Threats

MacSync Infostealer Targets macOS Users with Fake Terminal Commands and Trojanized Wallet Apps

A new macOS Malware-as-a-Service operation dubbed MacSync is targeting cryptocurrency users through ClickFix-style social engineering attacks that trick victims into executing a single malicious Terminal command. The campaign combines credential harvesting, multi-stage payload delivery, and trojanized hardware wallet applications to steal cryptocurrency assets and sensitive system data. Attack Chain Begins

Threats

Researchers Uncover KazakRAT Campaign Targeting Central Asian Government Entities

Security researchers at CtrlAltIntel have uncovered a persistent espionage campaign targeting government entities in Kazakhstan and Afghanistan using a previously undocumented Windows RAT they've dubbed KazakRAT. The campaign has operated since at least August 2022, with C2 infrastructure still active as of January 20, 2026. C2 Domain Takeover

Alerts

CISA Adds Critical VMware vCenter RCE Flaw to Exploited Vulnerabilities List

CISA has added CVE-2024-37079, a critical remote code execution vulnerability in VMware vCenter Server, to its Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild. The flaw affects Broadcom's VMware vCenter Server, the centralized management platform for VMware vSphere environments. Organizations relying on vCenter for virtualization

Breaches

FedEx Database Access Allegedly Sold on Cybercrime Forum via Insider

A threat actor is allegedly selling live access to FedEx's internal database through an insider, according to a post on a cybercrime forum. The seller claims the access enables searching shipments by sender, viewing recipient and shipper details, sorting deliveries by location and package attributes, and the ongoing

Threats

Multi-Stage Campaign Delivers Amnesia RAT and Ransomware Using Defendnot to Disable Microsoft Defender

A sophisticated multi-stage phishing campaign is targeting Russian users with Amnesia RAT and ransomware derived from the Hakuna Matata family, leveraging legitimate cloud infrastructure and a novel technique to disable Microsoft Defender. The campaign, documented by Fortinet FortiGuard Labs, stands out for its abuse of defendnot—a tool that tricks

Breaches

Venezuelan Nationals Convicted in ATM Jackpotting Scheme Using Ploutus Malware

Two Venezuelan nationals have been convicted for their roles in an ATM jackpotting scheme that used Ploutus malware to empty cash machines across the southeastern United States. Luz Granados, 34, and Johan Gonzalez-Jimenez, 40, pleaded guilty to conspiracy and computer crimes for targeting older ATM models in South Carolina, Georgia,

Threats

Anubis Ransomware Introduces Wiper Mode That Destroys Data Even After Payment

A ransomware-as-a-service operation called Anubis is challenging a core assumption of ransomware response: that paying the ransom guarantees data recovery. The group has introduced an optional wiper mode that permanently destroys files, making decryption impossible regardless of payment. First observed in late 2024, Anubis emerged on Russian-language cybercrime forums including

Breaches

WorldLeaks Ransomware Group Claims Attack on Nike, Threatens Saturday Data Leak

UPDATE 27/01/2026 Nike has confirmed that it is investigating a potential cybersecurity incident after claims surfaced online that its internal data may have leaked by a cybercrime group. The same group, known for extortion-driven attacks against other companies, previously claimed the Nike cyberattack on its dark web site.

Breaches

Affirm Data Breach Allegedly Exposes 26.7 Million User Records on Dark Web

A threat actor is allegedly selling a database containing 26.7 million user records from Affirm, the popular buy-now-pay-later financial services platform operating in the United States and Canada. The listing appeared on the Exploit cybercrime forum on January 23, 2026, posted by a threat actor using the handle "

Alerts

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog Including Vite and Zimbra Flaws

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild, affecting widely deployed development tools, email infrastructure, and enterprise networking products. The newly catalogued vulnerabilities impact Vite, Versa Concerto, eslint-config-prettier, and Synacor Zimbra Collaboration Suite. Under Binding Operational Directive 22-01, Federal

Threats

Vishing Toolkits Enable Real-Time MFA Bypass Through Synchronized Phone and Browser Attacks

Security researchers have uncovered sophisticated phishing toolkits purpose-built for voice-based social engineering attacks that synchronize fake login pages with live phone conversations to defeat multifactor authentication in real time. The toolkits, sold as-a-service to criminals, target major identity providers including Google, Microsoft, Okta, and various cryptocurrency platforms. Unlike traditional phishing

Threats

PDFSider Backdoor Deployed Against Fortune 100 Company Using DLL Side-Loading

A sophisticated Windows backdoor dubbed PDFSider has been identified in targeted attacks against enterprise environments, including a Fortune 100 financial services company. The malware demonstrates APT-grade tradecraft while being deployed in ransomware operations, blending advanced evasion techniques with financially motivated attacks. DLL Side-Loading via PDF24 Creator PDFSider is delivered through