Zero Day Wire - Zero Day Wire (Page 16)

Alerts

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog Including Vite and Zimbra Flaws

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild, affecting widely deployed development tools, email infrastructure, and enterprise networking products. The newly catalogued vulnerabilities impact Vite, Versa Concerto, eslint-config-prettier, and Synacor Zimbra Collaboration Suite. Under Binding Operational Directive

Threats

Vishing Toolkits Enable Real-Time MFA Bypass Through Synchronized Phone and Browser Attacks

Security researchers have uncovered sophisticated phishing toolkits purpose-built for voice-based social engineering attacks that synchronize fake login pages with live phone conversations to defeat multifactor authentication in real time. The toolkits, sold as-a-service to criminals, target major identity providers including Google, Microsoft, Okta, and various cryptocurrency

Threats

PDFSider Backdoor Deployed Against Fortune 100 Company Using DLL Side-Loading

A sophisticated Windows backdoor dubbed PDFSider has been identified in targeted attacks against enterprise environments, including a Fortune 100 financial services company. The malware demonstrates APT-grade tradecraft while being deployed in ransomware operations, blending advanced evasion techniques with financially motivated attacks. DLL Side-Loading via PDF24 Creator PDFSider is

Threats

EmEditor Supply Chain Attack: Trusted Installer Weaponized to Deploy Multi-Stage Malware

Summary Attackers compromised the official download page of EmEditor, a popular text and code editor, to distribute a trojanized installer containing multi-stage malware. The attack targeted the software's primarily Japanese developer user base during the late December 2025 holiday period when security monitoring typically weakens. The malware

Alerts

Critical WordPress LMS Plugin Flaw Under Active Exploitation Enables Full Site Takeover

A critical vulnerability in the Academy LMS plugin for WordPress is under active exploitation, allowing unauthenticated attackers to take over administrator accounts and gain full control of affected eLearning platforms. The flaw, tracked as CVE-2025-15521, carries a CVSS score of 9.8 and affects all versions of the

Breaches

Nova Ransomware Group Claims Attack on KPMG, Threatens to Leak 500GB of Data

The Nova ransomware group has claimed responsibility for an attack against KPMG, one of the Big Four professional services firms, threatening to release 500GB of stolen data if ransom demands are not met. The listing appeared on Nova's dark web leak site on January 23, 2026, with a

Threats

ClearFake Malware Abuses Trusted Windows Script to Execute Hidden PowerShell Commands

A sophisticated evolution of the ClearFake malware campaign is abusing a legitimate Windows component to execute malicious PowerShell commands while evading endpoint detection systems. The campaign, which has compromised hundreds of websites since August 2025, now leverages a command injection vulnerability in a trusted Microsoft-signed script to silently run

Threats

New Osiris Ransomware Deployed by Attackers With Ties to Inc Ransomware Group

A previously undocumented ransomware family dubbed Osiris has emerged in attacks targeting enterprise environments, with technical evidence suggesting the operators may have ties to the Inc ransomware group. Symantec's Threat Hunter Team identified the new strain during an investigation into an attack against a major food service franchisee

Alerts

Windows 11 January Security Update Triggers System Lockups and Black Screens

Microsoft's January 2026 cumulative update for Windows 11 is causing widespread system stability issues, with users reporting full lockups, black screens, and application failures that have forced many to uninstall the security patches. KB5074109, released on Patch Tuesday January 13, targets Windows 11 versions 24H2 and 25H2, delivering

Threats

KONNI Deploys AI-Generated PowerShell Backdoor in Campaign Targeting Blockchain Developers

North Korean-linked threat actor KONNI is deploying an AI-generated PowerShell backdoor in an ongoing phishing campaign targeting software developers and engineering teams with access to blockchain infrastructure. The campaign, documented by Check Point Research, marks a notable evolution in both the group's targeting and tooling. Expanding

Alerts

Automated Attacks Hijacking FortiGate Firewalls via SSO Exploitation

A wave of automated attacks is actively compromising FortiGate firewalls through malicious SSO logins, with threat actors creating persistence accounts and exfiltrating device configurations within seconds of initial access. Arctic Wolf began tracking the campaign on January 15, 2026, and warns the situation remains developing. Attack Chain The intrusions follow

Threats

North Korea's Andariel Unveils New Malware Arsenal in 2025 Cyberattacks

While much of the security industry's attention has been fixed on North Korea's sprawling IT worker infiltration schemes, Pyongyang's traditional cyber espionage units have been far from idle. New research from WithSecure reveals that Andariel—a state-sponsored group linked to the RGB'