Latest Internet & Cybersecurity News
APAC Energy Firm Hit by Dire Wolf Ransomware
Malaysia’s Perdana Petroleum Berhad suffered a Dire Wolf ransomware attack, with 150 GB of financial, supplier, legal, and customer data published. This incident disrupts the oil & gas supply chain with severe operational and reputational risks.
Cisco Unified Communications Zero-Day Under Active Exploit
Cisco confirmed critical CVE-2026-20045 in Unified Communications Manager, Unity Connection, and Webex Calling, allowing unauthenticated remote code execution. Active attacks are ongoing with no workarounds; urgent patching required.
SmarterMail Authentication Bypass Exploited in the Wild
SmarterTools’ SmarterMail faces active exploits via a force-reset-password API bug, enabling admin credential resets. Organizations must deploy build 9511 and monitor for anomalies.
Microsoft Patch Tuesday Addresses 114 Vulnerabilities Including Zero-Days
Microsoft's January 2026 Patch Tuesday fixed 114 flaws across Windows, Office, Azure, and Edge, with three zero-days, one exploited. Immediate patching urged for privilege escalation and RCE risks.
AI-Led Espionage Campaign Uses Autonomous Agents
Anthropic reported a state-linked APT using AI agents for 80-90% of intrusion lifecycle, targeting 30 global organizations from reconnaissance to exploitation. This evades human detection methods.
ShinyHunters Claims Voice Phishing Attacks on Okta, Google, Microsoft
ShinyHunters credited with vishing campaigns using phishing kits to steal SSO credentials and bypass MFA at five companies. Attackers pivot to SaaS for data theft and extortion; activity ongoing.
Langley Twigg Confirms Cyber Attack and Data Theft
New Zealand firm Langley Twigg took systems offline after a January 11 attack by unknown malware, confirming data extraction from file servers including client documents. Forensics ongoing with notifications planned.
ESET Links Sandworm to Power-Sector Attack with DynoWiper
ESET attributes attempted power-sector attack to Russian Sandworm group using DynoWiper malware. This highlights ongoing threats to critical infrastructure.
Nike Investigates Extortion Threat After Data Breach Claim
Nike is probing a potential incident following extortion group threats to release stolen data. Details under investigation amid rising ransomware tactics.
Health-ISAC Reports AI-Driven Attacks as Top 2026 Health Sector Threat
Health-ISAC's 2026 report highlights AI-enabled attacks and supply chain vulnerabilities as primary risks, based on 2025 data including over 1,200 alerts. Executives rank AI threats #1 concern.
Microsoft Patches Office Zero-Day CVE-2026-21509
Microsoft addressed CVE-2026-21509, an Office zero-day likely exploited in targeted attacks to bypass security features. Part of broader Patch Tuesday updates.
IBM Issues Critical Security Advisories for Multiple Products
IBM released advisories January 19-25, 2026, for vulnerabilities in Big SQL, Concert Software, DataStax, and Guardium, urging critical updates.