Zero Day Wire - Zero Day Wire (Page 11)

Threats

WinRAR Vulnerability Exploited to Deploy Fileless Quasar RAT Without User Consent

A malware campaign is actively exploiting a WinRAR path validation vulnerability to deliver a fileless remote access trojan without requiring macros, exploit kits, or elevated privileges, according to research published by CYFIRMA. The attack chain abuses archive extraction behavior to silently establish persistence before any visible malware execution occurs. The

Threats

Bank of England Finds Financial Firms Failing Basic Cybersecurity Controls

The Bank of England's CBEST cybersecurity assessment program has found widespread failures in basic cybersecurity practices across UK financial institutions, according to a thematic report published jointly by the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority. The findings, derived from 13 threat-led penetration tests of

Breaches

Clop Ransomware Group Claims 43 Victims in Massive 24-Hour Breach Wave

The Clop ransomware group has posted 43 new victims to its dark web leak site within a 24-hour period, targeting organizations across the United States, Canada, United Kingdom, Europe, and New Zealand. The wave of listings includes major brands such as Hilton Hotels and The Weather Company, parent of Weather.

Threats

Sandworm Deployed New DynoWiper Malware Against Poland Energy Grid in Failed Attack

Russian state-linked threat group Sandworm targeted Poland's energy infrastructure in late 2025 with a previously undocumented data-wiping malware called DynoWiper, according to new research from ESET. Security experts have described the intrusion as one of the largest cyberattacks the country has faced in years. The attack failed to

Breaches

Instagram Vulnerability Exposed Private Photos Without Authentication, Meta Silently Patched and Denied Report

A server-side vulnerability in Instagram allowed unauthenticated attackers to access private photos and captions without logging in or having a follower relationship, according to security researcher Jatin Banga who published a full disclosure this week after a 102-day interaction with Meta's bug bounty program. Meta silently patched the

Threats

MacSync Infostealer Targets macOS Users with Fake Terminal Commands and Trojanized Wallet Apps

A new macOS Malware-as-a-Service operation dubbed MacSync is targeting cryptocurrency users through ClickFix-style social engineering attacks that trick victims into executing a single malicious Terminal command. The campaign combines credential harvesting, multi-stage payload delivery, and trojanized hardware wallet applications to steal cryptocurrency assets and sensitive system data. Attack Chain Begins

Threats

Researchers Uncover KazakRAT Campaign Targeting Central Asian Government Entities

Security researchers at CtrlAltIntel have uncovered a persistent espionage campaign targeting government entities in Kazakhstan and Afghanistan using a previously undocumented Windows RAT they've dubbed KazakRAT. The campaign has operated since at least August 2022, with C2 infrastructure still active as of January 20, 2026. C2 Domain Takeover

Alerts

CISA Adds Critical VMware vCenter RCE Flaw to Exploited Vulnerabilities List

CISA has added CVE-2024-37079, a critical remote code execution vulnerability in VMware vCenter Server, to its Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild. The flaw affects Broadcom's VMware vCenter Server, the centralized management platform for VMware vSphere environments. Organizations relying on vCenter for virtualization

Breaches

FedEx Database Access Allegedly Sold on Cybercrime Forum via Insider

A threat actor is allegedly selling live access to FedEx's internal database through an insider, according to a post on a cybercrime forum. The seller claims the access enables searching shipments by sender, viewing recipient and shipper details, sorting deliveries by location and package attributes, and the ongoing

Threats

Multi-Stage Campaign Delivers Amnesia RAT and Ransomware Using Defendnot to Disable Microsoft Defender

A sophisticated multi-stage phishing campaign is targeting Russian users with Amnesia RAT and ransomware derived from the Hakuna Matata family, leveraging legitimate cloud infrastructure and a novel technique to disable Microsoft Defender. The campaign, documented by Fortinet FortiGuard Labs, stands out for its abuse of defendnot—a tool that tricks

Breaches

Venezuelan Nationals Convicted in ATM Jackpotting Scheme Using Ploutus Malware

Two Venezuelan nationals have been convicted for their roles in an ATM jackpotting scheme that used Ploutus malware to empty cash machines across the southeastern United States. Luz Granados, 34, and Johan Gonzalez-Jimenez, 40, pleaded guilty to conspiracy and computer crimes for targeting older ATM models in South Carolina, Georgia,

Threats

Anubis Ransomware Introduces Wiper Mode That Destroys Data Even After Payment

A ransomware-as-a-service operation called Anubis is challenging a core assumption of ransomware response: that paying the ransom guarantees data recovery. The group has introduced an optional wiper mode that permanently destroys files, making decryption impossible regardless of payment. First observed in late 2024, Anubis emerged on Russian-language cybercrime forums including