Zero Day Wire - Zero Day Wire (Page 11)

Threats

CISA, NSA Warn of Chinese BRICKSTORM Malware Targeting Government and IT Sectors

CISA, the NSA, and the Canadian Centre for Cyber Security have issued a joint malware analysis report warning that Chinese state-sponsored actors are using BRICKSTORM, a sophisticated backdoor designed for long-term persistence in VMware vSphere and Windows environments. The advisory, first published in December 2025 and updated with additional samples,

Alerts

Critical Zoom Flaw Allows Meeting Participants to Execute Code on Enterprise Servers (CVE-2026-22844)

Zoom has disclosed a critical command injection vulnerability affecting its enterprise hybrid meeting infrastructure that could allow a meeting participant to execute arbitrary code on backend servers. The vulnerability, tracked as CVE-2026-22844, carries a CVSS score of 9.9 and affects Zoom Node Multimedia Routers (MMRs)—the components responsible for

Alerts

Oracle January 2026 Critical Patch Update Fixes 336 Vulnerabilities Including CVSS 10.0 Fusion Middleware Flaw

Oracle has released its January 2026 Critical Patch Update (CPU), addressing 336 new security vulnerabilities across its enterprise software portfolio. Among the most severe is a maximum-severity flaw in Oracle Fusion Middleware that could allow attackers to seize complete control of affected servers without authentication. The Critical Flaw The vulnerability,

Threats

Microsoft Teams Gets External Domain Anomaly Detection to Combat Social Engineering Attacks

Microsoft is introducing the External Domains Anomalies Report for Teams, a security feature designed to help administrators identify suspicious external communications before they escalate into breaches. The tool, scheduled for global rollout in February 2026, addresses a critical gap as threat actors increasingly exploit Teams for social engineering campaigns. How

Threats

Iran's Cyber Forces Shift from Espionage to Infrastructure Pre-Positioning

Iranian state-sponsored hacking groups have significantly escalated their operations against U.S. and Israeli targets over the past year, shifting from opportunistic cyber espionage to sustained campaigns aimed at critical infrastructure, cloud environments, and supply chains. The shift reflects what security researchers describe as the full militarization of Iran'

Threats

North Korean Hackers Hide Multi-Stage Malware in npm Package Targeting Developers

North Korea's Lazarus Group is targeting software developers through fake job recruiters on LinkedIn, Fiverr, and UpWork, delivering a three-stage malware attack via a malicious npm package. Security researchers at OpenSourceMalware uncovered the campaign, which uses the package tailwindcss-forms-kit - disguised as a legitimate Tailwind CSS utility -

Threats

IntelBroker Unmasked: Notorious Hacker Revealed as 25-Year-Old Former UK Crime Agency Trainee

The identity behind one of the most prolific cybercriminal personas of recent years has been revealed. IntelBroker, the hacker who haunted major corporations and government agencies, is Kai Logan West - a 25-year-old British national and former National Crime Agency trainee. West was arrested in France in February 2025 and

Threats

VoidLink: First Advanced AI-Generated Malware Framework Signals New Era of Threats

Check Point Research has documented what they believe is the first truly advanced malware framework built almost entirely by artificial intelligence, developed by a single individual in under a week. The discovery of VoidLink marks a significant shift in the threat landscape, demonstrating how AI can enable lone actors to

Critical Windows Admin Center Flaw Enables Tenant-Wide Compromise via Azure SSO Bypass (CVE-2026-20965)

A high-severity vulnerability in Windows Admin Center's Azure AD Single Sign-On implementation allows attackers to escalate privileges and move laterally across an entire Azure tenant without valid credentials. Cymulate Research Labs discovered the flaw and reported it to Microsoft in August 2025. Microsoft released a patch on January

Alerts

Cloudflare WAF Zero-Day Allowed Attackers to Bypass Security Controls via ACME Challenge Path

A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers at FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origin servers even when WAF rules explicitly blocked all other traffic. How

Alerts

Critical Apache bRPC Vulnerability Allows Remote Command Injection (CVE-2025-60021)

A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online. Vulnerability Details CVE IDCVSS ScoreTypeAffected VersionsCVE-2025-600219.8 (Critical)Remote Command InjectionAll versions prior to 1.15.0 The flaw exists in the heap profiler's extra_options parameter. Attackers

Alerts

Critical Deno Vulnerabilities Enable Server Secrets Exposure and Windows Command Injection

Two significant security vulnerabilities have been discovered in Deno, the modern JavaScript and TypeScript runtime known for its "secure by default" architecture. The flaws could expose sensitive server secrets and allow command injection on Windows systems. Vulnerabilities CVE IDCVSS ScoreTypeImpactCVE-2026-228639.2 (Critical)Missing Cryptographic StepSecrets exposureCVE-2026-22864HighCommand InjectionArbitrary code