Cisco Zero-Day Under Active Attack as Oracle Drops Massive 337-Flaw Patch Update and Everest Ransomware Hits Major Brands
Summary
The cybersecurity landscape for January 22, 2026, is dominated by critical vulnerabilities and high-profile cyberattacks. Cisco is racing to patch an actively exploited zero-day RCE flaw (CVE-2026-20045) in its communications products, which CISA has added to its KEV catalog. Oracle released a massive January Critical Patch Update addressing 337 flaws, over 235 of which are remotely exploitable. Meanwhile, the Everest ransomware group has been highly active, claiming major data breaches at Under Armour and McDonald's India, threatening to leak data for millions of customers. Other significant events include critical patches from Zoom and GitLab, and reports highlighting the growing risks of supply chain attacks through both SaaS platforms and misconfigured security training applications.
Today New Articles
Cisco Scrambles to Patch Actively Exploited RCE Zero-Day in Comms Products
Cisco has issued an urgent warning and emergency patches for a critical remote code execution (RCE) vulnerability, CVE-2026-20045, affecting a wide range of its Unified Communications and Webex Calling products. This zero-day flaw is being actively exploited i...
Everest Ransomware Leaks Data of 72 Million Under Armour Customers After Failed Talks
The Everest ransomware group has claimed a massive data breach against athletic apparel giant Under Armour. After negotiations allegedly failed, the group announced on its dark web leak site that it has published the full dataset, which it claims contains 191...
Exposed Security Training Apps Like OWASP Juice Shop Create Backdoors into Corporate Clouds
A new report reveals a dangerous trend where intentionally vulnerable security training applications, such as OWASP Juice Shop and DVWA, are being deployed on live, production cloud infrastructure and left exposed to the internet. Threat actors are actively sc...
'Skeleton Key' Attacks Bypass Defenses by Weaponizing Legitimate RMM Tools
A sophisticated attack campaign dubbed "Skeleton Key" is bypassing traditional, malware-focused security defenses by weaponizing legitimate remote monitoring and management (RMM) software. A report from KnowBe4 Threat Labs details how attackers first compromis...
Zoom & GitLab Race to Patch Critical Flaws, Including a 9.9 CVSS RCE Bug
Both Zoom and GitLab have released critical security updates to address several high-severity vulnerabilities. The most severe flaw, CVE-2026-22844, is a remote code execution vulnerability in Zoom Node Multimedia Routers (MMRs) with a near-perfect CVSS score...
Spotlight on Supply Chain Risk: Reports Warn of Escalating SaaS-to-SaaS Attacks
The digital supply chain has become a primary focus of cyber risk, as highlighted by multiple events on January 22, 2026. A new report from security firm Black Kite warns that the retail and wholesale sectors are highly exposed to attacks that exploit intercon...
osTicket Flaw Lets Attackers Read Server Files via Malicious PDF Export
A high-severity vulnerability, CVE-2026-22200, has been disclosed in osTicket, a popular open-source helpdesk system. The flaw allows an unauthenticated, anonymous attacker to read arbitrary files from the server by injecting a malicious PHP filter chain into...
Critical Flaw in Popular Node.js Library 'binary-parser' Allows Code Execution
The CERT Coordination Center (CERT/CC) has issued a warning about a critical vulnerability, CVE-2026-1245, in the popular 'binary-parser' npm library for Node.js. The flaw, which has a CVSS score of 6.5, allows for arbitrary JavaScript execution. The vulnerabi...
New Android Malware Uses AI to Mimic Human Behavior and Evade Detection
A new and sophisticated family of Android malware is leveraging artificial intelligence to commit ad fraud while evading detection. The malware uses TensorFlow, Google's open-source machine learning framework, to mimic human-like behavior, such as realistic cl...
Critical GNU Inetutils Flaw Allows Root Access via Telnet Authentication Bypass
A critical authentication bypass vulnerability, CVE-2026-24061, has been disclosed in the telnet daemon (telnetd) of GNU Inetutils, a common package of networking utilities for many Unix-like operating systems. The flaw allows a remote attacker to bypass authe...
Article Updates
Oracle Issues Critical Patch for CVSS 10.0 Auth Bypass in WebLogic Server
Update:The January 2026 Critical Patch Update from Oracle is more extensive than initially detailed, addressing approximately 230 unique CVEs, with over 235 vulnerabilities remotely exploitable without authentication. Beyond the critical WebLogic flaw (CVE-2026-21962...
Everest Ransomware Claims 861GB Data Breach at McDonald's India
Update:The Everest ransomware group has released screenshots as proof of their alleged data breach at McDonald's India. These images purportedly display internal financial reports, audit trails, and a 'Contact Database' containing investor and partner information fro...