Daily CyberSecurity •

Sitting Ducks and Scammy Notifications: Inside a Global Malvertising Operation

Sitting Ducks Vulnerability Push Notification Scam

Cybercriminals

Sitting Ducks and Scammy Notifications: Inside a Global Malvertising Operation

January 19, 2026

The Fake “RedLine”: Imposter Malware Hijacks Crypto Wallets on Discord

RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

Cybercriminals

The Fake “RedLine”: Imposter Malware Hijacks Crypto Wallets on Discord

January 19, 2026

DeadLock Ransomware: New Strain Hides C2 in Polygon Smart Contracts

DeadLock Ransomware Polygon Smart Contracts

Cybercriminals

DeadLock Ransomware: New Strain Hides C2 in Polygon Smart Contracts

January 16, 2026

Sicarii Ransomware Masquerades as Israeli Hacktivists

RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Cybercriminals

Sicarii Ransomware Masquerades as Israeli Hacktivists

January 16, 2026

Discord Spy: SolyxImmortal Malware Uses Webhooks for Stealthy Theft

SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

Malware

Discord Spy: SolyxImmortal Malware Uses Webhooks for Stealthy Theft

January 20, 2026

Malformed & Dangerous: Gootloader Returns with New Ransomware Ties

Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Malware

Malformed & Dangerous: Gootloader Returns with New Ransomware Ties

January 20, 2026

PDFSIDER Discovered: New APT Malware Uses DLL Side-Loading to Evade Detection

PDFSIDER Malware DLL Side-Loading

Malware

PDFSIDER Discovered: New APT Malware Uses DLL Side-Loading to Evade Detection

January 20, 2026

Operation Poseidon: Konni APT Hijacks Google & Naver Ads for Malware

Operation Poseidon Konni APT

Operation Poseidon: Konni APT Hijacks Google & Naver Ads for Malware

January 20, 2026

KnownSec Data Leak Exposes State-Aligned Cyber Espionage Pipeline

EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Data Leak

KnownSec Data Leak Exposes State-Aligned Cyber Espionage Pipeline

January 19, 2026

The Anonymity Trap: New Telegram Flaw Leaks Real IPs via Proxy Links

Telegram IP leak proxy link, Telegram security update 2026 Amsterdam ban Telegram - Golang Backdoor Telegram backdoor France encryption

Data Leak

The Anonymity Trap: New Telegram Flaw Leaks Real IPs via Proxy Links

January 15, 2026

The Solonik Leak: 17.5 Million Instagram Profiles Exposed on Dark Web

Instagram 3 Billion, Reels Focus

Data Leak

The Solonik Leak: 17.5 Million Instagram Profiles Exposed on Dark Web

January 12, 2026

Spy Games or Glitch? The Truth Behind Venezuela’s BGP Leak

Venezuela BGP Leak CANTV

Data Leak

Spy Games or Glitch? The Truth Behind Venezuela’s BGP Leak

January 8, 2026

“Nomad Leopard” Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government Nomad Leopard Afghanistan Cyber Espionage

Nomad Leopard Afghanistan Cyber Espionage

“Nomad Leopard” Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government

Ddos January 20, 2026

Industrial Alert: Critical RCE in AVEVA Software Rated CVSS 10

AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Industrial Alert: Critical RCE in AVEVA Software Rated CVSS 10

Ddos January 20, 2026

Spy vs. Spy: Predator Malware Now Hunts the Researchers Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

Spy vs. Spy: Predator Malware Now Hunts the Researchers

Ddos January 20, 2026

WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking WhisperPair Vulnerability Google Fast Pair Flaw

WhisperPair Vulnerability Google Fast Pair Flaw

WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking

Ddos January 20, 2026

Trojanized PDF Editor: “TamperedChef” Campaign Bypasses Windows SmartScreen TamperedChef Malvertising AppSuite PDF Editor

TamperedChef Malvertising AppSuite PDF Editor

Trojanized PDF Editor: “TamperedChef” Campaign Bypasses Windows SmartScreen

Ddos January 20, 2026

Fake Windows Executables Target macOS: Inside the “MonetaStealer” Discovery MonetaStealer macOS Malware

MonetaStealer macOS Malware

Fake Windows Executables Target macOS: Inside the “MonetaStealer” Discovery

Ddos January 20, 2026

The Outlook Freeze: New Windows 11 Update Breaks POP3 Accounts in Outlook Classic Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

The Outlook Freeze: New Windows 11 Update Breaks POP3 Accounts in Outlook Classic

Ddos January 19, 2026

The Patch After the Patch: Microsoft Issues Emergency Fix for Remote Desktop and Shutdown Bugs Microsoft OOB update January 2026, Remote Desktop login shutdown bug Windows Edge Light PowerToys Ring Light

Microsoft OOB update January 2026, Remote Desktop login shutdown bug Windows Edge Light PowerToys Ring Light

The Patch After the Patch: Microsoft Issues Emergency Fix for Remote Desktop and Shutdown Bugs

Ddos January 19, 2026

The Zena Evolution: Linux Mint 22.3 Arrives with Cinnamon 6.6 and Kernel 6.14 Linux Mint 22.3 Zena release, Cinnamon 6.6 new features

Linux Mint 22.3 Zena release, Cinnamon 6.6 new features

The Zena Evolution: Linux Mint 22.3 Arrives with Cinnamon 6.6 and Kernel 6.14

Ddos January 19, 2026

The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel

Ddos January 19, 2026

Top Security Practices for Protecting Your Website Hosting Environment Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Top Security Practices for Protecting Your Website Hosting Environment

Ddos January 19, 2026

One-Click Remove Background from Logo, Unleash Your Creativity Andariel APT

Andariel APT

One-Click Remove Background from Logo, Unleash Your Creativity

Ddos January 19, 2026

Defending the Data Moat: Google Appeals Monopoly Ruling to Block Forced Data Sharing

Defending the Data Moat: Google Appeals Monopoly Ruling to Block Forced Data Sharing

Ddos January 19, 2026

Beyond Routing: Transform the OpenWrt One into a Powerful Debian Micro-Server OpenWrt One Debian, unbrickable Linux router

OpenWrt One Debian, unbrickable Linux router

Beyond Routing: Transform the OpenWrt One into a Powerful Debian Micro-Server

Ddos January 19, 2026

Fake Malwarebytes Campaign Exploits DLL Sideloading to Drop Infostealers npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Fake Malwarebytes Campaign Exploits DLL Sideloading to Drop Infostealers

Ddos January 19, 2026

CVE-2026-0695: High-Severity XSS Flaw Patched in ConnectWise PSA 2026.1

AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2026-0695: High-Severity XSS Flaw Patched in ConnectWise PSA 2026.1

Ddos January 19, 2026

DragonForce: The Rise of a New “Ransomware Cartel” Built on LockBit and Conti DNA Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

DragonForce: The Rise of a New “Ransomware Cartel” Built on LockBit and Conti DNA

Ddos January 19, 2026

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions Malicious browser extensions

Malicious browser extensions

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions

Ddos January 19, 2026

Unpatched RCE: Livewire Filemanager Upload Flaw (CVE-2025-14894) Exposes Laravel Apps Livewire Filemanager RCE CVE-2025-14894

Livewire Filemanager RCE CVE-2025-14894

Unpatched RCE: Livewire Filemanager Upload Flaw (CVE-2025-14894) Exposes Laravel Apps

Ddos January 19, 2026

Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch Xiaomi Redmi Buds Vulnerability CVE-2025-13834

Xiaomi Redmi Buds Vulnerability CVE-2025-13834

Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch

Ddos January 19, 2026