QuantumLeap Ransomware Halts Global Logistics; Critical Zero-Days in NexusFlow and Mobile OSes Actively Exploited
Summary
A tumultuous day in cybersecurity for January 26, 2026, is marked by high-impact ransomware, critical zero-day vulnerabilities, and sophisticated nation-state espionage. The newly identified QuantumLeap ransomware has crippled logistics giant NaviGistics, demanding a $50 million ransom. Concurrently, a wormable RCE zero-day (CVE-2026-12345) in the NexusFlow API Gateway and a zero-click flaw (CVE-2026-23456) in iOS and Android are under active attack. Other major incidents include a supply chain attack on a popular NPM package, an AI-powered phishing campaign bypassing MFA, and continued espionage from threat actors like Volt Typhoon and SteelHydra targeting critical infrastructure and renewable energy sectors.
Today New Articles
New QuantumLeap Ransomware Demands $50M, Halts Global Shipments at NaviGistics
The global logistics firm NaviGistics has suffered a catastrophic cyberattack from a new ransomware strain dubbed 'QuantumLeap'. The attack, orchestrated by a group calling itself 'Entropy Collective', has encrypted critical systems and brought the company's w...
A critical pre-authentication remote code execution (RCE) zero-day vulnerability, CVE-2026-12345, is being actively exploited in the wild against the popular NexusFlow API Gateway. The flaw, which carries the maximum CVSS score of 10.0, allows unauthenticated...
Medusa Ransomware Exploits Cybersecurity Gaps, Escalating Attacks Across Africa
Ransomware attacks are a pervasive and highly damaging threat across the African continent, where a significant cybersecurity skills and resources gap creates a fertile ground for cybercriminals. Notorious ransomware groups, including Medusa, are increasingly...
The nation-state threat actor 'SteelHydra' (also tracked as APT47) is behind a sophisticated cyber-espionage campaign targeting the geothermal energy sector. According to research from Mandiant, the campaign has impacted firms in the United States, Canada, and...
Apple & Google Issue Emergency Patches for 'GhostTouch' Zero-Click RCE Flaw (CVE-2026-23456)
Apple and Google have released coordinated, emergency security updates to fix a critical zero-click remote code execution (RCE) vulnerability, dubbed 'GhostTouch' and tracked as CVE-2026-23456. The flaw exists in a core open-source graphics rendering library u...
'SilentVoice' Phishing Campaign Weaponizes AI Deepfake Audio to Bypass MFA
A sophisticated social engineering campaign named 'SilentVoice' is successfully bypassing multi-factor authentication (MFA) by using AI-generated deepfake audio of corporate executives. According to researchers at Proofpoint, attackers clone an executive's voi...
NPM Package 'js-utility-kit' Hijacked in Supply Chain Attack to Steal Crypto Keys and Credentials
A significant software supply chain attack has compromised the popular NPM package 'js-utility-kit', which is downloaded over 5 million times per week. Security firm Snyk discovered that malicious versions (2.1.8, 2.1.9, and 2.2.1) were published after the mai...
Fintech Startup VoltPay Leaks 5 Million Customer Records via Misconfigured Cloud Database
The financial technology startup VoltPay has confirmed a massive data breach affecting approximately 5 million users. The leak was caused by a misconfigured Elasticsearch database that was left publicly accessible on the internet without a password for over th...
International Operation 'Echidna' Dismantles 'Crimson Market' Dark Web Hub, 50+ Arrested
A coordinated international law enforcement action, codenamed 'Operation Echidna', has successfully dismantled 'Crimson Market', one of the largest dark web marketplaces for cybercrime tools and stolen data. The operation, involving the FBI, Europol, and the U...
Volt Typhoon Linked to Breach at U.S. Water Utility, Exfiltrating Operational Documents
The Chinese state-sponsored group Volt Typhoon has been attributed to a data breach at the Park County Water District in Colorado. According to a joint advisory from CISA, the FBI, and the NSA, the hackers exploited a known vulnerability in an internet-facing...
Researchers Detail 'ChronoStealer', a New Modular Info-Stealing Malware-as-a-Service
Security researchers at Check Point have published a deep-dive analysis of 'ChronoStealer', a new and highly modular information-stealing malware sold on a subscription basis in underground forums. This Malware-as-a-Service (MaaS) model allows low-skilled crim...