Zero Day Wire

Alerts

OpenSSL Patches High-Severity Stack Buffer Overflow and Eleven Additional Vulnerabilities

The OpenSSL project has released a sweeping security update addressing twelve vulnerabilities across the widely-used cryptographic library, including a high-severity stack buffer overflow that could potentially enable remote code execution on vulnerable systems. The headline flaw, tracked as CVE-2025-15467, affects CMS AuthEnvelopedData parsing and carries high severity. Organizations running OpenSSL

Threats

Sicarii Ransomware Contains Fatal Coding Flaw That Makes Decryption Impossible Even After Payment

A critical coding error in the Sicarii ransomware, possibly introduced through over-reliance on AI-assisted development tools, renders decryption impossible for both victims and the ransomware operators themselves, according to researchers at Halcyon's Ransomware Research Center. The flaw means that paying the ransom will not result in data recovery.

Alerts

Critical n8n Workflow Automation Vulnerability Allows Remote Code Execution (CVE-2026-1470)

A critical remote code execution vulnerability in n8n, the popular open-source workflow automation platform, allows authenticated users to bypass sandbox protections and execute arbitrary code on the main node with a CVSS severity score of 9.9, according to research published by JFrog Security. The vulnerability, tracked as CVE-2026-1470, was

Breaches

CISA Acting Director Uploaded Sensitive Government Documents to Public ChatGPT, Triggering Security Warnings

The acting director of the Cybersecurity and Infrastructure Security Agency uploaded sensitive government contracting documents into a public version of ChatGPT last summer, triggering multiple automated security warnings designed to prevent theft or unintentional disclosure of government material, according to a report by Politico citing four Department of Homeland Security

Threats

Vietnamese Threat Actor Uses AI to Develop PureRAT Malware in Job-Themed Phishing Campaign

A Vietnamese cybercrime actor is using artificial intelligence to develop malware tools powering an ongoing phishing campaign that delivers PureRAT and other payloads through fake job opportunity lures, according to research published by Symantec. Multiple tools used by the attacker bear hallmarks of AI-assisted development, including detailed comments with numbered

Threats

Outlook Add-in Attack Enables Silent Email Exfiltration with Zero Forensic Traces

A newly disclosed attack technique allows threat actors to abuse Microsoft Outlook add-ins to silently exfiltrate sensitive email data from organizations without generating any audit logs or forensic traces, according to research published by Varonis Threat Labs. The attack method, dubbed Exfil Out&Look, exploits a visibility gap in

Alerts

Critical Fortinet Authentication Bypass Allows Access to Other Customers' Devices (CVE-2026-24858)

Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS, FortiManager, and FortiAnalyzer that allows attackers with a FortiCloud account to access devices registered to other customers' accounts. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild. The flaw,

Breaches

Threat Actor Claims Massive Leak of 36 Million Venezuelan Citizen Records Including National Identity Data

A threat actor is claiming to have leaked personal data belonging to 36 million Venezuelan citizens, potentially encompassing the entire population of the country, according to a posting on a dark web forum observed by Zero Day Wire. The forum post, published on January 27, 2026, advertises a database containing

Alerts

Critical Appsmith Vulnerability Enables Account Takeover Through Origin Header Manipulation (CVE-2026-22794)

A critical authentication vulnerability in Appsmith allows attackers to take over user accounts by manipulating the HTTP Origin header during the password reset process, with over 1,600 vulnerable instances currently exposed on the internet, according to research published by Resecurity. The vulnerability, tracked as CVE-2026-22794, carries a CVSS score

Threats

China-Aligned APT Groups Deploy PeckBirdy JScript Framework for Fileless Attacks on Government Targets

China-aligned advanced persistent threat groups have been using a previously undocumented JScript-based command-and-control framework called PeckBirdy to conduct fileless attacks against Asian government entities, educational institutions, and Chinese gambling operations since 2023, according to research published by Trend Micro. PeckBirdy is built entirely in JScript and leverages the Windows Script

Threats

Malicious npm Package "G_Wagon" Steals Browser Credentials and 100+ Cryptocurrency Wallets

A sophisticated malicious npm package disguised as a UI component library has been discovered deploying a multi-stage infostealer that targets browser credentials, over 100 cryptocurrency wallet extensions, cloud credentials, and messaging tokens, according to research published by Aikido Security. The package, named ansi-universal-ui, describes itself as "a lightweight, modular

Threats

Mustang Panda Upgrades CoolClient Backdoor with Clipboard Monitoring and Credential Theft Capabilities

The China-linked advanced persistent threat group HoneyMyte, also known as Mustang Panda or Bronze President, has significantly upgraded its CoolClient backdoor with new surveillance capabilities including clipboard monitoring, HTTP proxy credential sniffing, and browser credential theft, according to research published by Kaspersky. The group continues to actively target government entities