Techworks Threat Brief - January 30, 2026

This week's security landscape was dominated by critical vulnerabilities requiring immediate attention and significant breach disclosures. High-severity CVEs across major software platforms prompted urgent patching cycles for organizations globally.

Top Security Stories

Ivanti Patches Exploited EPMM Zero-Days

The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.

Source: securityweek.com

Microsoft releases update to address zero-day vulnerability in Microsoft Office

Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been r...

Source: blog.talosintelligence.com

Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

The vulnerability is tracked as CVE-2026-21509 and it can be exploited to bypass security features.  The post Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks appeared first on S...

Source: securityweek.com

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS s...

Source: thehackernews.com

Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers

Attackers have exploited the critical defect to reconfigure firewall settings and create unauthorized accounts with privileged access to multiple versions of the vendor’s security products. The post F...

Source: cyberscoop.com

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)

Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild...

Source: helpnetsecurity.com

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.

Source: darkreading.com

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. [...]

Source: bleepingcomputer.com

World Leaks Ransomware Group Claims 1.4TB Nike Data Breach

Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump

Source: infosecurity-magazine.com

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices.

Source: darkreading.com

Chinese APTs Hacking Asian Orgs With High-End Malware

Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.

Source: darkreading.com

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-...

Source: thehackernews.com

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks...

Source: bleepingcomputer.com

eScan Antivirus Supply Chain Breach Delivers Signed Malware

Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates

Source: infosecurity-magazine.com

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication. The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared firs...

Source: securityweek.com

Critical Vulnerabilities (CVEs)