Daily Digest

Critical 11-Year-Old Telnet Flaw Under Active Exploit; Pwn2Own Exposes Major Automotive Zero-Days

January 24, 2026

5 articles (5 new)

15 min read

Summary

This cybersecurity brief for January 24, 2026, covers several critical developments. A severe 11-year-old vulnerability in GNU's telnetd service (CVE-2026-24061) is now under active exploitation, granting attackers root access. The Pwn2Own Automotive event saw researchers earn over $1 million for 76 zero-days, including 37 against Tesla. Meanwhile, CISA added four new flaws to its KEV catalog, the DragonForce ransomware group targeted a U.S. bank, and Microsoft issued emergency patches to fix recent update issues. Phishing campaigns targeting LastPass users and leveraging LinkedIn for RAT distribution are also on the rise.

Filter by Category

New Articles (5)

Pwn2Own Automotive: Hackers Earn $1M+ Exposing 76 Zero-Days in Tesla and Other Vehicle Systems

HIGH

Researchers Demonstrate 76 Zero-Day Exploits Against Tesla and Others at Pwn2Own Automotive 2026

At the Pwn2Own Automotive 2026 event, security researchers earned over $1 million by successfully demonstrating 76 unique zero-day exploits against a range of modern vehicle systems. A major focus was Tesla, where researchers chained multiple vulnerabilities to gain root access to an infotainment system, accounting for $516,500 of the total prize money. The competition also targeted EV chargers and other in-vehicle infotainment (IVI) systems, highlighting the expanding and critical attack surface of the connected automotive industry. Vendors have been given a 90-day disclosure deadline to patch the flaws.

January 24, 2026

5 min read

Pwn2OwnAutomotive SecurityCar HackingTeslaZero-Day +3 more

Pwn2Own Automotive: Hackers Earn $1M+ Exposing 76 Zero-Days in Tesla and Other Vehicle Systems

LastPass Users Targeted in Phishing Campaign to Steal Master Passwords

HIGH

LastPass Issues Alert on Phishing Campaign Using Fake Maintenance Emails to Harvest Master Passwords

Password manager service LastPass is warning its users of an active phishing campaign aimed at stealing their master passwords. Attackers are sending fraudulent emails that impersonate official LastPass maintenance alerts, creating a false sense of urgency to trick users into 'backing up' their password vaults. The links in these emails lead to a convincing but malicious clone of the LastPass login page designed to capture user credentials. LastPass has confirmed it is working to take down the attacker infrastructure and advises users to be vigilant.

January 24, 2026

5 min read

LastPassPhishingCredential HarvestingMaster PasswordSocial Engineering +1 more

LastPass Users Targeted in Phishing Campaign to Steal Master Passwords

DragonForce Ransomware Claims Attack on U.S. Bank, Threatens Data Leak

HIGH

DragonForce Ransomware Group Targets Uinta Bank in Double Extortion Attack

The DragonForce ransomware group has claimed responsibility for a cyberattack against Uinta Bank, a community bank based in Wyoming, USA. In a post on their data leak site on January 23, 2026, the threat actors announced the breach and threatened to publish a "full dump" of the bank's data if negotiations are not initiated. This double extortion tactic, which involves both data encryption and data exfiltration, puts significant pressure on the victim organization. The incident underscores the ongoing threat ransomware poses to the financial services sector, regardless of the institution's size.

January 24, 2026

6 min read

DragonForceRansomwareData BreachDouble ExtortionUinta Bank +2 more

DragonForce Ransomware Claims Attack on U.S. Bank, Threatens Data Leak

Microsoft Issues Emergency Out-of-Band Patches for Flawed January Updates

MEDIUM

Microsoft Releases Out-of-Band Updates to Fix Remote Desktop and Cloud Storage Bugs from January Patches

Microsoft has released several emergency out-of-band (OOB) updates on January 24, 2026, to address significant bugs introduced by its January 13 Patch Tuesday release. The faulty updates caused a range of issues, including Remote Desktop connection failures, application hangs when accessing cloud storage like OneDrive, and system restart failures. The new cumulative updates, including KB5078136 and KB5078238, are available for various Windows versions and are intended to restore stability and functionality for affected users.

January 24, 2026

4 min read

MicrosoftWindows UpdatePatch TuesdayOut-of-BandKB5078136 +3 more

Microsoft Issues Emergency Out-of-Band Patches for Flawed January Updates

UK Advances New Bill to Regulate Managed Service Providers (MSPs)

INFORMATIONAL

UK's Cyber Security and Resilience Bill to Impose Security Duties on MSPs to Mitigate Supply-Chain Risk

The United Kingdom government is advancing a new Cyber Security and Resilience Bill aimed at strengthening the nation's digital supply chain. A key provision of the bill is to bring Managed Service Providers (MSPs) under direct regulatory oversight for the first time. Citing the systemic risk demonstrated by attacks like the one on Synnovis that impacted the NHS, the legislation will impose security duties on MSPs similar to those already applied to essential services. The goal is to establish a higher baseline of security across the thousands of organizations that rely on MSPs for their IT and security operations.

January 24, 2026

5 min read

UKRegulationPolicyComplianceMSP +3 more

UK Advances New Bill to Regulate Managed Service Providers (MSPs)

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.