

Executive Summary Microsoft, in collaboration with international law enforcement agencies including Europol and German authorities, has disrupted the RedVDS cybercrime-as-a-service platform as of January 2026. RedVDS provided disposable, Windows-based virtual servers for as little as $24 per month, paid in cryptocurrency, and was used by multiple financially motivated threat actors to facilitate mass phishing, credential theft, business email compromise (BEC), and payment d

Executive Summary A critical vulnerability in Fortinet FortiSIEM (CVE-2025-64155) has been identified, enabling unauthenticated remote code execution (RCE) through a command injection flaw in the phMonitor service. This vulnerability, with a CVSS score of 9.8, is being actively exploited in the wild, and public proof-of-concept (PoC) code is readily available. The flaw allows attackers to gain root-level access, potentially leading to full system compromise, lateral movemen

Executive Summary On January 14, 2026, Kyowon Group , a major South Korean conglomerate operating in education, digital learning, home appliances, and funeral services, publicly confirmed a ransomware attack that resulted in the exfiltration of company data. The incident, first detected as abnormal activity in internal systems on January 10, 2026, led to significant service outages and impacted approximately 600 of the company’s 800 servers. South Korean authorities estimate

Executive Summary A critical Denial of Service (DoS) vulnerability, identified as CVE-2024-3393 , has been disclosed and is actively exploited in the wild, targeting Palo Alto Networks firewalls running vulnerable versions of PAN-OS . This flaw enables unauthenticated remote attackers to send specially crafted DNS packets that can force affected firewalls to reboot or enter maintenance mode, effectively disabling all network security controls and exposing organizations to si

Executive Summary On January 9, 2026, a significant data breach at BreachForums , a major cybercrime marketplace, resulted in the exposure of nearly 324,000 user records. The breach, which originated from a misconfiguration or vulnerability in the forum’s MyBB software, led to the public release of a database containing usernames, Argon2-hashed passwords, email addresses, IP addresses, registration dates, and PGP keys. The incident has compromised the anonymity of cybercrimi

Executive Summary A critical supply chain attack has recently targeted the n8n workflow automation platform, exploiting its extensibility and trust in community-contributed nodes. Malicious actors published rogue npm packages masquerading as legitimate n8n community nodes, which, once installed, exfiltrated OAuth tokens and sensitive credentials from affected systems. This attack demonstrates a sophisticated abuse of the open ecosystem underpinning n8n , leveraging the pla

Executive Summary The GoBruteforcer botnet represents a significant and rapidly evolving threat to the cryptocurrency sector, specifically targeting databases and infrastructure of crypto projects by exploiting weak or default credentials. This Golang-based malware leverages automated brute-force techniques to compromise Linux servers running exposed services such as FTP , MySQL , PostgreSQL , and phpMyAdmin . Once a server is compromised, it is assimilated into a distribute

Executive Summary In January 2026, a critical security incident involving Instagram was disclosed, centering on a vulnerability in the platform’s password reset mechanism. Attackers exploited this flaw to trigger mass password reset emails, causing widespread confusion among users and increasing the risk of subsequent phishing and social engineering attacks. Concurrently, a dataset containing information on over 17 million Instagram accounts surfaced on multiple hacking for

Executive Summary On January 12, 2026, Endesa , Spain’s largest energy provider and a subsidiary of the Enel Group , publicly disclosed a significant data breach affecting customers of its regulated market operator, Energía XXI . The breach involved unauthorized access to the company’s commercial platform, resulting in the exposure and potential exfiltration of highly sensitive customer data, including identification details, contact information, national identity numbers, co

Executive Summary The University of Hawaii Cancer Center experienced a ransomware attack that resulted in the encryption of research files and the exfiltration of sensitive participant data, including Social Security numbers. The breach was discovered in late August 2025, but notification to affected individuals and the public was delayed, with the official report submitted to the Hawaii Legislature four months after discovery, exceeding statutory notification timeframes. The

Executive Summary On January 9, 2026, the user database of the BreachForums hacking forum was leaked online, exposing 323,988 account records. The breach resulted from an accidental exposure of a database backup during a forum restoration process, not from exploitation of software vulnerabilities or malware. The leaked data includes usernames, registration dates, and 70,296 public IP addresses, as well as a passphrase-protected PGP private key used by forum administrators. T

Executive Summary A critical unauthenticated remote code execution (RCE) vulnerability has been identified in Trend Micro Apex Central (on-premise, Windows), tracked as CVE-2025-69258 and assigned a CVSS score of 9.8. This flaw enables a remote attacker with network access to execute arbitrary code as SYSTEM, resulting in a complete compromise of the management server. The vulnerability is particularly severe due to the availability of public proof-of-concept (PoC) exploit