Executive Summary SolarWinds has released urgent patches for four critical vulnerabilities in its Web Help Desk (WHD) product, including unauthenticated remote code execution (RCE) and authentication bypass flaws. These vulnerabilities are easily exploitable and allow unauthenticated attackers to gain full control of affected systems. The issues are tracked as CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, with additional related CVEs for privilege escala

Executive Summary A highly sophisticated multi-stage phishing campaign is currently targeting Russian organizations, leveraging advanced social engineering, public cloud infrastructure, and a combination of surveillance and destructive malware. The campaign delivers both the Amnesia RAT and a ransomware variant from the Hakuna Matata family, utilizing a complex infection chain that exploits native Microsoft Windows features rather than software vulnerabilities. Attackers e

Executive Summary In December 2025, the Polish energy sector was the target of a highly sophisticated cyberattack attributed to the Russian state-sponsored advanced persistent threat (APT) group Sandworm . The operation leveraged a newly identified data-wiping malware, DynoWiper , with the explicit intent to disrupt critical energy infrastructure, including combined heat and power (CHP) plants and renewable energy management systems. Despite the advanced nature of the attack,

Executive Summary In January 2026, U.S. federal authorities announced the sentencing and impending deportation of two Venezuelan nationals, Luz Granados and Johan Gonzalez-Jimenez, for their roles in a multi-state ATM jackpotting scheme that targeted older-model Automated Teller Machines (ATMs) across the southeastern United States. The attackers used laptops to install Ploutus malware variants, bypassing ATM security protocols and forcing the machines to dispense all availa

Executive Summary A critical zero-day vulnerability in Cisco Unified Communications (UC) products, tracked as CVE-2024-20253 , has been discovered and is being actively exploited in the wild. This flaw impacts millions of enterprise and government users globally, as it affects core collaboration infrastructure such as Cisco Unified Communications Manager (Unified CM) , Cisco Unity Connection , and Cisco Webex Calling Dedicated Instance . The vulnerability allows unauthentica

Executive Summary On January 22, 2026, Okta and independent security researchers reported a surge in highly targeted vishing (voice phishing) attacks leveraging custom adversary-in-the-middle (AiTM) phishing kits to compromise Okta SSO (Single Sign-On) accounts. These attacks are orchestrated by multiple threat actors, including groups with a history of high-profile data breaches, and are primarily targeting organizations in the fintech, wealth management, financial, and ad

Executive Summary A critical vulnerability has been identified in GNU InetUtils telnetd (CVE-2026-24061, CVSS 9.8), which enables remote attackers to bypass authentication and obtain root access by exploiting improper handling of the USER environment variable. This flaw impacts all versions of GNU InetUtils telnetd from 1.9.3 up to and including 2.7 . The vulnerability is being actively exploited in the wild, with threat activity observed from multiple global regions. Imme

Executive Summary Fortinet has confirmed that a critical authentication bypass vulnerability affecting FortiCloud SSO is being actively exploited in the wild, even on fully patched FortiGate firewalls. The vulnerability, tracked as CVE-2025-59718 and CVE-2025-59719 , allows unauthenticated attackers to bypass SSO authentication by crafting malicious SAML messages. This enables adversaries to gain administrative access, create persistent local accounts, and exfiltrate sens

Executive Summary In late 2025, Under Armour experienced a significant data breach attributed to the Everest ransomware group, resulting in the exposure of sensitive information belonging to approximately 72.7 million customers. The compromised data includes names, dates of birth, email addresses, gender, geographic location, purchase history, item browsing history, marketing logs, product catalog data, and employee information. The breach did not affect payment systems or

Executive Summary Publication Date: January 20, 2026 The European Union has introduced the European Vulnerability Database (EUVD) , a transformative step in vulnerability management and cybersecurity resilience. Administered by the Computer Incident Response Centre Luxembourg (CIRCL) and maintained by ENISA , the EU Agency for Cybersecurity, the EUVD is designed to aggregate, correlate, and disseminate actionable vulnerability intelligence across the EU and beyond. This repo

