Daily Digest

Critical 11-Year-Old Telnet Flaw Under Active Exploit; Pwn2Own Exposes Major Automotive Zero-Days

Critical 11-Year-Old Telnet Flaw Under Active Exploit; Pwn2Own Exposes Major Automotive Zero-Days

January 24, 2026
5 articles (5 new)
15 min read

Summary

This cybersecurity brief for January 24, 2026, covers several critical developments. A severe 11-year-old vulnerability in GNU's telnetd service (CVE-2026-24061) is now under active exploitation, granting attackers root access. The Pwn2Own Automotive event saw researchers earn over $1 million for 76 zero-days, including 37 against Tesla. Meanwhile, CISA added four new flaws to its KEV catalog, the DragonForce ransomware group targeted a U.S. bank, and Microsoft issued emergency patches to fix recent update issues. Phishing campaigns targeting LastPass users and leveraging LinkedIn for RAT distribution are also on the rise.

Filter by Category

New Articles (5)

Pwn2Own Automotive: Hackers Earn $1M+ Exposing 76 Zero-Days in Tesla and Other Vehicle Systems

HIGH

Researchers Demonstrate 76 Zero-Day Exploits Against Tesla and Others at Pwn2Own Automotive 2026

At the Pwn2Own Automotive 2026 event, security researchers earned over $1 million by successfully demonstrating 76 unique zero-day exploits against a range of modern vehicle systems. A major focus was Tesla, where researchers chained multiple vulnerabilities to gain root access to an infotainment system, accounting for $516,500 of the total prize money. The competition also targeted EV chargers and other in-vehicle infotainment (IVI) systems, highlighting the expanding and critical attack surface of the connected automotive industry. Vendors have been given a 90-day disclosure deadline to patch the flaws.

January 24, 2026
5 min read
Pwn2OwnAutomotive SecurityCar HackingTeslaZero-Day +3 more
Pwn2Own Automotive: Hackers Earn $1M+ Exposing 76 Zero-Days in Tesla and Other Vehicle Systems
Vulnerability
Cyberattack
Threat Intelligence

LastPass Users Targeted in Phishing Campaign to Steal Master Passwords

HIGH

LastPass Issues Alert on Phishing Campaign Using Fake Maintenance Emails to Harvest Master Passwords

Password manager service LastPass is warning its users of an active phishing campaign aimed at stealing their master passwords. Attackers are sending fraudulent emails that impersonate official LastPass maintenance alerts, creating a false sense of urgency to trick users into 'backing up' their password vaults. The links in these emails lead to a convincing but malicious clone of the LastPass login page designed to capture user credentials. LastPass has confirmed it is working to take down the attacker infrastructure and advises users to be vigilant.

January 24, 2026
5 min read
LastPassPhishingCredential HarvestingMaster PasswordSocial Engineering +1 more
LastPass Users Targeted in Phishing Campaign to Steal Master Passwords
Phishing
Cyberattack

DragonForce Ransomware Claims Attack on U.S. Bank, Threatens Data Leak

HIGH

DragonForce Ransomware Group Targets Uinta Bank in Double Extortion Attack

The DragonForce ransomware group has claimed responsibility for a cyberattack against Uinta Bank, a community bank based in Wyoming, USA. In a post on their data leak site on January 23, 2026, the threat actors announced the breach and threatened to publish a "full dump" of the bank's data if negotiations are not initiated. This double extortion tactic, which involves both data encryption and data exfiltration, puts significant pressure on the victim organization. The incident underscores the ongoing threat ransomware poses to the financial services sector, regardless of the institution's size.

January 24, 2026
6 min read
DragonForceRansomwareData BreachDouble ExtortionUinta Bank +2 more
DragonForce Ransomware Claims Attack on U.S. Bank, Threatens Data Leak
Ransomware
Data Breach
Cyberattack

Microsoft Issues Emergency Out-of-Band Patches for Flawed January Updates

MEDIUM

Microsoft Releases Out-of-Band Updates to Fix Remote Desktop and Cloud Storage Bugs from January Patches

Microsoft has released several emergency out-of-band (OOB) updates on January 24, 2026, to address significant bugs introduced by its January 13 Patch Tuesday release. The faulty updates caused a range of issues, including Remote Desktop connection failures, application hangs when accessing cloud storage like OneDrive, and system restart failures. The new cumulative updates, including KB5078136 and KB5078238, are available for various Windows versions and are intended to restore stability and functionality for affected users.

January 24, 2026
4 min read
MicrosoftWindows UpdatePatch TuesdayOut-of-BandKB5078136 +3 more
Microsoft Issues Emergency Out-of-Band Patches for Flawed January Updates
Patch Management
Security Operations

UK Advances New Bill to Regulate Managed Service Providers (MSPs)

INFORMATIONAL

UK's Cyber Security and Resilience Bill to Impose Security Duties on MSPs to Mitigate Supply-Chain Risk

The United Kingdom government is advancing a new Cyber Security and Resilience Bill aimed at strengthening the nation's digital supply chain. A key provision of the bill is to bring Managed Service Providers (MSPs) under direct regulatory oversight for the first time. Citing the systemic risk demonstrated by attacks like the one on Synnovis that impacted the NHS, the legislation will impose security duties on MSPs similar to those already applied to essential services. The goal is to establish a higher baseline of security across the thousands of organizations that rely on MSPs for their IT and security operations.

January 24, 2026
5 min read
UKRegulationPolicyComplianceMSP +3 more
UK Advances New Bill to Regulate Managed Service Providers (MSPs)
Policy and Compliance
Regulatory
Supply Chain Attack

📢 Share This Publication

Help others stay informed about cybersecurity threats