Security News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. "An improper neutralization of special elements used in an OS command ('OS command

ISC Stormcast For Wednesday, January 14th, 2026 https://isc.sans.edu/podcastdetail/9766, (Wed, Jan 14th)

Taiwan Endures Greater Cyber Pressure From China

Chinese cyberattacks on Taiwan's critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million attacks a day.

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

CrowdStrike to Buy Seraphic Security in Bid to Boost Browser Security

The browser protection and detection technology will be integrated into CrowdStrike's Falcon platform to protect endpoints, browser sessions, and cloud applications.

CISO Succession Crisis Highlights How Turnover Amplifies Security Risks

When cybersecurity leadership turns over too fast, risk does not reset. It compounds.

'Most Severe AI Vulnerability to Date' Hits ServiceNow

The ITSM giant tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

January 2026 Microsoft Patch Tuesday Summary, (Tue, Jan 13th)

Today, Microsoft released patches for 113 vulnerabilities. One of these vulnerabilities affected the Edge browser and was patched upstream by Chromium.

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target's own utilities.

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.

ISC Stormcast For Tuesday, January 13th, 2026 https://isc.sans.edu/podcastdetail/9764, (Tue, Jan 13th)

BreachForums Breached, Exposing 324K Cybercriminals

A massive data dump reveals real identities and details of administrators and members of the notorious hacker forum.

Multipurpose GoBruteforcer Botnet Targets 50K+ Linux Servers

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

ISC Stormcast For Monday, January 12th, 2026 https://isc.sans.edu/podcastdetail/9762, (Mon, Jan 12th)

YARA-X 1.11.0 Release: Hash Function Warnings, (Sun, Jan 11th)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.11.0 release brings a new feature: hash function warnings.

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. "The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with three others in Madrid, two in Málaga, and one in Barcelona

Deepfake Fraud Tools Are Lagging Behind Expectations

Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race.

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware