Hello all,
Another week, another Cisco headline about a zero-day, which was then eclipsed, by Fortinet with multiple products needing immediate patching due to critical defects. And of course, there’s Microsoft and the cadre of vendors that published fixes and updates on Patch Tuesday. There’s a lot to report on.
Headline NEWS:
- Cisco Secure Email Gateway has a maximum severity zero-day defect that is being actively exploited. It is in the spam quarantine engine. If the spam quarantine has been exposed to the internet, something not recommended, then you are quite vulnerable. You really should be following vendor guidance. If you use this in your environment, update as soon as you can to fixed version.
- Fortinet released quite a few FortiPatches for a bunch of FortiProducts. FortiFixes were released for FortiOS, FortiSwitchManager, FortiSIEM, FortiSandbox, FotiSASE, FortiFone, and more. If you have FortiAnything, apply FortiUpdates asap.
- Microsoft Patch Tuesday was another whopper with either 112 or 114 defects patched (depending on who’s counting), along with at least 3 zero-days. Obviously, you should check those out first to see where in your enterprise you might be vulnerable and prioritize items that have a likelihood of successful exploitation. CISA has listed one of those zero-days and instructed all federal agencies to patch it by February 3rd. Then you should vet the rest and apply them after ensuring that they won’t cause disruptions in services. Because as has been shown repeatedly, sometimes the fix is worse than the vulnerability. Case-in-point, as can be seen in our Microsoft section, this past week’s fixes already have several follow-up fixes which repair items that had been broken by the Patch Tuesday fixes.
In Ransomware, Malware, and Vulnerabilities News:
- Encouraging news of takedowns, arrests, and indictments. US Supreme Court hacker plead guilty, Aisuru Botnet had a large swath of infrastructure taken offline, Microsoft attempts to take down RedVDS in UK court, Europol arrested 34 members of Black Axe, and more items of good news. Hooray!
- Instagram Data Leak? 17.5 million accounts may have had their sensitive information exposed. The 2024 leak had been advertised recently on the Dark Web, and then users started receiving password change requests. Instagram quickly responded by fixing the API that allowed the threat actors to send those requests, while maintaining that user accounts remained secure. You may want to log in, check your account, ensure you have MFA set, and reset your password, just to be sure.
In Other News Events of Note and Interest:
- SpaceX to get Gigabit Speeds The Federal Communication Commission has given approval for Space Exploration Holdings (SpaceX) to increase their satellite constellation by up to 7,500 more birds, and to operate on additional altitudes and frequencies. And they were given permission to increase power, which will boost the theoretical throughput. By increasing speed, and potentially lowering costs due to economy of scale, SpaceX may soon be a very via alternative broadband provider for the average person.
Musings
I am so tired of seeing the word “sophisticated” tied to a cyber security article. It is practically ubiquitous. I show at least sixty-five RedDotSecurity.news newsletters with the word “sophisticated” in the headline. What exactly makes these breaches, attacks, and exploits “sophisticated”? While some indeed do bear the appropriate hallmarks, such as reverse engineering an operating system, and looking for a flaw to exploit, many headlines get the title of “sophisticated” simply because they involve a computer and the criminal made a moderate attempt to hide their activity. “Oh, you logged in using stolen credentials? And you then copied files off the victim’s network? Yeah, that’s sophisticated all right.” Any script-kiddie can download Evilginx and perform man-in-the-middle password and token theft, but to the average news source, it is “sophisticated”. Ugh! We need to ban that word when it is used in relation to most cyber-crime. It has practically lost all meaning!
However, whether the attacker is a n00b or “sophisticated”, we still must…
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
- FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
- FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests
- Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
- Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day
- Windows info-disclosure 0-day bug gets a fix and CISA alert
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- Fed agencies urged to ditch Gogs as zero-day makes CISA list
- Man to plead guilty to hacking US Supreme Court filing system
- Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
- Microsoft taps UK courts to dismantle cybercrime host RedVDS
- Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime
- Black Basta boss makes it onto Interpol’s ‘Red Notice’ list
- Hacker gets seven years for breaching Rotterdam and Antwerp ports
- Dutch Port Hacker Sentenced to Prison
- Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam
- US Cyber Capabilities to Deter and Disrupt Malign Foreign Activity Targeting the Homeland
- StealC hackers hacked as researchers hijack malware control panels
- European schools and businesses hit as Microsoft disrupts global cybercrime subscription service
- Cybersecurity stocks fall, but an analyst wonders if China fears are just ‘fake news’
- Physical attacks on crypto holders – wrench assaults rising?
- Vulnerabilities and Exploits
- Critical React Router Vulnerability Let Attackers Access or Modify Server Files
- Palo Alto Networks warns of DoS bug letting hackers disable firewalls
- js Security Release Patches 7 Vulnerabilities Across All Release Lines
- Chrome 144 Released With Fix for 10 Vulnerabilities in V8 Engine
- Chrome 144 fixes 3 high-risk security vulnerabilities. Update now!
