Zero Day Wire - Zero Day Wire (Page 14)

Threats

VoidLink: First Advanced AI-Generated Malware Framework Signals New Era of Threats

Check Point Research has documented what they believe is the first truly advanced malware framework built almost entirely by artificial intelligence, developed by a single individual in under a week. The discovery of VoidLink marks a significant shift in the threat landscape, demonstrating how AI can enable lone actors to

Critical Windows Admin Center Flaw Enables Tenant-Wide Compromise via Azure SSO Bypass (CVE-2026-20965)

A high-severity vulnerability in Windows Admin Center's Azure AD Single Sign-On implementation allows attackers to escalate privileges and move laterally across an entire Azure tenant without valid credentials. Cymulate Research Labs discovered the flaw and reported it to Microsoft in August 2025. Microsoft released a patch on January

Alerts

Cloudflare WAF Zero-Day Allowed Attackers to Bypass Security Controls via ACME Challenge Path

A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers at FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origin servers even when WAF rules explicitly blocked all other traffic. How

Alerts

Critical Apache bRPC Vulnerability Allows Remote Command Injection (CVE-2025-60021)

A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online. Vulnerability Details CVE IDCVSS ScoreTypeAffected VersionsCVE-2025-600219.8 (Critical)Remote Command InjectionAll versions prior to 1.15.0 The flaw exists in the heap profiler's extra_options parameter. Attackers

Alerts

Critical Deno Vulnerabilities Enable Server Secrets Exposure and Windows Command Injection

Two significant security vulnerabilities have been discovered in Deno, the modern JavaScript and TypeScript runtime known for its "secure by default" architecture. The flaws could expose sensitive server secrets and allow command injection on Windows systems. Vulnerabilities CVE IDCVSS ScoreTypeImpactCVE-2026-228639.2 (Critical)Missing Cryptographic StepSecrets exposureCVE-2026-22864HighCommand InjectionArbitrary code

Alerts

ConnectWise Patches High-Severity XSS and Session Cookie Vulnerabilities in PSA Platform

ConnectWise has released a security update for its Professional Services Automation (PSA) platform, addressing two vulnerabilities that could allow stored script execution and session cookie theft. The company recommends upgrading to version 2026.1 as soon as possible. Vulnerabilities CVE IDTypeCVSS ScoreImpactCVE-2026-0695Cross-Site Scripting (XSS)8.7 (High)Stored script executionCVE-2026-0696Sensitive

Threats

Jordanian Man Pleads Guilty to Selling Network Access to 50 Companies as Initial Access Broker

A 40-year-old Jordanian man has pleaded guilty in U.S. federal court to operating as an "access broker," selling unauthorized network access to at least 50 victim companies. Feras Khalil Ahmad Albashiti, who operated under the alias "r1z," entered his plea before U.S. District Judge

Threats

Ukraine and Germany Expose Ransomware Group Members, Russian Organizer Placed on INTERPOL Wanted List

Ukrainian and German law enforcement have identified members of a Russian-affiliated ransomware group responsible for hundreds of millions of euros in damages, with searches conducted in Ukraine and the alleged organizer placed on INTERPOL's international wanted list. The Operation Cyber police officers from Ukraine's National Police,

Breaches

Canadian Investment Regulator Confirms Data Breach Affecting 750,000 Investors

The Canadian Investment Regulatory Organization (CIRO) has confirmed that approximately 750,000 investors were impacted by a data breach following a phishing attack detected in August 2025. CIRO, which oversees all investment and mutual fund dealers in Canada alongside trading activity on the country's debt and equity markets,

Alerts

Electron Vulnerability Allows Backdooring of Signal, 1Password, Slack, and Chrome

Security researchers at Trail of Bits have discovered a critical vulnerability in Electron-based applications that allows attackers to inject persistent backdoors into Signal, 1Password, Slack, and Chrome by tampering with V8 heap snapshot files. Tracked as CVE-2025-55305, the flaw bypasses code integrity checks in nearly all applications built on the

Threats

Dutch Police Arrest Alleged AVCheck Mastermind Behind Major Counter-Antivirus Platform

Dutch authorities have arrested a 33-year-old man believed to be behind AVCheck, one of the world's largest counter-antivirus services used by cybercriminals to test malware against security products. The suspect was detained at Amsterdam's Schiphol Airport on Sunday evening after being under international surveillance. Data storage

Breaches

Keylogger Discovered on Major US Bank's Employee Store Affecting 200,000+ Staff

Security researchers at Sansec have discovered an active keylogger on the employee store of one of America's largest banks, potentially exposing credentials and payment data for over 200,000 staff members. The attack was detected on January 14, 2026, and remained active until January 15 when the malware