CISA Warns of Actively Exploited Flaws; North Korean Hackers Target Developers; Ransomware Hits Apple Supplier

Publication Date: January 23, 2026

Summary

This week in cybersecurity, CISA added four actively exploited vulnerabilities to its KEV catalog, demanding urgent patching from federal agencies. North Korean threat actors launched the 'Contagious Interview' campaign, using malicious VS Code projects to backdoor developers' systems. In the supply chain, a major Apple partner, Luxshare, was breached by the RansomHub group, leaking sensitive product designs. Meanwhile, new ransomware strains like Osiris and Anubis emerged with advanced TTPs, including data-wiping capabilities, and Oracle released a massive patch update fixing 337 vulnerabilities, one with a perfect 10.0 CVSS score.

Today New Articles

CISA Mandates Patching for Four Actively Exploited Flaws in Zimbra, Vite, and More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming they are under active attack. The flaws affect a diverse range of products, including Synacor Zimbr...

North Korean Hackers Lure Developers with Fake Job Interviews, Backdoor macOS via VS Code

State-sponsored threat actors from North Korea, including the Lazarus Group, are targeting software developers in a sophisticated campaign dubbed 'Contagious Interview.' According to Jamf Threat Labs, the attackers use fake job offers to entice developers, par...

PcComponentes Denies Data Breach, Blames Credential Stuffing for Account Takeovers

Spanish electronics retailer PcComponentes has denied claims of a massive data breach affecting 16 million customers, stating its internal systems were not compromised. The announcement came after a threat actor, 'daghetiaw,' attempted to sell a large customer...

New 'Osiris' Ransomware Borrows TTPs from Medusa and Inc Gangs, Uses Signed Driver to Kill AV

A new ransomware strain named Osiris is demonstrating a high level of sophistication by combining tactics from established ransomware groups like Medusa and Inc. The attackers use Rclone for data exfiltration to Wasabi cloud storage and deploy a version of Mim...

INC Ransomware OPSEC Fail: Reused Infrastructure Leads to Data Recovery for 12 U.S. Victims

A significant operational security (OPSEC) failure by the INC ransomware group has allowed cybersecurity firm Cyber Centaurs to recover stolen data for twelve U.S. organizations. The discovery was made after analyzing an attack involving the RainINC ransomware...

Anubis RaaS Ups the Ante with Destructive 'Wipe Mode' to Maximize Extortion

A new Ransomware-as-a-Service (RaaS) operation named Anubis is gaining attention for its destructive capabilities. Evolving from a prototype called 'Sphinx,' Anubis offers its affiliates a dual-execution model. In addition to standard encryption, the malware c...

Article Updates

New Zealand's 'Manage My Health' Portal Breached; Data of 120,000 Patients Held for Ransom

Update:Following the late 2025 data breach, Manage My Health is now alerting over 120,000 affected patients to active secondary attacks. Malicious actors are launching sophisticated phishing and spam campaigns, impersonating Manage My Health to exploit the previously...

China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

Update:New analysis reveals CVE-2025-53690 is a critical ViewState deserialization vulnerability with a CVSS score of 9.0, allowing remote code execution, and has been added to CISA's KEV catalog. Beyond Earthworm, UAT-8837 now uses Sharphound for Active Directory re...

Oracle's January 2026 Patch Update Fixes 337 Flaws, Including Critical Remote Exploits

Update:Further analysis of Oracle's January 2026 CPU highlights CVE-2026-21962 as a critical 10.0 CVSS vulnerability. This flaw impacts Oracle HTTP Server and WebLogic Server Proxy Plug-in, allowing unauthenticated remote attackers to achieve complete system takeover...