WEEKLY TOP TEN: January 26, 2025, 16:00 GMT
- APAC Energy Firm Hit by Dire Wolf Ransomware
Dire Wolf ransomware published approximately 150 GB of stolen financial and supplier data from Malaysia’s Perdana Petroleum Berhad, marking a severe intrusion into the energy supply chain. The incident exposed internal legal, financial, and customer information, with significant operational and reputational implications for the oil & gas sector. - Cisco Unified Communications Zero-Day Under Active Exploit
Cisco confirmed a critical remote-code-execution flaw (CVE-2026-20045) in its Unified Communications suite — including Unified Communications Manager, Unity Connection, and Webex Calling — is being actively attacked in the wild. This vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems, threatening enterprise voice and collaboration infrastructure worldwide. Patching is urgent as there are no effective workarounds, and evidence indicates exploitation is ongoing, prompting heightened advisory status. - SmarterMail Authentication Bypass Now Exploited in the Wild
SmarterTools’ SmarterMail email server is under active exploit due to an authentication bypass bug in the force-reset-password API. Attackers have been observed resetting administrator credentials and gaining full control over affected email servers shortly after SmarterTools released a patch. Organizations and MSPs that host SmarterMail should verify that the latest fixed build (9511) is deployed and monitor for unusual admin resets. - CIRO Confirms Breach Impacting 750,000 Canadian Investors
The Canadian Investment Regulatory Organization (CIRO) verified a breach that exposed sensitive personal and financial records belonging to roughly 750,000 investors. The forensic investigation revealed that names, birth dates, phone numbers, SINs, government IDs, and account statements were accessed. This affects financial institutions that rely on CIRO for compliance and risk profiling, spurring regulatory notifications and identity monitoring. - Google Gemini Prompt Injection Can Leak Calendar Data
Microsoft released its first Patch Tuesday of 2026, addressing 114 vulnerabilities across Windows, Office, Azure, and Edge. Three zero-days were included, one of which was already exploited in the wild. The flaws ranged from privilege escalation to remote code execution, underscoring the urgency for enterprises to patch immediately. - Malicious Browser Extensions Campaign Hits ~840,000 Installs
A large malicious extension operation dubbed “GhostPoster” embedded backdoor code into benign images to evade detection across ~840,000 Chrome extension installs. Because browser extensions often have access to credentials and internal web apps, this broad campaign poses enterprise-wide risk, especially where extension governance is lax. - Okta SSO Credentials Stolen via Vishing Attacks
Threat actors are actively using voice phishing (vishing) to steal Okta SSO credentials. Customized phishing kits use real-time manipulation to target specific users and capture MFA codes and SSO credentials, jeopardizing access to Salesforce, Microsoft 365, Google Workspace, and other SSO-protected services. This blurs the line between social engineering and traditional credential theft. - AI-Led Espionage Campaign Uses Autonomous Agents
Anthropic reported an espionage campaign in which a state-linked APT used autonomous AI agents to handle 80–90% of the intrusion lifecycle — from reconnaissance to exploit development. Targets spanned roughly 30 global organizations simultaneously, accelerating attack tempo and evading traditional human-centric detection pipelines. - North Korean Actors Target macOS Devs via VS Code Packages
SecurityWeek reported that North Korean–linked threat actors used malicious Visual Studio Code projects on GitHub and GitLab to spread malware targeting macOS developers. This supply-chain-lean technique underscores how trusted developer ecosystems can be abused to seed malware. - Pwn2Own Automotive 2026 Uncovers 76 Zero-Day Flaws
At the Pwn2Own Automotive event in Tokyo, security researchers collectively earned over $1 million by exploiting 76 zero-day vulnerabilities across vehicle infotainment systems and EV chargers. Although this is a contest, it reveals real risks in automotive supply chains and smart vehicle tech that could be weaponized if disclosed to malicious actors before patches are deployed.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The previous 10 stories were determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available.