Critical WinRAR Flaw Actively Exploited by State-Backed and Criminal Hackers Worldwide CyberSecurity News CyberDefenderJanuary 28, 2026January 28, 20267 mins0 A widely used Windows archiving tool, WinRAR, has become the focal point of active exploitation by a…continue reading..
Mustang Panda APT Uses CoolClient Backdoor to Deliver Credential-Stealing Malware Credential Access CyberDefenderJanuary 28, 2026January 28, 20264 mins0 Mustang Panda — also tracked by some researchers as HoneyMyte (and sometimes linked to China-associated espionage activity)…continue reading..
Fortinet Confirms Active Exploitation of FortiCloud SSO Zero-Day, Releases Mitigations as Patch Is Prepared CyberSecurity News CyberDefenderJanuary 28, 2026January 28, 202610 mins0 Fortinet has confirmed that a critical FortiCloud Single Sign-On (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, is…continue reading..
Silent Breach Exposed: EarlyBird Malware Steals Defense Weapon Designs in Covert Espionage Campaign Cyber Threat Intelligence AegironJanuary 27, 2026January 27, 202611 mins0 Executive Summary In late January, a targeted cyber intrusion was identified impacting South Korean defense subcontractors. The…continue reading..
Fake VS Code Extension ‘ClawdBot Agent’ Found Installing Remote Access Trojan on Developer Machines Cyber Threat Intelligence AegironJanuary 27, 2026January 27, 202612 mins0 Executive Summary In late January, a malicious Visual Studio Code extension named ClawdBot Agent was identified actively…continue reading..
Silent Intrusion: ShadowPad Malware Found Embedded in Trusted Security Software Across Southeast Asian Telecoms Cyber Threat Intelligence AegironJanuary 27, 2026January 27, 202610 mins0 ShadowPad Malware Activity Targeting Telecommunications Providers Incident Overview – January 27 In late January, a targeted intrusion…continue reading..
CVE-2026-22696: Critical dcap-qvl Flaw Lets Attackers Forge SGX/TDX Attestations and Bypass Trust Vulnerabilities AegironJanuary 27, 2026January 27, 202610 mins0 CVE-2026-22696 – dcap-qvl Missing Cryptographic Enforcement CVE: CVE-2026-22696Name: dcap-qvl missing verification for QE IdentityCVSS Score: 9.3 (Critical)Severity:…continue reading..
CVE-2026-22709: Critical vm2 Sandbox Flaw Lets Untrusted JavaScript Break Free and Execute Code on Host Systems Vulnerabilities AegironJanuary 27, 2026January 27, 202610 mins0 CVE-2026-22709 – vm2 Node.js Sandbox Escape Vulnerability Overview CVE ID: CVE-2026-22709Affected Component: vm2 (Node.js JavaScript sandbox)Vulnerability Type:…continue reading..
CVE-2025-66719: Critical free5GC NRF Flaw Enables Unauthorized 5G Core Access Vulnerabilities AegironJanuary 27, 2026January 27, 202611 mins0 Improper OAuth2 scope validation allows attackers to obtain high-privilege access tokens without authorization Vulnerability Overview CVE ID:…continue reading..
CVE-2026-24540: WordPress Google Drive Plugin Flaw Exposes Sites to Full Admin Takeover Vulnerabilities AegironJanuary 27, 2026January 27, 20268 mins0 Vulnerability Overview (At a Glance) Official Patch / Upgrade Link Detailed Vulnerability Description A missing authorization flaw…continue reading..
