Actively Exploited Zero-Days in Microsoft Office & Fortinet; Major Brands Hit by Cyberattacks

Publication Date: January 29, 2026

Summary

This 24-hour period saw critical cybersecurity developments, including the active exploitation of zero-day vulnerabilities in Microsoft Office (CVE-2026-21509) and Fortinet's FortiCloud SSO (CVE-2026-24858), both added to CISA's KEV list. A wave of social engineering attacks impacted major brands like Bumble, Match, Panera, and Crunchbase, attributed to the 'ShinyHunters' group. Additionally, significant data breaches were reported at SoundCloud, affecting 29.8 million users, and the Illinois Department of Human Services, exposing data of 700,000 individuals. Research reports from Check Point and Sonatype highlight the increasing use of AI by attackers and a 75% surge in open-source malware, underscoring the escalating complexity of the threat landscape.

Today New Articles

Critical 1-Click RCE Flaw in IDIS Cloud Manager Puts Users at Risk

A critical remote code execution (RCE) vulnerability, CVE-2025-12556, has been discovered in the IDIS Cloud Manager (ICM) viewer by researchers at Claroty's Team82. The flaw, which has a CVSS v4 score of 8.7, allows an attacker to execute arbitrary code on a u...

AI-Fueled Cyberattacks Surge by 70%, Check Point's 2026 Report Reveals

Check Point's 14th annual Cyber Security Report highlights a dramatic escalation in the global threat landscape, revealing a 70% increase in cyberattacks since 2023. The 2026 report, analyzing trends from 2025, found that organizations faced an average of 1,96...

Canada's Cyber Security Centre Warns of AI-Fueled Ransomware Evolution

The Canadian Centre for Cyber Security has issued a new 'Ransomware Threat Outlook,' warning that the ransomware threat to Canadian organizations is growing and evolving rapidly. The report highlights that criminals are increasingly leveraging artificial intel...

Clop Ransomware Group Claims Attack on Canadian Helicopter Company

The notorious Clop ransomware group has claimed responsibility for a cyberattack against CMHHELI.COM, a Canadian company. On January 29, 2026, the group added the company to its dark web leak site, threatening to publish stolen data if a ransom is not paid. Th...

Open-Source Malware Skyrockets by 75%, Sonatype's 2026 Report Warns

Sonatype's 2026 'State of the Software Supply Chain' report reveals an alarming 75% increase in malicious open-source packages, with over 1.233 million identified. The report connects this surge to the rapid adoption of AI and automation in software developmen...

Convergence of Identity and Data Security Creates New Attack Vectors, Netwrix Warns

A new report from Netwrix warns that the next wave of cyber threats will arise from the convergence of identity and data security. As organizations increasingly rely on automated workflows to manage data access, attackers are shifting their focus from stealing...

SoundCloud Breach Exposes Private Emails of 29.8 Million Users

A significant data breach at the music streaming service SoundCloud has resulted in the public release of a database containing the personal details of 29.8 million users. The data was leaked in January 2026 after the company reportedly refused to pay a ransom...

Article Updates

ShinyHunters Claims Breach of Crunchbase, Betterment via Okta Vishing Attacks

Update:The ShinyHunters cyber extortion group's campaign has expanded, now claiming breaches against Bumble Inc., Panera Bread Co., and Match Group Inc., in addition to previously reported incidents. Bumble confirmed a contractor's account was phished, leading to bri...