Latest Internet & Cybersecurity News
APT28 Exploits Microsoft Office Vulnerability CVE-2026-21509
Russian state-sponsored APT28 is actively exploiting a high-severity security bypass flaw in Microsoft Office via malicious documents. Microsoft released an emergency patch. This allows attackers to circumvent security features.
SmarterTools Breached by Warlock Ransomware via Own Product Flaw
Warlock ransomware exploited CVE-2026-24423 in SmarterMail, encrypting 12 Windows servers and disrupting the support portal. The breach started from an unpatched VM and spread laterally, but segmentation limited damage. Highlights patch management risks in self-products.
BeyondTrust Patches Critical RCE in Remote Support and PRA
BeyondTrust fixed CVE-2026-1731 affecting Remote Support v25.3.1 and earlier, and Privileged Remote Access v24.3.4 and earlier. The flaw allows remote exploitation via crafted requests without authentication. Update urged immediately.
Microsoft Fixes Critical Semantic Kernel Vulnerability CVE-2026-25592
Microsoft addressed a flaw in Semantic Kernel .NET SDK before v1.70.0, enabling unauthorized file writing in SessionsPythonPlugin. Critical update in Microsoft.SemanticKernel.Core v1.70.0 released. Used for AI agents and multi-agent systems.
Fortinet Releases Critical Fix for FortiClientEMS SQL Injection
Fortinet patched CVE-2026-21643 in FortiClientEMS v7.4.4, an unauthenticated SQL injection allowing code execution via crafted HTTP requests. Critical severity demands immediate patching. Affects endpoint management.
Qilin Ransomware Hits Romanian Oil Pipeline Operator Conpet
Qilin claimed attack on Conpet, stealing 1TB data including passports and financials, listing it on dark web. Operations unaffected but IT compromised. Follows other Romanian critical infrastructure hits.
Singapore Confirms China-Linked UNC3886 Espionage on Telecoms
UNC3886 exploited zero-days in Fortinet, VMware, Juniper for stealth access to telecoms without service disruption. Linked to Chinese espionage targeting critical infrastructure globally. Prompts major cyber response.
Dutch Authorities Confirm Ivanti EPMM Zero-Day Exploits
Ivanti EPMM flaws CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8) exploited as zero-days, exposing employee data in Dutch, EU, Finnish systems. Patched Jan 29, 2026; data not fully deleted persisted.
Zestix Sells Stolen Data from Cloud-Sharing Sites like ShareFile
Zestix, acting as initial access broker, stole credentials for ShareFile, Nextcloud, OwnCloud, impacting aviation, defense, healthcare sectors. Selling PII and corporate data on dark web. Two million records exposed.
ShinyHunters Breaches Match Group Dating Apps via AppsFlyer
ShinyHunters stole 10 million records of user and corporate data from Match apps, entering via AppsFlyer marketing tool. Match calls it a security incident under investigation. Posted on dark web leak site.
Bloody Wolf Deploys NetSupport RAT via Spear-Phishing
Bloody Wolf (Stan Ghouls) targets Uzbekistan and Russia with phishing PDFs delivering NetSupport RAT. Aims at system compromise in organizations. Ongoing campaign reported.
FCC Urges Communications Providers to Bolster Ransomware Defenses
FCC issued guidance amid four-fold rise in ransomware since 2021, highlighting best practices after incidents disrupting services. Targets small-to-medium providers. Issued Jan 29, 2026.