Daily Digest

Active Exploits Target Ivanti & Microsoft Office; Sandworm Deploys New Wiper in Poland

Active Exploits Target Ivanti & Microsoft Office; Sandworm Deploys New Wiper in Poland

January 30, 2026
6 articles (6 new)
18 min read

Summary

This cybersecurity brief for January 30, 2026, covers multiple critical threats, including actively exploited zero-day vulnerabilities in Ivanti EPMM and Microsoft Office, both requiring immediate patching. A sophisticated phishing campaign linked to the ShinyHunters alliance is targeting Okta SSO credentials at over 100 enterprises using voice phishing. Concurrently, the Sandworm threat actor has deployed a new destructive wiper, DynoWiper, against the Polish energy sector. Other major developments include a surge in DDoS attacks from new botnets, the discovery of the Sicarii ransomware operation, and a report detailing over 450,000 malicious open-source packages published in 2025.

Filter by Category

New Articles (6)

CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

CRITICAL

Ivanti Issues Emergency Patches for Two Critical, Actively Exploited RCE Vulnerabilities in Endpoint Manager Mobile (EPMM)

Ivanti has released urgent security patches for two critical remote code execution (RCE) vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting its Endpoint Manager Mobile (EPMM) solution, formerly MobileIron Core. Both flaws are rated 9.8 out of 10 on the CVSS scale and are confirmed to be actively exploited in the wild as zero-days. An unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on an affected appliance, granting them access to sensitive mobile device management data. Given the active exploitation, administrators are urged to apply the temporary RPM script patches immediately while awaiting a permanent fix in the upcoming version 12.8.0.0.

January 30, 2026
5 min read
Zero-DayRCERemote Code ExecutionMobileIronMDM +2 more
CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

Novel Phishing Attack Abuses Vercel and Telegram to Deliver RATs

MEDIUM

Phishing Campaign Abuses Trusted Vercel Domains and Telegram for Evasive RAT Delivery

A novel phishing campaign, observed between November 2025 and January 2026, is abusing trusted `*.vercel.app` domains to bypass email security filters and deliver malware. The attack, detailed by Cloudflare, uses financial lures like fake invoices to trick victims into clicking. A unique feature is its Telegram-gated payload delivery, which requires interaction with a Telegram bot to receive the final payload. This technique effectively filters out automated sandboxes and security researchers, ensuring the malware is only delivered to genuine targets. The campaign's ultimate goal is to install GoTo Resolve, a legitimate remote access tool, which is then abused by attackers for persistent access and control.

January 30, 2026
5 min read
PhishingRATEvasionVercelTelegram +2 more
Novel Phishing Attack Abuses Vercel and Telegram to Deliver RATs

New 'Sicarii Ransomware' RaaS Emerges, Targeting U.S. Manufacturing

HIGH

New 'Sicarii Ransomware' Ransomware-as-a-Service (RaaS) Operation Identified

A new ransomware-as-a-service (RaaS) operation named 'Sicarii Ransomware' has been discovered by researchers at CYFIRMA. Active since late 2025, the group is targeting the manufacturing sector in the United States. The malware encrypts victim files using AES-GCM and appends a '.sicarii' extension to them. In addition to encryption, the malware is capable of collecting system information and credentials from infected hosts, suggesting a double-extortion tactic may be part of their playbook. Tactical recommendations to defend against this threat include enhanced monitoring, maintaining offline backups, and strengthening network segmentation.

January 30, 2026
5 min read
RansomwareRaaSDouble ExtortionManufacturingAES-GCM
New 'Sicarii Ransomware' RaaS Emerges, Targeting U.S. Manufacturing

Industry Responds to Threats with New Tools for Supply Chain, AI, and Malware Analysis

INFORMATIONAL

Security Vendors Launch New Products for Supply Chain Security, AI-Driven Attacks, and Malware Analysis

In response to the evolving threat landscape, several cybersecurity firms have launched new products in January 2026. SpyCloud has released its Supply Chain Threat Protection solution to address identity threats within vendor ecosystems. Vectra AI has enhanced its platform to specifically counter attacks that leverage AI, focusing on the AI attack lifecycle. Additionally, Booz Allen Hamilton has made its Vellox Reverser tool generally available, aiming to accelerate malware reverse engineering and threat intelligence analysis for cyber defenders. These releases highlight key areas of focus for the industry: securing the supply chain, defending against AI-powered threats, and speeding up incident analysis.

January 30, 2026
4 min read
Cybersecurity ProductsSupply Chain SecurityAI SecurityMalware AnalysisReverse Engineering +1 more
Industry Responds to Threats with New Tools for Supply Chain, AI, and Malware Analysis

Global Phishing Campaign Lures Victims with Fake Job Offers

MEDIUM

Widespread Phishing Campaign Impersonates Employers with Fake Job Offers to Steal Credentials

A multi-lingual phishing campaign is targeting job seekers across the United States, United Kingdom, France, Italy, and Spain. According to research from Bitdefender, attackers are impersonating well-known employers and staffing companies, sending emails with fake job offers that promise easy work and fast interviews. The messages are tailored to the recipient's language and location. When a victim clicks a link in the email, they are taken to a credential harvesting webpage designed to steal personal data and login information. This campaign capitalizes on social engineering tactics that prey on individuals' career aspirations.

January 30, 2026
4 min read
PhishingSocial EngineeringCredential HarvestingRecruitmentIdentity Theft
Global Phishing Campaign Lures Victims with Fake Job Offers

Apple Boosts Privacy in iOS 26.3 with 'Limit Precise Location' Feature

INFORMATIONAL

Apple Enhances Location Privacy in iOS 26.3 Update with 'Limit Precise Location' Setting

Apple has introduced a new privacy feature called 'limit precise location' in its iOS 26.3 update. This setting is designed to give users more control over their data by reducing the precision of location information shared with cellular networks. While carriers still receive location data for operational purposes, the feature prevents them from obtaining a user's exact, fine-grained location, making it more difficult to track their precise movements. This update is part of a broader industry trend toward providing users with more granular privacy controls and addressing concerns about location tracking by mobile carriers.

January 30, 2026
3 min read
AppleiOSPrivacyLocation TrackingMobile Security +1 more
Apple Boosts Privacy in iOS 26.3 with 'Limit Precise Location' Feature

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.