- Google Fast Pair exploit allows attackers to track affected devices
- Facebook login thieves now using browser-in-browser trick
- Maximum Severity HPE OneView Flaw Exploited in the Wild
- ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
- GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
- Pax8 accidentally exposes partner data – 1,800 MSPs have customer info and licensing details exposed
- Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets
- Three Malicious NPM Packages Attacking Developers to Steal Login Credentials
- Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
- Microsoft updates Windows DLL that triggered security alerts
- Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network
- Reprompt attack hijacked Microsoft Copilot sessions for data theft
- Target’s dev server offline after hackers claim to steal source code
- WooCommerce WordPress Plugin Exploit Enables Fraudulent Charges
- ‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
- Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features
- Elastic Patches Multiple Vulnerabilities That Enables Arbitrary File Theft and DoS Attacks
- Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking
- Phishing, Malware, and similar
- ValleyRAT_S2 Attacking Organizations to Deploy Stealthy Malware and Extract Financial Details
- Never-before-seen Linux malware is “far more advanced than typical”
- Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
- Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud
- Stealthy CastleLoader Malware Attacking US-Based Government Entities
- Taiwan Endures Greater Cyber Pressure From China
- Convincing LinkedIn comment-reply tactic used in new phishing
- Gootloader now uses 1,000-part ZIP archives for stealthy delivery
- Chinese Threat Actors Hosted 18,000 Active C2 Servers Across 48 Hosting Providers
- RondoDox botnet exploits critical HPE OneView bug
- He called himself an ‘untouchable hacker god’. But who was behind the biggest crime Finland has ever known?
- Malicious GhostPoster browser extensions found with 840,000 installs
- Breaches, Leaks, and Ransomware
- Latest BreachForums reboot spills data on 325K users
- Belgian hospital AZ Monica shuts down servers after cyberattack
- Instagram says there’s been ‘no breach’ despite password reset requests
- Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts
- Instagram says it fixed the issue that sent password reset emails
- Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users
- Passports, bank details compromised in Eurail data breach
- Endesa probes breach after hackers claim huge data haul
- South Korean giant Kyowon confirms data theft in ransomware attack
- Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen
- CIRO says about 750K people’s data affected by cybersecurity incident
- CIRO cybersecurity incident: More than 750K people affected
- Researchers Breakdown DragonForce Ransomware Along with Decryptor for ESXi and Windows Systems
- Monroe University says 2024 data breach affects 320,000 people
- Grubhub confirms hackers stole data in recent security breach
- Central Maine Healthcare Data Breach Impacts 145,000 Individuals
Other News Events of Note and Interest
- Cool Tool: I use Revo Uninstaller to wipe out software ghosts haunting my PC
- Cool Tool: How PDFGear stopped me from re-subscribing to Adobe Acrobat
- Best in Show: Our Editors Pick the Top Products and Technologies of CES 2026
- Belkin’s new wireless HDMI adapter can share displays from up to 131 feet away
- Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available
- Cloudflare CEO threatens to pull out of Italy
- Google confirms Android bug causing volume key issues
- Chrome to support much smaller, faster images as JPEG XL makes a security-first comeback
- Micron says it’s ‘helping’ consumers — by not selling RAM to consumers
- Meta Shuts 550,000 Australian Facebook, Instagram Accounts for Social Media Ban
- Linux Mint 22.3 “Zena” Now Available for Download, This Is What’s New
- I tried out North Korea’s leaked OS so you don’t have to
- Tailscale made opening ports on my router feel archaic and dangerous
- Big Win for SpaceX as FCC Clears It to Upgrade Starlink With Gigabit Speeds
- I sat down with Bluetooth reps at CES 2026 – and what they told me changed my perspective forever
- TSMC Says ‘No More’ To Nvidia – Why That Is Intel’s Golden Ticket
- Teaching cybersecurity by letting students break things
- Verizon blames nationwide outage on a “software issue”
- AI, LLM’s, and Skynet
- Anthropic cracks down on unauthorized Claude usage by third-party harnesses and rivals
- First impressions of Claude Cowork, Anthropic’s general agent
- Advancing Claude in healthcare and the life sciences
- OpenAI acquires health-care technology startup Torch
- Nvidia, Eli Lilly commit $1B to AI drug discovery lab
- Amazon has started automatically upgrading Prime members to Alexa Plus
- The RAM shortage’s silver lining: Less talk about “AI PCs”
- AI’s Hacking Skills Are Approaching an ‘Inflection Point’
- Announcing Agent Academy: Operative
- Dell admits users don’t care about AI PCs, refocuses on what matters
- Google’s UCP Checkout Brings New Tradeoffs For Retailers
- Personal Intelligence: Connecting Gemini to Google apps
- Here is how many Copilots Microsoft actually has
- Microsoft
- The official launch date for Windows 11 26H1, confirmed
- OneDrive Backup just got a massive change for the better – how it works now
- Microsoft may soon allow IT admins to uninstall Copilot
- Microsoft explains why Windows 11 25H2 got twice as heavy due to a key security update
- New Windows updates replace expiring Secure Boot certificates
- Microsoft updates fix for broken Windows 11 25H2 24H2 crucial UI components
- Windows 11 driver updates names are generic, confusing, and unhelpful, but Microsoft might fix it
- Microsoft releases Windows 10 KB5073724 extended security update
- Windows 11 KB5074109, KB5073455 January 2026 Patch Tuesday updates out
- Microsoft: Windows 365 update blocks access to Cloud PC sessions
- Latest Patch Tuesday updates break Remote Desktop for some Windows users
- New Windows update ruins Nvidia GeForce GPU performance
- Microsoft: Windows 11 update causes Outlook freezes for POP users
- Patch Tuesday update makes Windows PCs refuse to shut down
- Microsoft confirms Windows 11 January 2026 Update issues, releases fix for at least two bugs
- Windows 11’s new Start menu with Categories layout begins showing up on more PCs, and it really needs a resize button