Ivanti Zero-Days Under Active Attack as Polish Energy Grid Hit by Destructive Wiper Malware
Summary
This edition covers the critical cybersecurity landscape for February 1, 2026. Dominating the headlines are two actively exploited zero-day vulnerabilities in Ivanti's EPMM, prompting an emergency CISA directive. Simultaneously, a sophisticated wiper malware attack, potentially linked to Russian state-actors like Sandworm, targeted over 30 energy facilities in Poland, aiming to disrupt critical infrastructure. Other major events include an FBI takedown of the RAMP ransomware forum, a supply chain attack compromising eScan antivirus, and an advanced vishing campaign mimicking ShinyHunters to breach SaaS platforms. These incidents highlight escalating threats against enterprise software, critical infrastructure, and the software supply chain.
Today New Articles
FBI Shuts Down RAMP, a Notorious Ransomware Recruitment and Trading Hub
In a significant blow to the ransomware ecosystem, the U.S. Federal Bureau of Investigation (FBI) has seized the RAMP (Russian Anonymous MarketPlace) forum. The Russian-language site, which operated on both the clear and dark web, was a central hub for ransomw...
Supply Chain Attack: eScan Antivirus Update Server Compromised to Distribute Malware
Indian antivirus provider eScan, a product of MicroWorld Technologies, has suffered a supply chain attack. On January 20, 2026, a regional update server was compromised, causing it to push a malicious file named 'Reload.exe' to enterprise and consumer customer...
New Iran-Linked 'RedKitten' Group Targets Human Rights NGOs with AI-Suspected Malware
A new cyber-espionage campaign by a Farsi-speaking threat actor dubbed 'RedKitten' is targeting human rights NGOs and activists documenting abuses in Iran. The campaign, observed by HarfangLab in January 2026, uses phishing emails with macro-laced Excel files...
'WhisperPair' Bluetooth Flaw Exposes Millions of Headphones and Speakers to Eavesdropping
A newly discovered vulnerability named 'WhisperPair' affects millions of Bluetooth audio devices from major brands, including Sony, JBL, and Logitech. The flaw allows a nearby attacker to bypass standard Bluetooth pairing security protocols. Successful exploit...
UStrive Mentoring Platform Exposes Data of 238,000 Users, Including Minors, via Leaky API
The non-profit mentoring platform UStrive has inadvertently exposed the sensitive personal data of over 238,000 users due to a misconfigured GraphQL API endpoint. A significant portion of the exposed user base includes minors, elevating the severity and privac...
Automated Attacks Wipe Exposed MongoDB Databases, Demanding $500 Ransom
An automated data extortion campaign is actively targeting publicly exposed and misconfigured MongoDB databases. A threat actor is systematically wiping data from these unsecured servers and leaving a ransom note demanding approximately $500 in Bitcoin for its...
Air Conditioning Giant Blue Star Discloses Data Breach Affecting Product Installation Data
Blue Star, a major Indian multinational specializing in air conditioning and commercial refrigeration, has announced it experienced a data security incident. The company reported unauthorized access to its product installation data. The breach was reported to...
Cybersecurity Risks Mount as Partial US Government Shutdown Begins
A partial U.S. government shutdown began at midnight on January 31, 2026, after funding for several federal agencies, including the Department of Homeland Security (DHS), lapsed. Security experts are warning that such shutdowns create a period of heightened cy...
Article Updates
Cognizant Sued in Class-Action Lawsuits After TriZetto Data Breach
Update:New information reveals the TriZetto data breach, which began in November 2024, was not discovered until approximately October 2025, nearly a year after the initial intrusion. This significant delay has prolonged the risk of identity theft and fraud for affect...