Executive Summary The North Korean advanced persistent threat group Konni has launched a highly targeted campaign against blockchain engineers, leveraging AI-built malware to compromise development environments and exfiltrate sensitive data. This campaign is distinguished by its use of artificial intelligence to generate modular, obfuscated, and well-documented PowerShell malware, representing a significant leap in adversarial tradecraft. The attack chain exploits social e

Executive Summary The StackWarp vulnerability ( CVE-2025-29943 ) represents a critical threat to the integrity of confidential computing environments leveraging AMD Zen 1–5 processors with Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) . This hardware-level flaw enables a privileged adversary, such as a malicious hypervisor or compromised cloud provider, to deterministically manipulate the stack pointer of a guest virtual machine. By exploiting a synchroni

Executive Summary Monroe University experienced a significant data breach between December 9 and December 23, 2024, resulting in unauthorized access to its network and the compromise of sensitive personal information belonging to 320,973 individuals. The breach was not discovered until September 30, 2025, following a review of stolen documents. The compromised data includes names, dates of birth, Social Security numbers, driver’s license and passport numbers, government ident

Executive Summary A critical vulnerability, CVE-2025-59466 , has been discovered in Node.js , specifically within the async_hooks module and its implementation in AsyncLocalStorage . This flaw enables remote attackers to crash Node.js servers by inducing an unrecoverable stack overflow, resulting in a Denial-of-Service (DoS) condition. The vulnerability is particularly severe for applications leveraging React Server Components , Next.js , and leading Application Performance

Executive Summary The emergence of the PLUGGYAPE malware campaign marks a significant escalation in the use of instant messaging platforms as vectors for advanced cyber-espionage. Between October and December 2025, Ukrainian Defense Forces were specifically targeted by a sophisticated operation attributed to the Russian APT group Void Blizzard (also known as Laundry Bear or UAC-0190). Attackers exploited the trust and ubiquity of Signal and WhatsApp to deliver malicious p

Executive Summary The January 2026 Patch Tuesday release from Microsoft and other major vendors marks a critical juncture in the ongoing battle against sophisticated cyber threats. This month’s coordinated disclosure and patch cycle addresses 113 vulnerabilities across the Windows ecosystem, Microsoft Office , Mozilla Firefox , Google Chrome , and a range of legacy and modern drivers. Of particular concern is CVE-2026-20805 , a zero-day vulnerability in the Desktop Window

Executive Summary A critical security vulnerability, tracked as CVE-2025-55182 and colloquially named React2Shell , has been identified in React Server Components (RSC) and frameworks implementing the RSC "Flight" protocol, most notably Next.js . This vulnerability enables unauthenticated remote code execution (RCE) on affected servers, with a maximum CVSS score of 10.0 . The flaw is being actively exploited in the wild, including by sophisticated China-nexus advanced persi

Executive Summary A series of critical vulnerabilities have been identified and patched in FreePBX , a widely deployed open-source PBX platform integral to many VoIP infrastructures. The vulnerabilities— CVE-2025-66039 (authentication bypass via webserver AUTHTYPE), CVE-2025-61675 (multiple SQL injection flaws in the Endpoint Management module), and CVE-2025-61678 (arbitrary file upload enabling remote code execution)—collectively allow unauthenticated attackers to gain ad

Executive Summary In December 2025, Fortinet, Ivanti, and SAP released urgent security patches addressing critical vulnerabilities that could allow authentication bypass and remote code execution (RCE). These flaws are being actively discussed in the security community due to their high severity and exploitation potential. This report provides a detailed analysis, including technical details, exploitation evidence, IOCs, and references. 1. Fortinet Vulnerabilities Vulnerabili

Executive Summary In the first half of 2025, Japanese organizations experienced a significant escalation in ransomware attacks, with confirmed incidents rising by approximately 1.4 times compared to the previous year. Sixty-eight cases were reported between January and June 2025, averaging 11 incidents per month. The manufacturing sector was the most affected, accounting for 18.2% of incidents, followed by automotive, trading, construction, and transportation industries. Smal